【问题标题】:How to prevent a database search from running on an empty string?如何防止数据库搜索在空字符串上运行?
【发布时间】:2018-04-25 18:44:36
【问题描述】:

使用我当前的代码,当我在搜索输入字段中输入一个空字符串或一个空格的字符串时,我会得到数据库中的每个项目作为结果。我怎样才能使它在输入空字符串时不运行搜索?

    <form action="search.php" method="POST">
        <input type="text" name="search" placeholder="search site">
        <button type="submit" name="submit-search"><img src="../assets/search icon-05.png"></button>
    </form>



    <?php
        if (isset($_POST['submit-search'])){
            $search = mysqli_real_escape_string($conn, $_POST['search']);
            $sql = "SELECT * FROM articles WHERE title LIKE '%$search%' OR abstract LIKE '%$search%' OR keywords LIKE '%$search%'";
            $result = mysqli_query($conn, $sql);
            $queryResult = mysqli_num_rows($result);

            if ($queryResult > 0){
                echo $queryResult . " results found";

                while ($row = mysqli_fetch_assoc($result)){
                    echo "<div class='articleItem'>
                        <h2>".$row['title']."</h2>
                        <p>".$row['abstract']."</p>
                        <a href=".$row['link']." target='_blank'>".$row['link']."</a>
                    </div>";
                }
            }
            else {
                echo "There are no results matching your search.";
            }
        }
    ?>

【问题讨论】:

  • 您可以将查询和响应包装在一个条件中,检查trim($_POST['search']) 是否为空,然后在这种情况下不运行查询。

标签: php html mysql database search


【解决方案1】:

检查是否为isset,然后修剪,然后确认它仍然至少有一个字符。

if ( isset( $_POST['submit-search'] ) ) {
    $search = trim( (string) $_POST['submit-search'] );

    if ( isset( $search[0] ) ) { // Has at least one character?
        // Run query.
    }
}

如果你有 PHP 7+,这里有一个更简洁的语法。

$search = trim( (string) ( $_POST['submit-search'] ?? '' ) );

if ( isset( $search[0] ) ) { // Has at least one character?
    // Run query.
}

【讨论】:

  • 这似乎是一种迂回的检查方式。为什么不将其归结为 if ( !empty( trim( $_POST['search'] ))) 之类的东西?
  • 如果 $_POST['search'] 未定义,您的示例将引发“未定义索引”E_NOTICE 级别错误。所以最好在修剪之前检查索引是否存在。也就是说,我给出的示例可以使用任意数量的实用程序或 PHP 7 语法更简洁。
  • 我也在用(string) 进行类型转换,因为你不能假设$_POST['search'] 是一个字符串。它来自不受信任的来源。
  • 使用 empty() 函数检查它是否有一些价值
  • 我也不反对empty(),这似乎是个好主意。唯一的问题是0 无法通过,所以只需考虑一下即可。如果您希望某人能够搜索0,请检查字符串的长度,而不是“空”。 0 = 空。
【解决方案2】:

您可以使用 strlen 检查字符串长度。修剪也可用于去除白色斑点搜索。

$hasResult = false ; //default mark no result.
if (isset($_POST['submit-search']) && strlen(trim($_POST['submit-search'])) > 0) {
    $search = mysqli_real_escape_string($conn, $_POST['search']);
    $sql = "SELECT * FROM articles WHERE title LIKE '%$search%' OR abstract LIKE '%$search%' OR keywords LIKE '%$search%'";
    $result = mysqli_query($conn, $sql);
    $queryResult = mysqli_num_rows($result);

    if ($queryResult > 0) {
        $hasResult = true ;  //mark result found
        echo $queryResult . " results found";

        while ($row = mysqli_fetch_assoc($result)) {
            echo "<div class='articleItem'>
                        <h2>" . $row['title'] . "</h2>
                        <p>" . $row['abstract'] . "</p>
                        <a href=" . $row['link'] . " target='_blank'>" . $row['link'] . "</a>
                    </div>";
        }
    }
}

if( ! $hasResult  ) { //Move to a common section
    echo "There are no results matching your search.";
}

【讨论】:

    【解决方案3】:

    使用下面的函数获取查询字符串

    <?php
    $arr_with_index['title'] = $_POST['search'];
    $search_qry = getLikeSearchQuery($arr_with_index)
    // Add this $search_qry in your query string. This help you to searc N number of values
    
    // For Array and Equal values
     function getSearchQuery($arr_with_index) {
      $search_qry = "";
            if(isset($arr_with_index)){
                  foreach(@$arr_with_index as $index => $value) {
                        if(is_array($value)) {
                              if( implode("",$value) != '' ) {
                                    if($index && $value) { $search_qry .= " and $index IN ('".implode("','",$value)."') "; }
                              }
                        } else {
                              $value = trim($value);
                              if($index && $value) { $search_qry .= " and "; $search_qry .= " $index = \"$value\" "; }
                        }
                  }
            }
      return $search_qry;
    }
    // For String
    function getLikeSearchQuery($arr_with_index) {
      $search_qry = "";
    
      foreach($arr_with_index as $index => $value) {
            $inner_flag = false;
            if($index && $value) {
                  $field_arr = explode(",", $index);
                  foreach($field_arr as $field_index => $field_value) {
                        if(!$inner_flag) { $search_qry .= " and ( "; } else { $search_qry .= " or "; }
                        $value = trim($value);
                        $search_qry .= " $field_value like "; $search_qry .= "  \"%$value%\" "; 
                        $inner_flag = true;
                  }
            }
            if($inner_flag) { $search_qry .= " ) "; }
      }
    
      return $search_qry;
    }
    
    ?>
    

    【讨论】:

      猜你喜欢
      • 2011-11-04
      • 1970-01-01
      • 2017-09-21
      • 2020-10-14
      • 2014-07-28
      • 1970-01-01
      • 2012-02-29
      • 1970-01-01
      • 2018-05-03
      相关资源
      最近更新 更多