function showSearchResults()
{
$keyword = $_POST['keyword'];
$q = "SELECT * FROM user_info INNER JOIN project ON user_info.user_id = project.user_id
LEFT JOIN bedsize ON project.bedsize_fk = bedsize.bedsize_id
LEFT JOIN topics_of_improv ON project.p_id = topics_of_improv.p_id
LEFT JOIN medication ON topics_of_improv.medication_fk = medication.med_id
LEFT JOIN care_trans ON topics_of_improv.care_trans_fk = care_trans.care_trans_id
LEFT JOIN hosp_acquired_infect ON topics_of_improv.hosp_acquired_infect_fk = hosp_acquired_infect.hai_id
LEFT JOIN hosp_patient_care_pro ON topics_of_improv.hosp_patient_care_pro_fk = hosp_patient_care_pro.hpcp_id
LEFT JOIN health_it ON topics_of_improv.health_it_fk = health_it.health_it_id
LEFT JOIN teamwork ON topics_of_improv.teamwork_fk = teamwork.teamwork_id
LEFT JOIN project_diss ON topics_of_improv.project_diss_fk = project_diss.project_diss_id
LEFT JOIN resources ON topics_of_improv.resources_fk = resources.resources_id LEFT JOIN summary ON project.p_id = summary.p_id
LEFT JOIN process ON summary.process_fk = process.process_id
WHERE (project.description LIKE '%" . $keyword . "%'
OR summary.improvement LIKE '%" . $keyword . "%'
OR summary.interventions LIKE '%" . $keyword . "%'
OR summary.brief LIKE '%" . $keyword . "%'
OR summary.lessons LIKE '%" . $keyword . "%'
OR summary.actions LIKE '%" . $keyword . "%'
OR summary.measures LIKE '%" . $keyword . "%'
OR summary.clinical LIKE '%" . $keyword . "%')
ORDER BY project.p_id DESC";
@$type = $_POST['type'];
@$state = $_POST['state'];
@$bedsize = $_POST['bedsize'];
@$care_trans = $_POST['care_trans'];
@$health_it = $_POST['health_it'];
@$hai = $_POST['hai'];
@$hpcp = $_POST['hpcp'];
@$medication = $_POST['medication'];
@$process = $_POST['process'];
@$project_diss = $_POST['pro_diss'];
@$resources = $_POST['resources'];
@$teamwork = $_POST['teamwork'];
$uid = $_SESSION['userid'];
if ($_SESSION['level'] == '0')
//$q .= "AND project.approved = 'yes' ";
//if($uid)
//$q .= "AND project.user_id = '".$uid."' ";
if($uid)
$q .= "AND project.user_id = '".$uid."' OR project.approved = 'yes'";
if($type)
$q .= " AND project.type = '".$type."' ";
if($state)
$q .= " AND project.p_state = '".$state."' ";
if($bedsize)
$q .= " AND bedsize.bedsize_id = '".$bedsize."' ";
if($care_trans)
$q .= " AND care_trans.care_trans_id = '".$care_trans."' ";
if($health_it)
$q .= " AND health_it.health_it_id = '".$health_it."' ";
if($hai)
$q .= " AND hosp_acquired_infect.hai_id = '".$hai."' ";
if($hpcp)
$q .= " AND hosp_patient_care_pro.hpcp_id = '".$hpcp."' ";
if($medication)
$q .= " AND medication.med_id = '".$medication."' ";
if($process)
$q .= " AND project.p_state = '".$process."' ";
if($project_diss)
$q .= " AND project_diss.project_diss_id = '".$project_diss."' ";
if($resources)
$q .= " AND resources.resources_id = '".$resources."' ";
if($teamwork)
$q .= " AND teamwork.teamwork_id = '".$teamwork."' ";
$result = mysql_query($q) or die(mysql_error());
if(mysql_num_rows($result)==0){
echo "<tr>";
echo "<td>No records matched your search criteria</td>";
echo "<td></td>";
echo "<td><a href='advanced_search.php'>Please click here to try again</a></td>";
echo "<td></td>";
echo "<td></td>";
echo "<td></td>";
echo "</tr>";
}
while($row = mysql_fetch_array($result)){
$p_id = $row["p_id"];
$uid = $row["user_id"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$title = $row["title"];
$description = $row["description"];
$p_hospital = $row["p_hospital"];
$approved = $row["approved"];
if($_GET['order'] == "submitter"){
echo "<tr>";
echo "<td>$firstname $lastname</td>";
echo "<td>$p_hospital</td>";
echo "<td>$description</td>";
echo "<td>";
echo ($approved == "Yes") ? "<img src='imgs/check.png' />" : "<img src='imgs/pending.png' />" ;
echo "</td>";
echo "<td>$title</td>";
echo "<td><a href='details.php?p_id=$p_id'>View</a><br /></td>";
echo "</tr>";
}else if($_GET['order'] == "hospital"){
echo "<tr>";
echo "<td>$p_hospital</td>";
echo "<td>$description</td>";
echo "<td>";
echo ($approved == "Yes") ? "<img src='imgs/check.png' />" : "<img src='imgs/pending.png' />" ;
echo "</td>";
echo "<td>$title</td>";
echo "<td>$firstname $lastname</td>";
echo "<td><a href='details.php?p_id=$p_id'>View</a><br /></td>";
echo "</tr>";
}else if($_GET['order'] == "keywords"){
echo "<tr>";
echo "<td>$description</td>";
echo "<td>";
echo ($approved == "Yes") ? "<img src='imgs/check.png' />" : "<img src='imgs/pending.png' />" ;
echo "</td>";
echo "<td>$title</td>";
echo "<td>$firstname $lastname</td>";
echo "<td>$p_hospital</td>";
echo "<td><a href='details.php?p_id=$p_id'>View</a><br /></td>";
echo "</tr>";
}else if($_GET['order'] == "status"){
echo "<tr>";
echo "<td>";
echo ($approved == "Yes") ? "<img src='imgs/check.png' />" : "<img src='imgs/pending.png' />" ;
echo "</td>";
echo "<td>$title</td>";
echo "<td>$firstname $lastname</td>";
echo "<td>$p_hospital</td>";
echo "<td>$description</td>";
echo "<td><a href='details.php?p_id=$p_id'>View</a><br /></td>";
echo "</tr>";
}else{
echo "<tr>";
echo "<td>$title</td>";
echo "<td>$firstname $lastname</td>";
echo "<td>$p_hospital</td>";
echo "<td>$description</td>";
echo "<td>";
echo ($approved == "Yes") ? "<img src='imgs/check.png' />" : "<img src='imgs/pending.png' />" ;
echo "</td>";
echo "<td><a href='details.php?p_id=$p_id'>View</a><br /></td>";
echo "</tr>";
}
}
}
}
回答
ORDER BY關鍵字用於排序結果集。 project.p_id DESC不是您的結果集的一部分。 它需要所有的
SELECT user_info.column_name,....,project.p_id FROM user_info ........
無論字段是否在SELECT中,ORDER BY都可以工作。 –
它只與Ilmari Karonen的步驟一起工作,但無論如何感謝您。 – Kris
首先,你的代碼看起來像一個SQL injection attack等待發生。如果您必須像這樣手工創建SQL查詢,則至少應在輸入變量上使用mysql_real_escape_string()
。
一旦你採取的是關懷,把ORDER BY project.p_id DESC
了查詢的初始部分,只是行
$result = mysql_query($q) or die(mysql_error());
前加
$q .= " ORDER BY project.p_id DESC ";
這樣一來,ORDER BY
子句將位於查詢的結尾,即它所屬的位置。
+1暗示SQL注入漏洞。 – phlogratos
這個答案很完美,我的網頁現在可以正常工作。 非常感謝! – Kris
您的代碼將其他WHERE
子句添加到變量y中的查詢中。這適用於q以WHERE
子句結尾,但如果q以ORDER BY
結尾,則這不起作用。你需要做的是確保ORDER BY
畢竟是WHERE
條款。
- 1. Xcode是否已經破壞了我的目標WatchKit的能力?
- 2. 我似乎已經破解了validates_confirmation_of
- 3. 破壞我的本地git回購
- 4. 如何訂購,我已經使用在軌道select語句
- 5. 如何避免射擊已經破壞了boost :: asio :: deadline_timer
- 6. 我如何測試我已經成功安裝了Python模塊?
- 7. 我破壞了我的Mysql View查詢。我如何解決它?
- 8. 當我在VIM中加載PIV時,它破壞了我的NERDTree,並且破壞了我的領導者密鑰
- 9. RouteAttribute破壞了我的默認路由
- 10. 添加功能導入功能似乎在EF6中被破壞
- 11. 我已經打破了我的紅寶石安裝
- 12. 我如何能夠添加幾個項目到我的訂單/購物車?
- 13. Xcode 8 GM破壞了我的UI
- 14. ProGuard破壞了我的Android代碼
- 15. 要我打電話添加到列表中的Emacs Lisp破壞性的功能?
- 16. 老Maven的依賴關係已經打破了我的構建
- 17. 添加到我的程序中的導入功能會破壞OOP封裝。我如何恢復封裝?
- 18. 我該如何添加成功功能?
- 19. 如何添加一個性能計數器我已經創建
- 20. Sitefinity 5.3:我如何訂購我的CSS?
- 21. 我的龜已經死了
- 22. 我如何添加更多的功能
- 23. 如何調整我已經建立了
- 24. 爲什麼添加我的Sql UPDATE會破壞我的循環?
- 25. 我的.fla文件被破壞了嗎?
- 26. 我已經聲明瞭全局變量,但使用功能
- 27. 我已經安裝了lightgbm成功,但不能在jupyter
- 28. 我應該如何訂購我的div?
- 29. 添加iFrame的模塊已經搞砸了我ContentPanes造型
- 30. 我的陣列如何被破壞?
你需要做一些*自己的工作。刪除看起來不相關的部分查詢。告訴我們什麼**破壞了我的功能**意味着 - 沒有結果,意外的結果,錯誤信息? (提示:錯誤消息可能對其他試圖幫助你的人有用) –