Question

我试图找出3个字段的搜索。如果我只填写1个字段，那么数据应该搜索，如果我将填写2列，那么数据应该搜索。当数据从任何场景中搜索时，帮助我找出错误的地方。

以下是我使用的代码，但它不起作用： -

  $query = "";
$keyword = $_REQUEST['sports'];
$country = $_REQUEST['city'];
$category = $_REQUEST['code'];
if(isset($keyword)){//if keyword set goes here

   $query = "SELECT * FROM event WHERE sports LIKE '%$keyword%' OR postelcode LIKE '%$keyword%' OR city LIKE '%$keyword%'";

   if(isset($category)){
     $query = "AND postelcode LIKE '$category'";
   }
   if(isset($country)){
     $query  = "AND city LIKE '$country'";
   }
}else if (isset($category)){ //if keyword not set but category set then goes here
  $query = "SELECT * FROM event WHERE postelcode LIKE '$category'";
  if(isset($country)){
    $query  = "AND city LIKE '$country'";
  }
}else if(isset($country)){//if only country set goes here
  $query = "SELECT * FROM event WHERE city LIKE '$country'";
}


      $result1 = mysqli_query($conn, $query);
      if (mysqli_num_rows($result1) > 0) 
      {
      // output data of each row
      while($row = mysqli_fetch_assoc($result1)) 
      {
      ?>     <ul>
                        <li>Contact Email :-   <?php echo $email;  ?></li>
                        <li>Sports        :-   <?php echo $row["sports"];  ?></li>
                    </ul>

                  <?php
        }
} 


?>

Answer 1

$query = "AND postelcode LIKE '$category'";是替换您的查询的逻辑。如果您要为WHERE子句添加条件，则需要使用.=附加到它。尝试向查询添加AND逻辑的每个实例都需要附加到您的选择查询，而不是替换它。

Answer 2

您正在为要添加的每个条件替换$query变量值。

使用.=运算符将新的where子句附加到上一个查询字符串。

另外，我做了一些其他更改，通过将isset设置为Request变量并将where子句变量的isset替换为！empty，使代码免受错误的影响，因为您已经在代码的开头定义了所有变量。所以isset()永远都是真的。

$query = "";
$keyword = isset($_REQUEST['sports']) ? $_REQUEST['sports'] : '';   //Checking if parameter is passed
$country = isset($_REQUEST['city']) ? $_REQUEST['city'] : '' ;  //Checking if parameter is passed
$category = isset($_REQUEST['code']) ? $_REQUEST['code'] : '';  //Checking if parameter is passed
if(!empty($keyword)){//if keyword set goes here

   $query = "SELECT * FROM event WHERE sports LIKE '%$keyword%' OR postelcode LIKE '%$keyword%' OR city LIKE '%$keyword%'";

   if(!empty($category)){
     $query .= " AND postelcode LIKE '$category'";  // Added space before AND
   }
   if(!empty($country)){
     $query  .= " AND city LIKE '$country'";    // Added space before AND
   }
}else if (!empty($category)){ //if keyword not set but category set then goes here
  $query = "SELECT * FROM event WHERE postelcode LIKE '$category'";
  if(!empty($country)){
    $query  .= " AND city LIKE '$country'"; // Added space before AND
  }
}
if(isset($country)){//UPDATED THIS CONDITION: if only country set goes here
  $query = "SELECT * FROM event WHERE city LIKE '$country'";
}


      $result1 = mysqli_query($conn, $query);
      if (mysqli_num_rows($result1) > 0) 
      {
      // output data of each row
      while($row = mysqli_fetch_assoc($result1)) 
      {
      ?>     <ul>
                        <li>Contact Email :-   <?php echo $email;  ?></li>
                        <li>Sports        :-   <?php echo $row["sports"];  ?></li>
                    </ul>

                  <?php
        }
}

Answer 3

删除了不需要的if块和不恰当的字符串连接(subsequent $query =".."; $query =".."; $query =".."; )，它们只覆盖了$query的先前值。

使用.=运算符组合字符串 - 例如 - $query = "text1 "; $query .= "text2 "; $query .= "text3"; - 结果为 - $query = "text1 text2 text3";

还适当启动变量（$keyword, $country and $category）以防止通知错误。另外 mysqli_real_escape_string（）对变量进行防止sql注入攻击。

以下代码使用mysql OR condition返回与任何搜索字段匹配的记录。

更新代码：

$query = "";
$keyword = mysqli_real_escape_string($conn, ((isset($_REQUEST['sports']) AND $_REQUEST['sports'] != "" )? "%{$_REQUEST['sports']}%" : ''));
$country = mysqli_real_escape_string($conn, ((isset($_REQUEST['city']) AND $_REQUEST['city'] != "" )? "%{$_REQUEST['city']}%" : ''));
$category = mysqli_real_escape_string($conn, ((isset($_REQUEST['code']) AND $_REQUEST['code'] != "" ) ? "%{$_REQUEST['code']}%" : ''));


if($keyword!="" OR $country!="" OR $category!=""){
   $query = "SELECT * FROM event WHERE sports LIKE '$keyword' OR postelcode LIKE '$category' OR city LIKE '$country'";

   $result1 = mysqli_query($conn, $query);

    if (mysqli_num_rows($result1) > 0) {
        while($row = mysqli_fetch_assoc($result1)) {
      ?>     
           <ul>
            <li>Contact Email :-   <?php echo $email;  ?></li>
            <li>Sports        :-   <?php echo $row["sports"];  ?></li>
           </ul>
       <?php
        }
    } 
}

以下代码搜索所有列，并使用mysql AND condition返回与所有搜索字段匹配的记录。

替代代码：

$query = "";
$keyword = mysqli_real_escape_string($conn, ((isset($_REQUEST['sports']) AND $_REQUEST['sports'] != "" )? "%{$_REQUEST['sports']}%" : ''));
$country = mysqli_real_escape_string($conn, ((isset($_REQUEST['city']) AND $_REQUEST['city'] != "" )? "%{$_REQUEST['city']}%" : ''));
$category = mysqli_real_escape_string($conn, ((isset($_REQUEST['code']) AND $_REQUEST['code'] != "" ) ? "%{$_REQUEST['code']}%" : ''));


if($keyword!="" OR $country!="" OR $category!=""){
   $query = "SELECT * FROM event WHERE ";

   if($keyword!="") {
       $query .=  "sports LIKE '$keyword'";
   }

   if($category!="") {
       if($keyword!=""){
           $query .= " AND "
       }
       $query .= "postelcode LIKE '$category'";
   }

   if($county!="") {
        if($keyword!="" OR $category!="") {
            $query .= " AND "
        }
        $query .=  " city LIKE '$country'";
   }

   $result1 = mysqli_query($conn, $query);

    if (mysqli_num_rows($result1) > 0) {
        while($row = mysqli_fetch_assoc($result1)) {
      ?>     
           <ul>
            <li>Contact Email :-   <?php echo $email;  ?></li>
            <li>Sports        :-   <?php echo $row["sports"];  ?></li>
           </ul>
       <?php
        }
    } 
}

查询以找出高级搜索选项

3 个答案: