1. 首页
  2. 问答
  3. 根据用户输入写入包含变量WHERE的查询

根据用户输入写入包含变量WHERE的查询

2014-11-24 81 views
2

我在查询时遇到问题。我想要做的是检查每个变量是否存在,如果不存在则忽略它们。我也想在一个表格中显示结果。任何帮助将不胜感激!根据用户输入写入包含变量WHERE的查询

我到目前为止:这是我的代码。目前,它返回一个包含数据库所有结果的数组,但如果我将WHERE子句中的OR更改为AND,则需要填写所有字段。我希望用户能够输入尽可能多的信息,以便显示所有可能的结果。

<?php require("common.php");?> 
<?php 
if(!empty($_POST)) 
{ 
$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'"); 
$sth->execute(); 

/* Fetch all of the remaining rows in the result set */ 
print("Fetch all of the remaining rows in the result set:\n"); 
$result = $sth->fetchAll(); 
print_r($result); 



$First_name = $_POST['First_name']; 
$Surname = $_POST['Surname']; 
$DOB = $_POST['DOB']; 
$Street = $_POST['Street']; 
$Suburb = $_POST['Suburb']; 
$State = $_POST['State']; 
$Postcode = $_POST['Postcode']; 
$Phone = $_POST['Phone']; 
} 
?> 
<fieldset><legend>Find a customer</legend> 
<form name="querycustomerform" method="post" action="qcustomer.php"> 
    <table class="five"> 
     <tr> 
      <td colspan="4"> 
       <h3>Please fill out as many details as possible</h3> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="First_name" maxlength="30" size="30" placeholder="First name"> 
      </td> 
      <td> 
       <input type="text" name="Surname" maxlength="30" size="30" placeholder="Surname"> 
      </td> 
      <td style="text-align: right">Date of Birth:</td> 
      <td> 
       <input type="date" name="DOB"> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="Street" maxlength="40" size="30" placeholder="Street Address"> 
      </td> 
      <td> 
       <input type="text" name="Suburb" maxlength="15" size="30" placeholder="Suburb"> 
      </td> 
      <td> 
       <select name="State"> 
       <option value="">State</option> 
       <option value="ACT">Australian Capital Territory</option> 
       <option value="NSW">New South Wales</option> 
       <option value="NT">Northern Territory</option> 
       <option value="QLD">Queensland</option> 
       <option value="SA">South Australia</option> 
       <option value="TAS">Tasmania</option> 
       <option value="VIC">Victoria</option> 
       <option value="WA">Western Australia</option> 
       </select> 
      </td> 
      <td> 
       <input type="text" name="Postcode" maxlength="4" size="30" placeholder="Postcode"> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="Phone" maxlength="15" size="30" placeholder="Phone Number"> 
      </td> 
      <td> 
      </td> 
      <td> 
      </td> 
      <td> 
       <input class="button" type="submit" value="Search"> 
      </td> 
     </tr> 
    </table> 
</form> 
</fieldset>

来源

2014-11-24 Mr Ed

+0

检查一下填写的典型测试结果,如果添加的信息提供 – 2014-11-24 03:49:15

+0

,并将该是什么样子查询? – 2014-11-24 03:52:51

回答

1

OR条件要求的条件任何(即:条件1,条件2,condition_n)将必须满足的记录被包括在结果set.Whereas的AND条件要求必须满足条件(即:condition1,condition2,condition_n)的全部。根据您的要求,条件是必需的。

您需要构建一个动态查询来执行此操作。从基本存根开始

$sql = "SELECT * FROM customer";

然后,您需要将初始子句设置为WHERE。

$clause = " WHERE ";//Initial clause

你需要一个数组来存储参数

$paramArray =array();

开始建立我从POST改为GET,因为它更容易测试 的query.Note也看到PDO WIKI用于%的占位符。即占位符不能表示查询的任意部分,而只能是完整的数据文字。

if(isset($_GET['First_name'])){ 
    $First_name = $_GET['First_name']; 
    $sql .= "$clause First_name LIKE ?"; 
    $clause = " OR ";//Change clause 
    array_push($paramArray,"%$First_name%"); 
}

下一页继续条款

if(isset($_GET['Surname'])){ 
    $Surname = $_GET['Surname']; 
    $sql .= "$clause Surname LIKE ?"; 
    $clause = " OR "; 
    array_push($paramArray,"%$Surname%"); 
}

添加条款,其余为上述

测试结果,测试&变更后删除GET开机自检

echo $sql ; 
echo "<br>"; 
print_r($paramArray);

准备和执行查询

$sth = $db->prepare($sql); 
$sth->execute($paramArray);

test.php?First_name=dave&Surname=smith

SELECT * FROM customer WHERE First_name LIKE ? OR Surname LIKE ? 
Array ([0] => %dave% [1] => %smith%)

test.php?Surname=smith

SELECT * FROM customer WHERE Surname LIKE ? 
Array ([0] => %smith%)

来源

2014-11-24 11:20:29

-1

尝试改变

$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'"); 


$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%'".$First_name."'%' OR ...

以$ FIRST_NAME出来的文本字符串,并使用该文本字符串拼接它。你在做的是从字面上搜索“$ First_name”,而不是$ First_Name变量的值。从外观的角度来看,这有点麻烦,但我发现将文本与变量连接起来更安全,而不是在引号内扩展变量。

达里尔

来源

2014-11-24 04:00:14

相关问题

 相关问题