我正在尝试使用PHP构建一个简单的高级搜索,但我不明白为什么它不能获取任何结果!它也没有显示任何错误!
我正在搜索未设置的所有条件,所以它会是这样的:
SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview
FROM alreemisland
WHERE price BETWEEN 0 AND 10000000
and type like '%'
and status_prop like '%'
and bedrooms BETWEEN 0 and 9
and bathrooms BETWEEN 0 and 9
我得到了正确的信息,所以它必须与我的代码有关!
这是我的代码:
$type_search_final=mysqli_real_escape_string($con,$_POST['type_search']);
$status_prop_final=mysqli_real_escape_string($con,$_POST['status_prop']);
$min_bedrooms_final=mysqli_real_escape_string($con,$_POST['min_bedrooms']);
$min_bathrooms_final=mysqli_real_escape_string($con,$_POST['min_bathrooms']);
$min_price_final=mysqli_real_escape_string($con,$_POST['min_price']);
$max_price_final=mysqli_real_escape_string($con,$_POST['max_price']);
//============ For Pagination ============
if($type_search_final){
$query_type_search_final .= "type LIKE '$type_search_final'";
}
else {$query_type_search_final = "type LIKE '%'";}
if($status_prop_final){
$query_status_prop_final .= "status_prop LIKE '$status_prop_final'";
}
else {$query_status_prop_final = "status_prop LIKE '%'";}
if($min_bedrooms_final){
$query_min_bedrooms_final .= "bedrooms BETWEEN $min_bedrooms_final and 9'";
}
else {$query_min_bedrooms_final = "bedrooms BETWEEN 0 and 9";}
if($min_bathrooms_final){
$query_min_bathrooms_final .= "bathrooms BETWEEN $min_bathrooms_final and 9'";
}
else {$query_min_bathrooms_final = "bathrooms BETWEEN 0 and 9";}
$sql_search= "SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview FROM $from_section WHERE price BETWEEN $min_price_final AND $max_price_final and ? and ? and ? and ? order by id desc";
$stmt_search = mysqli_stmt_init ($con);
if (!mysqli_stmt_prepare($stmt_search,$sql_search)) {
echo "SQL FAILED";
}
else {
mysqli_stmt_bind_param($stmt_search, "ssss", $query_type_search_final,$query_status_prop_final,$query_min_bedrooms_final,$query_min_bathrooms_final);
mysqli_stmt_execute($stmt_search);
mysqli_stmt_store_result($stmt_search);
mysqli_stmt_bind_result($stmt_search, $id,$img_url1,$price,$type,$status_prop,$title,$bedrooms,$bathrooms,$garages,$sqft,$address,$description_preview);
$count_search = mysqli_stmt_num_rows($stmt_search);
}
$row_search= mysqli_stmt_fetch($stmt_search);
echo $row_search['img_url1'];
实际上,我一直在互联网上搜索,这不是懒惰 并尝试了一切,但我不能让它工作。我知道我失踪了 但是我几个小时都不知道。所以,如果第二只眼睛可以看到 我看不到的地方,并指出我错过的地方,我会非常感激。
编辑:我更新了我的代码但仍然没有结果!
$where = "price BETWEEN $min_price_final AND $max_price_final";
if($type_search_final){
$where .= " and type LIKE $type_search_final";
}
if($status_prop_final){
$where .= " and status_prop LIKE $status_prop_final'";
}
if($min_bedrooms_final){
$where .= " and bedrooms BETWEEN $min_bedrooms_final and 9'";
}
if($min_bathrooms_final){
$where .= " and bathrooms BETWEEN $min_bathrooms_final and 9'";
}
$sql_search= "SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview FROM $from_section where ? order by id desc";
$stmt_search = mysqli_stmt_init ($con);
if (!mysqli_stmt_prepare($stmt_search,$sql_search)) {
echo "SQL FAILED";
}
else {
mysqli_stmt_bind_param($stmt_search, "s", $where);
mysqli_stmt_execute($stmt_search);
mysqli_stmt_store_result($stmt_search);
mysqli_stmt_bind_result($stmt_search, $id,$img_url1,$price,$type,$status_prop,$title,$bedrooms,$bathrooms,$garages,$sqft,$address,$description_preview);
$count_search = mysqli_stmt_num_rows($stmt_search);
}
$row_search= mysqli_stmt_fetch($stmt_search);
echo $row_search['img_url1'];
更新 - 现在有效......这是最终代码:
$where = "price BETWEEN ? AND ?";
$params[] = $min_price_final;
$params[] = $max_price_final;
$type_string = "ss";
if($type_search_final){
$where .= " and type LIKE ?";
$params[] = $type_search_final;
$type_string .="s";
}
if($status_prop_final){
$where .= " and status_prop LIKE ?";
$params[] = $status_prop_final;
$type_string .="s";
}
if($min_bedrooms_final){
$where .= " and bedrooms BETWEEN ? and 9'";
$params[] = $min_bedrooms_final;
$type_string .="s";
}
if($min_bathrooms_final){
$where .= " and bathrooms BETWEEN ? and 9";
$params[] = $min_bathrooms_final;
$type_string .="s";
}
$sql_search= "SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview
FROM $from_section
where $where
order by id desc";
$stmt_search = mysqli_stmt_init ($con);
if (!mysqli_stmt_prepare($stmt_search,$sql_search)) {
echo "SQL FAILED";
}
else {
mysqli_stmt_bind_param($stmt_search,$type_string, ...$params);
mysqli_stmt_execute($stmt_search);
mysqli_stmt_store_result($stmt_search);
mysqli_stmt_bind_result($stmt_search, $id,$img_url1,$price,$type,$status_prop,$title,$bedrooms,$bathrooms,$garages,$sqft,$address,$description_preview);
$count_search = mysqli_stmt_num_rows($stmt_search);
}
$row_search= mysqli_stmt_fetch($stmt_search);
echo $img_url1.'<br>'.$type_string;
UPDATE#2:我在最后两个条件下错过了整数类型,我错过了类型(')接近9
$where = "price BETWEEN ? AND ?";
$params[] = $min_price_final;
$params[] = $max_price_final;
$type_string = "ss";
if($type_search_final){
$where .= " and type LIKE ?";
$params[] = $type_search_final;
$type_string .="s";
}
if($status_prop_final){
$where .= " and status_prop LIKE ?";
$params[] = $status_prop_final;
$type_string .="s";
}
if($min_bedrooms_final){
$where .= " and bedrooms BETWEEN ? and 9";
$params[] = $min_bedrooms_final;
$type_string .="i";
}
if($min_bathrooms_final){
$where .= " and bathrooms BETWEEN ? and 9";
$params[] = $min_bathrooms_final;
$type_string .="i";
}
$sql_search= "SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview
FROM $from_section
where $where
order by id desc";
$stmt_search = mysqli_stmt_init ($con);
if (!mysqli_stmt_prepare($stmt_search,$sql_search)) {
echo "SQL FAILED";
}
else {
mysqli_stmt_bind_param($stmt_search,$type_string, ...$params);
mysqli_stmt_execute($stmt_search);
mysqli_stmt_store_result($stmt_search);
mysqli_stmt_bind_result($stmt_search, $id,$img_url1,$price,$type,$status_prop,$title,$bedrooms,$bathrooms,$garages,$sqft,$address,$description_preview);
$count_search = mysqli_stmt_num_rows($stmt_search);
}
$row_search= mysqli_stmt_fetch($stmt_search);
echo $img_url1.'<br>'.$type_string;
答案 0 :(得分:0)
占位符?将替换为绑定值并进行转义。所以你的
mysqli_stmt_bind_param($stmt_search, "s", $where);
只是将SQL作为字符串绑定,而不是作为SQL绑定。您需要为每个值使用占位符,然后绑定每个值。
现在写的查询大致会出现:
SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview
FROM SomeTable
where 'price BETWEEN \'somevalue\' AND \'some other value\'' order by id desc
所以你应该这样做:
$where = "price BETWEEN ? AND ?";
$params[] = $min_price_final;
$params[] = $max_price_final;
if($type_search_final){
$where .= " and type LIKE ?";
$params[] = $type_search_final;
}
if($status_prop_final){
$where .= " and status_prop LIKE ?";
$params[] = $status_prop_final;
}
if($min_bedrooms_final){
$where .= " and bedrooms BETWEEN ? and 9'";
$params[] = $min_bedrooms_final;
}
if($min_bathrooms_final){
$where .= " and bathrooms BETWEEN ? and 9";
$params[] = $min_bathrooms_final;
}
$sql_search= "SELECT id,img_url1,price,type,status_prop,title,bedrooms,bathrooms,garages,sqft,address,LEFT(description, 215) AS description_preview
FROM $from_section
where $where
order by id desc";
您应该为$from_section使用白名单,因此它也是安全的。您无法绑定列/表。
然后您只需要绑定所有$params值。使用PDO,这只是execute($params),而mysqli则更复杂。
也许这个线程对动态绑定很有用How to bind mysqli bind_param arguments dynamically in PHP?。