根據用戶輸入寫入包含變量WHERE的查詢

我在查詢時遇到問題。我想要做的是檢查每個變量是否存在，如果不存在則忽略它們。我也想在一個表格中顯示結果。任何幫助將不勝感激！根據用戶輸入寫入包含變量WHERE的查詢

我到目前爲止：這是我的代碼。目前，它返回一個包含數據庫所有結果的數組，但如果我將WHERE子句中的OR更改爲AND，則需要填寫所有字段。我希望用戶能夠輸入儘可能多的信息，以便顯示所有可能的結果。

<?php require("common.php");?> 
<?php 
if(!empty($_POST)) 
{ 
$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'"); 
$sth->execute(); 

/* Fetch all of the remaining rows in the result set */ 
print("Fetch all of the remaining rows in the result set:\n"); 
$result = $sth->fetchAll(); 
print_r($result); 



$First_name = $_POST['First_name']; 
$Surname = $_POST['Surname']; 
$DOB = $_POST['DOB']; 
$Street = $_POST['Street']; 
$Suburb = $_POST['Suburb']; 
$State = $_POST['State']; 
$Postcode = $_POST['Postcode']; 
$Phone = $_POST['Phone']; 
} 
?> 
<fieldset><legend>Find a customer</legend> 
<form name="querycustomerform" method="post" action="qcustomer.php"> 
    <table class="five"> 
     <tr> 
      <td colspan="4"> 
       <h3>Please fill out as many details as possible</h3> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="First_name" maxlength="30" size="30" placeholder="First name"> 
      </td> 
      <td> 
       <input type="text" name="Surname" maxlength="30" size="30" placeholder="Surname"> 
      </td> 
      <td style="text-align: right">Date of Birth:</td> 
      <td> 
       <input type="date" name="DOB"> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="Street" maxlength="40" size="30" placeholder="Street Address"> 
      </td> 
      <td> 
       <input type="text" name="Suburb" maxlength="15" size="30" placeholder="Suburb"> 
      </td> 
      <td> 
       <select name="State"> 
       <option value="">State</option> 
       <option value="ACT">Australian Capital Territory</option> 
       <option value="NSW">New South Wales</option> 
       <option value="NT">Northern Territory</option> 
       <option value="QLD">Queensland</option> 
       <option value="SA">South Australia</option> 
       <option value="TAS">Tasmania</option> 
       <option value="VIC">Victoria</option> 
       <option value="WA">Western Australia</option> 
       </select> 
      </td> 
      <td> 
       <input type="text" name="Postcode" maxlength="4" size="30" placeholder="Postcode"> 
      </td> 
     </tr> 
     <tr> 
      <td> 
       <input type="text" name="Phone" maxlength="15" size="30" placeholder="Phone Number"> 
      </td> 
      <td> 
      </td> 
      <td> 
      </td> 
      <td> 
       <input class="button" type="submit" value="Search"> 
      </td> 
     </tr> 
    </table> 
</form> 
</fieldset>

來源

2014-11-24 Mr Ed

檢查一下填寫的典型測試結果，如果添加的信息提供 – 2014-11-24 03:49:15

，並將該是什麼樣子查詢？ – 2014-11-24 03:52:51

的OR條件要求的條件任何（即：條件1，條件2，condition_n）將必須滿足的記錄被包括在結果set.Whereas的AND條件要求必須滿足條件（即：condition1，condition2，condition_n）的全部。根據您的要求，或條件是必需的。

您需要構建一個動態查詢來執行此操作。從基本存根開始

$sql = "SELECT * FROM customer";

然後，您需要將初始子句設置爲WHERE。

$clause = " WHERE ";//Initial clause

你需要一個數組來存儲參數

$paramArray =array();

開始建立我從POST改爲GET，因爲它更容易測試的query.Note也看到PDO WIKI用於％的佔位符。即佔位符不能表示查詢的任意部分，而只能是完整的數據文字。

if(isset($_GET['First_name'])){ 
    $First_name = $_GET['First_name']; 
    $sql .= "$clause First_name LIKE ?"; 
    $clause = " OR ";//Change clause 
    array_push($paramArray,"%$First_name%"); 
}

下一頁繼續條款

if(isset($_GET['Surname'])){ 
    $Surname = $_GET['Surname']; 
    $sql .= "$clause Surname LIKE ?"; 
    $clause = " OR "; 
    array_push($paramArray,"%$Surname%"); 
}

添加條款，其餘爲上述

測試結果，測試&變更後刪除GET開機自檢

echo $sql ; 
echo "<br>"; 
print_r($paramArray);

準備和執行查詢

$sth = $db->prepare($sql); 
$sth->execute($paramArray);

從test.php?First_name=dave&Surname=smith

SELECT * FROM customer WHERE First_name LIKE ? OR Surname LIKE ? 
Array ([0] => %dave% [1] => %smith%)

從test.php?Surname=smith

SELECT * FROM customer WHERE Surname LIKE ? 
Array ([0] => %smith%)

來源

2014-11-24 11:20:29

-1

嘗試改變

$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'");

到

$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%'".$First_name."'%' OR ...

以$ FIRST_NAME出來的文本字符串，並使用該文本字符串拼接它。你在做的是從字面上搜索「$ First_name」，而不是$ First_Name變量的值。從外觀的角度來看，這有點麻煩，但我發現將文本與變量連接起來更安全，而不是在引號內擴展變量。

達里爾

來源

2014-11-24 04:00:14

根據用戶輸入寫入包含變量WHERE的查詢

回答

相關問題