我正在使用此搜索引擎,该搜索引擎只应搜索我的内容,但在搜索结果中,它还会搜索其他用户的私有内容。 PHP新手,需要帮助!谢谢!
$sql = "SELECT client_visit.why, client_names.client_name,
client_names.client_id, client_visit.notes,
client_visit.date_time, client_visit.v_id FROM
client_visit LEFT JOIN client_names ON
client_visit.client_is = client_names.client_id
WHERE client_visit.user_id = '$pid'
AND client_visit.why_visit LIKE '%$q%'
OR client_visit.field1 LIKE '%$q%'
OR client_visit. field2 LIKE '%$q%'
OR client_visit. field3 LIKE '%$q%'
AND client_visit. field4 LIKE '%$q%'
OR client_visit. field5 LIKE '%$q%'
OR client_visit.v_notes LIKE '%$q%'
OR client_visit.date_time LIKE '%$q%'
OR client_names.client_name LIKE '%$q%'
ORDER BY client_visit.id DESC LIMIT $start, $limit";
答案 0 :(得分:2)
将您的逻辑分组到括号中,因此查询确实按照您的想法进行。
WHERE client_visit.user_id = '$pid'
AND
(
client_visit.why_visit LIKE '%$q%'
OR client_visit.field1 LIKE '%$q%'
OR client_visit. field2 LIKE '%$q%'
OR client_visit. field3 LIKE '%$q%'
)
AND
(
client_visit. field4 LIKE '%$q%'
OR client_visit. field5 LIKE '%$q%'
OR client_visit.v_notes LIKE '%$q%'
OR client_visit.date_time LIKE '%$q%'
OR client_names.client_name LIKE '%$q%'
)
另一方面,我希望你的数据被转义。如果没有,你想把它放在$sql = ...
之前,给它一些保护。
$pid = (int) $pid;
$q = mysql_real_escape_string($q);
$start = (int) $start;
$limit = (int) $limit;
答案 1 :(得分:1)
试试这个:
$sql = "SELECT client_visit.why, client_names.client_name,
client_names.client_id, client_visit.notes,
client_visit.date_time, client_visit.v_id
FROM client_visit
LEFT JOIN client_names ON client_visit.client_is = client_names.client_id
WHERE ( client_visit.user_id = '$pid' )
AND
( client_visit.why_visit LIKE '%$q%'
OR client_visit.field1 LIKE '%$q%'
OR client_visit. field2 LIKE '%$q%'
OR client_visit. field3 LIKE '%$q%'
AND client_visit. field4 LIKE '%$q%'
OR client_visit. field5 LIKE '%$q%'
OR client_visit.v_notes LIKE '%$q%'
OR client_visit.date_time LIKE '%$q%'
OR client_names.client_name LIKE '%$q%'
)
ORDER BY client_visit.id DESC LIMIT $start, $limit";
使用括号对条件进行分组。