0
我要求在我們的網站中添加搜索部分,然後他們表示像這樣單獨添加它。正如你在下面的圖片中看到的,我做了所有事情,並且工作正常。如何根據具體領域進行搜索?
我現在想要的是當我寫作者姓名或姓氏,然後選擇最新的更新,日期範圍或所有可用的日期,然後點擊搜索並獲得結果。我可以通過單獨搜索來獲得結果,但是當我使用所選日期鍵入作者姓名時,我無法獲得確切的結果。
這裏是域代碼搜索:
<?php
$user_id = $_SESSION['projectUserId'];
$text = $_POST['text'];
$field = $_POST['field'];
if($field == 'authors'){
$userQuerys = "SELECT * FROM user where name like '%$text%' or middlename like '%$text%' or surname like '%$text%'";
$users = mysqli_query($link, $userQuerys);
$userids = '';
while($a = mysqli_fetch_object($users))
{
$userids .= $a->user_id.',';
}
$userids = rtrim($userids,",");
}
if($_SESSION['projectUserType'] == 1 or $_SESSION['projectUserType'] == 4)
{
if($field == 'authors'){
$querys = "SELECT p.* FROM publication p left join pub_author a on a.pub_id=p.id where p.private = '0' and a.user_id in ('$userids')";
}else{
$querys = "SELECT p.* FROM publication p where p.private = '0' and $field = '$text'";
}
}
elseif($_SESSION['projectUserType'] == 3) {
$dep = $_SESSION['userDepartmantId'];
if($field == 'authors'){
$querys = "SELECT p.* FROM publication p left join pub_author a on a.pub_id=p.id where p.private = '0' and a.user_id in('$userids') and pub_department_id='$dep_id'";
}else{
$querys = "SELECT p.* FROM publication p where p.private = '0' and and $field = '$text'";
}
}
elseif($_SESSION['projectUserType'] == 5){
$deps = $_SESSION['userDepartmantId'];
$query = "SELECT * from uni_department where id='$dep_id'";
$faculties = mysqli_query($link, $query);
while($a = mysqli_fetch_object($faculties))
{
$fac_id = $a->faculty_id;
}
$query = "SELECT * from uni_department where faculty_id ='$fac_id'";
$faculties = mysqli_query($link, $query);
while($a = mysqli_fetch_object($faculties))
{
$facDeps .= $a->id . ',';
}
$ids = rtrim($facDeps,",");
if($field == 'authors'){
$querys = "SELECT p.* FROM publication p left join pub_author a on a.pub_id=p.id where p.private = '0' and a.user_id in('$userids') and p.pub_department_id IN ($ids)";
}else{
$querys = "SELECT p.* FROM publication p where p.private = '0' and $field = '$text' and pub_department_id IN ($ids)";
}
}
else{
echo '<script type="text/javascript">';
echo 'window.location = "unauthorized.php"';
echo '</script>';
}
$results5 = mysqli_query($link, $querys);
$num_rows5 = mysqli_num_rows($results5);
echo ' '.$num_rows5;
?>
這裏是年份代碼搜索:
<?php
$search = $_POST['search'];
$user_id = $_SESSION['projectUserId'];
$year = $_POST['year'];
$year2 = $_POST['year2'];
$yearfirst = "$year-01-01";
$yearlast= "$year2-12-31";
if($_SESSION['projectUserType'] == 1 or $_SESSION['projectUserType'] == 4)
{
if($search == 1) { //latest added
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' order by p.year ASC limit 1";
} elseif($search == 2){
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and p.year>='$yearfirst' and p.year<='$yearlast'";
} else {
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0'";
}
}
elseif($_SESSION['projectUserType'] == 3) {
$dep = $_SESSION['userDepartmantId'];
if($search == 1) { //latest added
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and pub_department_id='$dep_id' order by p.year ASC limit 1";
} elseif($search == 2){
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and p.year>='$yearfirst' and p.year<='$yearlast' and pub_department_id='$dep_id'";
} else {
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and pub_department_id='$dep_id'";
}
}
elseif($_SESSION['projectUserType'] == 5){
$deps = $_SESSION['userDepartmantId'];
$query = "SELECT * from uni_department where id='$dep_id'";
$faculties = mysqli_query($link, $query);
while($a = mysqli_fetch_object($faculties))
{
$fac_id = $a->faculty_id;
}
$query = "SELECT * from uni_department where faculty_id ='$fac_id'";
$faculties = mysqli_query($link, $query);
while($a = mysqli_fetch_object($faculties))
{
$facDeps .= $a->id . ',';
}
$ids = rtrim($facDeps,",");
if($search == 1) { //latest added
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and and pub_department_id IN ($ids) order by p.year ASC limit 1";
} elseif($search == 2){
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and p.year>='$yearfirst' and p.year<='$yearlast' and pub_department_id IN ($ids)";
} else {
$querys = "SELECT p.* FROM publication p left join pub_author a on p.id=a.pub_id where p.private = '0' and pub_department_id IN ($ids)";
}
}
else{
echo '<script type="text/javascript">';
echo 'window.location = "unauthorized.php"';
echo '</script>';
}
$results5 = mysqli_query($link, $querys);
$num_rows5 = mysqli_num_rows($results5);
echo ' '.$num_rows5;
?>
這是一般形式的代碼:
<form id="formValidation" action="publication_search_list2.php" method="post" enctype="multipart/form-data" >
<fieldset>
<div style="display:block; padding:20px; background-color:#f5f5f5;">
<h2>Search By Field</h2>
<input type="text" name="text" id="text" class="small-input" />
<select name="field" id="field" class="small-input">
<option value="-1">Select Field</option>
<option value="authors">Authors</option>
<option value="title">Publication Title</option>
<option value="isbn">ISBN</option>
<option value="issue">ISSUE</option>
</select>
<p>
<input class="button" type="submit" value="Search" />
</p>
<!-- End 1. Step -->
</div>
</fieldset>
<div class="clear"></div>
<!-- End .clear -->
</form>
<div style="display:block; padding:20px; background-color:#f5f5f5;">
<form id="formValidation" action="publication_search_list3.php" method="post" enctype="multipart/form-data" >
<h2>Search By Year</h2>
<input type="radio" name="search" value="1">Search Latest Update<br>
<input type="radio" name="search" value="2">Year Range
<select name="year" id="year" class="small-input">
<option value="-1">Select</option>
<?php
$date = date(Y);
$rows= $date;
for($rows = $date; $rows>=$date-100; $rows--)
{
?>
<option value="<?php echo $rows; ?>"><?php echo $rows; ?></option>
<?php
}
?>
</select>-<select name="year2" id="year2" class="small-input">
<option value="-1">Select</option>
<?php
$date = date(Y);
$rows= $date;
for($rows = $date; $rows>=$date-100; $rows--)
{
?>
<option value="<?php echo $rows; ?>"><?php echo $rows; ?></option>
<?php
}
?>
</select>
<br><input type="radio" name="search" value="3">All Available Years
<p>
<input class="button" type="submit" value="Search" />
</p>
</form>
</div>
您在此代碼中存在SQL注入安全漏洞 - 您需要使用參數化來抵禦它。 – halfer