【问题标题】:Writing a query that contains variable WHERE based on user input根据用户输入编写包含变量 WHERE 的查询
【发布时间】:2015-01-21 17:39:24
【问题描述】:

我在查询时遇到问题。我想做的是检查每个变量是否存在,如果不存在则忽略它们。我还想在表格中显示结果。任何帮助将不胜感激!

到目前为止我所拥有的:这是我的代码。目前,它返回一个包含数据库所有结果的数组,但如果我将 WHERE 子句中的 OR 更改为 AND,则需要填充所有字段。我希望用户能够输入他们所知道的尽可能多的信息,以便显示所有可能的结果。

<?php require("common.php");?>
<?php
if(!empty($_POST))
{
$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'");
$sth->execute();

/* Fetch all of the remaining rows in the result set */
print("Fetch all of the remaining rows in the result set:\n");
$result = $sth->fetchAll();
print_r($result);



$First_name = $_POST['First_name'];
$Surname = $_POST['Surname'];
$DOB = $_POST['DOB'];
$Street = $_POST['Street'];
$Suburb = $_POST['Suburb'];
$State = $_POST['State'];
$Postcode = $_POST['Postcode'];
$Phone = $_POST['Phone'];
}
?>
<fieldset><legend>Find a customer</legend>
<form name="querycustomerform" method="post" action="qcustomer.php">
    <table class="five">
        <tr>
            <td colspan="4">
                <h3>Please fill out as many details as possible</h3>
            </td>
        </tr>
        <tr>
            <td>
                <input type="text" name="First_name" maxlength="30" size="30" placeholder="First name">
            </td>
            <td>
                <input type="text" name="Surname" maxlength="30" size="30" placeholder="Surname">
            </td>
            <td style="text-align: right">Date of Birth:</td>
            <td>
                <input type="date" name="DOB">
            </td>
        </tr>
        <tr>
            <td>
                <input type="text" name="Street" maxlength="40" size="30" placeholder="Street Address">
            </td>
            <td>
                <input type="text" name="Suburb" maxlength="15" size="30" placeholder="Suburb">
            </td>
            <td>
                <select name="State">
                <option value="">State</option>
                <option value="ACT">Australian Capital Territory</option>
                <option value="NSW">New South Wales</option>
                <option value="NT">Northern Territory</option>
                <option value="QLD">Queensland</option>
                <option value="SA">South Australia</option>
                <option value="TAS">Tasmania</option>
                <option value="VIC">Victoria</option>
                <option value="WA">Western Australia</option>
                </select>
            </td>
            <td>
                <input type="text" name="Postcode" maxlength="4" size="30" placeholder="Postcode">
            </td>
        </tr>
        <tr>
            <td>
                <input type="text" name="Phone" maxlength="15" size="30" placeholder="Phone Number">
            </td>
            <td>
            </td>
            <td>
            </td>
            <td>
                <input class="button" type="submit" value="Search">
            </td>
        </tr>
    </table> 
</form>
</fieldset>

【问题讨论】:

  • 检查填写的内容,如果提供信息,添加到查询中
  • 那会是什么样子?

标签: php mysql pdo


【解决方案1】:

OR 条件要求必须满足任何 条件(即:condition1、condition2、condition_n),记录才能包含在结果集中。而 AND 条件要求必须满足 所有 条件(即:condition1、condition2、condition_n)。根据您的要求,OR 条件是必需的。

您需要构建一个动态查询来执行此操作。从一个基本的存根开始

$sql = "SELECT * FROM customer";

那么你需要将初始子句设置为WHERE。

$clause = " WHERE ";//Initial clause

你需要一个数组来存储参数

$paramArray =array();

开始构建查询。注意我已从 POST 更改为 GET,因为它更易于测试 另请参阅 PDO WIKI 以在占位符中使用 %。即占位符不能代表查询的任意部分,而只能代表完整的数据文字。

if(isset($_GET['First_name'])){
    $First_name = $_GET['First_name'];
    $sql .= "$clause First_name LIKE ?";
    $clause = " OR ";//Change clause
    array_push($paramArray,"%$First_name%");
}   

继续下一个子句

if(isset($_GET['Surname'])){
    $Surname = $_GET['Surname'];
    $sql .= "$clause Surname LIKE ?";
    $clause = " OR ";
    array_push($paramArray,"%$Surname%");
}   

如上添加其余子句

测试结果,测试后删除 & 将 GET 更改为 POST

echo $sql ;
echo "<br>";
print_r($paramArray);

准备并执行查询

$sth = $db->prepare($sql);
$sth->execute($paramArray);

来自test.php?First_name=dave&amp;Surname=smith的典型测试结果

SELECT * FROM customer WHERE First_name LIKE ? OR Surname LIKE ?
Array ( [0] => %dave% [1] => %smith% )

来自test.php?Surname=smith

SELECT * FROM customer WHERE Surname LIKE ?
Array ( [0] => %smith% )

【讨论】:

    【解决方案2】:

    尝试改变

    $sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'");
    

    $sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%'".$First_name."'%' OR ...
    

    从文字字符串中取出 $First_name,并将其与文字字符串连接起来。您所做的实际上是搜索“$First_name”,而不是 $First_Name 变量的值。从外观的角度来看,这有点混乱,但我发现将文本与变量连接起来比在引号内扩展变量更安全。

    达里尔

    【讨论】:

      猜你喜欢
      • 2021-11-24
      • 2018-07-28
      • 2011-01-23
      • 1970-01-01
      • 2017-09-24
      • 1970-01-01
      • 2020-08-30
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多