在日期的2个日期之间搜索以及文本搜索查询

时间:2018-04-30 15:33:27

标签: php mysql

我一直在寻找解决方案,我对PHP很新,虽然我看过,似乎没有一个解决方案可以帮助进行数据格式化。

我并不太关心SQL注入和安全性,因为它是一个分配交付,只是关于如何获得我需要的结果的一些建议。

我有一个页面,我想在数据库中搜索关键字,但也可选我想添加时间范围搜索。

例如,我可以通过使用文本搜索来搜索姓名,医生,病情和药物,但我也可以选择(因为我希望能够在不使用日期限制的情况下进行搜索),比如使用搜索appdatefrom和适用于缩小预约日期。

我遇到错误

  

SQL错误:SQL语法中有错误;检查与您的MariaDB服务器版本相对应的手册,以便在'WHERE visitdate BETWEEN'2001-01-01'和'2015-01-01'ORDDER BY visitdate ASC'第5行附近使用正确的语法

目前在数据库中,我的访问日期格式为2014-04-20 01:23:43

由于TIMESTAMP格式的时间,我发现很难做到。

数据库如下所示。出于某种原因,我无法通过XAMP获得良好的ERD?所以我创造了一个。

Visit Table Schema

Database Schema

页面的代码如下。 

    <?php // Include config file
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/config.php");
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/functions.php");
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/header.php");

$sql  = "SELECT patient.fName AS fname, patient.sName AS surname, doctor.sName AS doc, conditions.con_name AS con, drugs.medication AS meds, visit.visitdate, visit.visit_id AS visitid  FROM visit 
            JOIN patient ON visit.patient_id = patient.patient_id
            JOIN doctor ON visit.doctor_id = doctor.doctor_id
            LEFT JOIN conditions ON visit.con_id = conditions.con_id
            LEFT JOIN drugs ON visit.drugs_id = drugs.med_id";

if (isset($_POST['search'])) {

$search_term = ($_POST['searchapp']);
$appdatefrom = ($_POST['appdatefrom']);
$appdateto = ($_POST['appdateto']);

$sql .= " WHERE patient.fName LIKE '%".$search_term."%'";
$sql .= " OR patient.sName LIKE '%".$search_term."%'";
$sql .= " OR doctor.sName LIKE '%".$search_term."%'";
$sql .= " OR conditions.con_name LIKE '%".$search_term."%'";
$sql .= " OR drugs.medication LIKE '%".$search_term."%'";
$sql .= " WHERE visitdate BETWEEN '".$appdatefrom."' and '".$appdateto."'";
$sql .= " ORDER BY visitdate ASC";
}

$query = mysqli_query($db, $sql);

if (!$query) {
  die ('SQL Error: ' . mysqli_error($db));
  }

?>

<body>
<div class="container"><br><br>
<?php include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/logo.html"); ?>

  <h2>APPOINTMENTS</h2>

  <p>Search Recent Appointments:</p>      

    <form name="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
                    <div class="form-group row">
                    <div class="col-xs-4">
                            <label>Search for Patient, Doctor, Medication or Condition</label> 
                            <input type="text"  class="form-control" name="searchapp" placeholder="Example. Dr Mears, Tonsillitis, Vimovo, Andrew" required><br>
                    </div>   
                    <div class="col-xs-4">                         
                            <label>Date From:</label> 
                            <input type="date"  class="form-control" name="appdatefrom"><br>
                    </div>   
                    <div class="col-xs-4"> 
                            <label>Date To:</label> 
                            <input type="date"  class="form-control" name="appdateto"><br> 
                    </div>   
                    <div class="col-xs-4">                            
                            <input type="submit" class="btn btn-primary" name="search" value="Submit">
                            <span class="help-block"></span>
                            </div>
                        </div>      



  <table class="table table-striped">
  <thead>
      <tr>
        <th>Patient Name</th>
        <th>Doctor</th>
        <th>Condition</th>
        <th>Medication Prescribed</th>
        <th>Visit ID</th>
        <th>Date</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
    <?php
        $no     = 1;
        $total  = 0;
        while ($row = mysqli_fetch_array($query)) 
        {
            echo '<tr>
                    <td>'.$row['fname']." ".$row['surname'].'</td> 
                    <td>'."Dr ".$row['doc'].'</td> 
                    <td>'.$row['con'].'</td> 
                    <td>'.$row['meds'].'</td> 
                    <td>'.$row['visitid'].'</td>
                    <td>'.$row['visitdate'].'</td>
                    <td><a href="viewapp.php?id='.($row['visitid']).'" class="btn btn-warning pull-right btn-xs">View</a></td> 
                    <td><a href="delapp.php?id='.($row['visitid']).'" class="btn btn-danger pull-right btn-xs">Delete</a></td>
                    </tr>';    
            $no++;
        }?>
    </tbody>
  </table>
  <a href="newapp.php" class="btn btn-success pull-left">New Appointment</a>
  <a href="" class="btn btn-info pull-left">Refesh</a>
  <a href="../" class="btn btn-info pull-right">Admin Area</a>
</div>
<div class="bottompadding"></div>
<?php include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/footer.php"); ?>
</body>
</html>

在查看给出的答案后,在代码中添加括号使其无法正常工作,它目前是这样工作但没有日期搜索?

这是该网站目前的样子。当我输入我的姓氏时,它会显示我的结果,但如果我想在两个日期之间进行搜索,它就不会做任何事情。 Screen Capture 

<?php // Include config file
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/config.php");
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/functions.php");
include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/header.php");

$sql  = "SELECT patient.fName AS fname, patient.sName AS surname, doctor.sName AS doc, conditions.con_name AS con, drugs.medication AS meds, visit.visitdate, visit.visit_id AS visitid  FROM visit 
            JOIN patient ON visit.patient_id = patient.patient_id
            JOIN doctor ON visit.doctor_id = doctor.doctor_id
            LEFT JOIN conditions ON visit.con_id = conditions.con_id
            LEFT JOIN drugs ON visit.drugs_id = drugs.med_id";

if (isset($_POST['search'])) {

$search_term = ($_POST['searchapp']);
$appdatefrom = ($_POST['appdatefrom']);
$appdateto = ($_POST['appdateto']);

$sql .= " WHERE patient.fName LIKE '%".$search_term."%'";
$sql .= " OR patient.sName LIKE '%".$search_term."%'";
$sql .= " OR doctor.sName LIKE '%".$search_term."%'";
$sql .= " OR conditions.con_name LIKE '%".$search_term."%'";
$sql .= " OR drugs.medication LIKE '%".$search_term."%'";
$sql .= " AND visitdate BETWEEN '".$appdatefrom."' and '".$appdateto."'";
$sql .= " ORDER BY visitdate ASC";
}

$query = mysqli_query($db, $sql);

if (!$query) {
  die ('SQL Error: ' . mysqli_error($db));
  }

?>

<body>
<div class="container"><br><br>
<?php include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/logo.html"); ?>

  <h2>APPOINTMENTS</h2>

  <p>Search Recent Appointments:</p>      

    <form name="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
                    <div class="form-group row">
                    <div class="col-xs-4">
                            <label>Search for Patient, Doctor, Medication or Condition</label> 
                            <input type="text"  class="form-control" name="searchapp" placeholder="Example. Dr Mears, Tonsillitis, Vimovo, Andrew" required><br>
                    </div>   
                    <div class="col-xs-4">                         
                            <label>Date From:</label> 
                            <input type="date"  class="form-control" name="appdatefrom"><br>
                    </div>   
                    <div class="col-xs-4"> 
                            <label>Date To:</label> 
                            <input type="date"  class="form-control" name="appdateto"><br> 
                    </div>   
                    <div class="col-xs-4">                            
                            <input type="submit" class="btn btn-primary" name="search" value="Submit">
                            <span class="help-block"></span>
                            </div>
                        </div>      



  <table class="table table-striped">
  <thead>
      <tr>
        <th>Patient Name</th>
        <th>Doctor</th>
        <th>Condition</th>
        <th>Medication Prescribed</th>
        <th>Visit ID</th>
        <th>Date</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
    <?php
        $no     = 1;
        $total  = 0;
        while ($row = mysqli_fetch_array($query)) 
        {
            echo '<tr>
                    <td>'.$row['fname']." ".$row['surname'].'</td> 
                    <td>'."Dr ".$row['doc'].'</td> 
                    <td>'.$row['con'].'</td> 
                    <td>'.$row['meds'].'</td> 
                    <td>'.$row['visitid'].'</td>
                    <td>'.$row['visitdate'].'</td>
                    <td><a href="viewapp.php?id='.($row['visitid']).'" class="btn btn-warning pull-right btn-xs">View</a></td> 
                    <td><a href="delapp.php?id='.($row['visitid']).'" class="btn btn-danger pull-right btn-xs">Delete</a></td>
                    </tr>';    
            $no++;
        }?>
    </tbody>
  </table>
  <a href="newapp.php" class="btn btn-success pull-left">New Appointment</a>
  <a href="" class="btn btn-info pull-left">Refesh</a>
  <a href="../" class="btn btn-info pull-right">Admin Area</a>
</div>
<div class="bottompadding"></div>
<?php include("$_SERVER[DOCUMENT_ROOT]/freddies/inc/footer.php"); ?>
</body>
</html>

1 个答案:

答案 0 :(得分:2)

每个查询只能有一个WHERE子句。如果要将日期范围与搜索结合使用,请使用带括号的OR条件的AND。

$sql .= " WHERE visitdate BETWEEN '".$appdatefrom."' and '".$appdateto."'";
$sql .= " AND (patient.fName LIKE '%".$search_term."%'";
$sql .= " OR patient.sName LIKE '%".$search_term."%'";
$sql .= " OR doctor.sName LIKE '%".$search_term."%'";
$sql .= " OR conditions.con_name LIKE '%".$search_term."%'";
$sql .= " OR drugs.medication LIKE '%".$search_term."%')";
$sql .= " ORDER BY visitdate ASC";

使用括号将指定将a AND b OR c OR d评估为a AND (b OR c OR d)而不是(a AND b) OR c OR d

相关问题
最新问题