SQL查询在一个参数中给出错误的输出

时间:2019-08-02 07:22:39

标签: php mysql sql mysqli

我在PHP中使用sql语句从服务器数据库获取结果。 查询执行正常,但是从SQL语句中的参数之一( cardName ),查询结果出错。

搜索测试用例结果:

  • IF (cardNumber ='',cardName!=空,cardOwner ='') Result => 返回表中的所有记录,无论cardName值是否存在于数据库中。

  • IF cardName +(cardNumber OR cardOwner)搜索过滤器 结果=> 返回的记录超过实际预期。

  • IF cardNumber,CardName和cardOwner都不为空 在所有情况下显示的 Result => 准确结果

  • cardNumber和cardOwner在所有经过测试的方案中(除非与cardName结合使用)都能给出正确的结果

数据获取和搜索代码 

cancel

数据输出代码 

    /*...........Get Values............*/

    if($_POST['srch_cardNumber_txt']){
        $cardNumber = $_POST['srch_cardNumber_txt'];
    }
    else{$cardNumber="";}

    if($_POST['srch_cardName_txt']){
        $cardName = $_POST['srch_cardName_txt'];            // _/
    }
    else{$cardName = "";}                                   // _/

    if($_POST['srch_cardOwner_txt']){
        $cardOwner = $_POST['srch_cardOwner_txt'];
    }
    else{ $cardOwner="";}

    echo "Filters:: Card Number: ".$cardNumber." -- Card Name: ".$cardName.
        " -- Card Owner: ".$cardOwner."<br>";

 if(!empty($cardName) or !empty($cardNumber) or !empty($cardOwner)  ){
    include_once("db_connect.php");

     if ( mysqli_connect_error()){
         die('Connect Error('.mysqli_connect_errno().')'.mysqli_connect_error());
         }

         else{
                 //.............Search Pseudo Code........
/*                      SELECT *        
                         FROM Table
                         WHERE (f1  = '' or c1 = f1)
                           AND (f2  = '' or c2 = f2)
                           AND (f3 = '' or c3 = f3)
                           AND (f4 = '' or c4= f4)
*/

                 $SELECT = "SELECT *
                                FROM cards
                                WHERE (? = '' or cardNumber = ? )
                                    AND (? = '' or cardName = ? )
                                    AND (? = '' or cardOwner = ? )
                                ";
                                                        /*ERROR: Searching only cardName returns all cards data - cardName filter can work in combination with additional filters*/


                // if All values are equal to null, then  retrun false / end search
                if($cardName ='' AND $cardNumber ='' AND $cardOwner='')
                {
                    echo "Search fields are all empty<br>";s
                    return False;
                }
                 //.........Prepare statement.....
                 $stmt = $conn->prepare($SELECT);
                 $stmt->bind_param("iissss",$cardNumber,$cardNumber,$cardName,$cardName,$cardOwner, $cardOwner);            //Works with HardCoded cardName value
                 $stmt-> execute();
                 $stmt->store_result();
                 $rnum = $stmt->num_rows;

                 if($rnum == 0){
                     $stmt->close();                     
                     echo "No card records found on given search inputs <br>";                   
                     }
                     else {                      
                         $stmt->bind_result($cardNumber,$cardName,$cardOwner);                       
                     }
//                  $conn->close();
             }   
     }
     else {
         echo "no data entered for search";
         die();
         }       

?>

数据图像

https://imgur.com/a/xBztII5

1 个答案:

答案 0 :(得分:0)

48行后出现错误:

if($cardName ='' AND $cardNumber ='' AND $cardOwner='')
{
    echo "Search fields are all empty<br>";s
    return False;
}

您正在检查值,而不是设置。使用双等于(==)。 应该是:

if ($cardName =='' AND $cardNumber =='' AND $cardOwner=='') {
    echo "Search fields are all empty<br>";
    exit;
}
相关问题
最新问题