與LIKE語句

Question

語言Innacurate查詢是PHP，數據庫ORM是紅豆

if(isset($get['last']) || isset($get['first'])){   
    $query = ''; 
    $search_params = []; 
    if(isset($get['first']) && !isset($get['last'])){ 
     //search only with first name 
     $query .= ' AND name LIKE :first '; 
     $search_params[':first'] = '%'.$get['first'].'%'; 
     $args['first'] = $get['first']; 
    } 
    else if(!isset($get['first']) && isset($get['last'])){ 
     //search only with last name 
     $query .= ' AND name LIKE :last '; 
     $search_params[':last'] = '%'.$get['last'].'%'; 
     $args['last'] = $get['last']; 
    } 
    else{ 
     //search with both first and last name 
     $query = ' AND (name LIKE :first OR name LIKE :last) '; 
     $search_params[':first'] = '%'.$get['first'].'%'; 
     $search_params[':last'] = '%'.$get['last'].'%'; 
     $args['first'] = $get['first']; 
     $args['last'] = $get['last']; 
    } 
    if($args['admin']){ 
     //if the user is the admin of the account they can see all transactions 
     $args['transaction'] = admin_example($id, $query, $search_params); 
    }else{ 
     //if the user is a member of the account and was involved in the transaction 
     $args['transaction'] = member_example($id,$user->email,$query,$search_params); 
    } 
}else{ 
    $args['transaction'] = false; 
} 

//get archived transaction the user was involved in matching search parameters 
function admin_example($account_id,$query_segment,$search_params) 
{ 
    $params = array_merge([':id'=>$account_id],$search_params); 
    return R::getAll('SELECT name,tx_id,otp,property_type,property,ins_documents,active FROM transaction WHERE account_id=:id AND active="0" '.$query_segment.' ORDER BY name ASC', 
     $params 
    ); 
} 

//get archived transaction the user was involved in for the current account and matching search parameters 
function member_example($account_id,$email,$query_segment,$search_params) 
{ 
    //gets transactions the account member is able to view. 
    $params = array_merge([':account'=>$account_id,':email'=>$email],$search_params); 
    return R::getAll('SELECT name,tx_id,otp,property,property_type,ins_documents,active FROM 
    transaction WHERE account_id=:account AND (primary_email=:email OR secondary_email=:email) AND active="0" '.$query_segment.' ORDER BY name ASC', 
     $params 
    ); 
} 

查詢

SELECT 
    name,tx_id,otp,property_type,property,ins_documents,active 
FROM 
    transaction 
WHERE 
    account_id='1' AND active='0' AND (name LIKE '%ABC%' OR name LIKE '%DEF%') 
ORDER BY 
    name ASC 

以下假設：

1. 我輸入「ABC 「輸入名字輸入並將」DEF「輸入姓氏中放。
2. 該表有1行滿足active="0"條件。
3. 該行的名稱列包含姓氏和名字，用逗號分隔，即Flip, Tre。

似乎無論輸入框中輸入什麼內容，當它不應該與LIKE語句匹配時，記錄總是被檢索。我不知道爲什麼，我在想如果還有什麼我可以做的？我已經添加了name列的索引，但沒有骰子。我也嘗試使用REGEXP，但我無法檢索那樣的東西。

Answer 1

根據您的代碼和您的評論顯示問題，它看起來像last和first在表單上爲空時，它們仍然被傳遞給腳本。

這意味着isset()檢查已通過，但它們沒有值（即空字符串，即''）。當這被添加到or子句中時，它將添加'%%'，顯然，它將與任何值匹配。

您還需要檢查並確保這些變量在將它們包括在查詢中之前未設置爲空字符串。你可以通過調用isempty()這個變量，或者通過檢查空字符串''來檢查它是否不等。