MySQL錯誤1064執行SELECT查詢時

Question

我有這樣的代碼：

function search_keyword(){ 
      $keyword = trim($_POST['keyword']); 
      $search_explode = explode(" ", $keyword); 
      $x = 0; 

      $sql = " (SELECT name, id_global_info AS id, body AS body, tag AS tag ,info_type_id AS info_type, \"global_info\" AS mytable FROM global_info WHERE "; 
      foreach($search_explode as $each){ 
       $x++; 
       if($x == 1){ 
        $sql .= " name LIKE '%$each%' ";}       
       else { 

        $sql .= " AND name LIKE '%$each%' "; 
       } 
      } 

       $sql .= ") UNION ALL "; 

       $sql .= " (SELECT name, id_person AS id, surname AS body, info AS tag , location AS info_type, \"person\" AS mytable FROM person WHERE "; 
      foreach($search_explode as $each){ 
       $x++; 
       if($x == 1){ 
        $sql .= " name LIKE '%$each%' ";}       
       else { 

        $sql .= " AND name LIKE '%$each%' "; 
       } 
      } 

       $sql .= ") UNION ALL "; 

       $sql .= "(SELECT name, id_event AS id, body AS body, caffe_id AS tag , date AS info_type, \"event\" AS mytable FROM event WHERE "; 
      foreach($search_explode as $each){ 
       $x++; 
       if($x == 1){ 
        $sql .= " name LIKE '%$each%' ";}       
       else { 

        $sql .= " AND name LIKE '%$each%' "; 
       } 
      } 

      $sql .= ") UNION ALL "; 

       $sql .= "(SELECT name, id_caffe AS id, description AS body, adress AS tag, location_id AS info_type, \"caffe\" AS mytable FROM caffe WHERE "; 
      foreach($search_explode as $each){ 
       $x++; 
       if($x == 1){ 
        $sql .= " name LIKE '%$each%' ";}       
       else { 

        $sql .= " AND name LIKE '%$each%' "; 
       } 
      } 

      $sql .= ") "; 
      echo $sql; 
      $q = $this->db->query($sql); 
      return $q = $q->num_rows() == 0 ? FALSE : $q->result(); 
     } 

當我搜索exapmle

"mali oglasi"

我獲得以下錯誤：

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND name LIKE '%mali%' AND name LIKE '%oglas%') UNION ALL ( SELECT name, id_e' at line 1

這是MySQL正在生成查詢：

(SELECT name, id_global_info AS id, body AS body, tag AS tag ,info_type_id AS info_type, "global_info" AS mytable FROM global_info WHERE name LIKE '%mali%' AND name LIKE '%oglas%') 
UNION ALL 
(SELECT name, id_person AS id, surname AS body, info AS tag , location AS info_type, "person" AS mytable FROM person WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%') 
UNION ALL 
(SELECT name, id_event AS id, body AS body, caffe_id AS tag , date AS info_type, "event" AS mytable FROM event WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%') 
UNION ALL 
(SELECT name, id_caffe AS id, description AS body, adress AS tag, location_id AS info_type, "caffe" AS mytable FROM caffe WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%') 

什麼似乎是錯誤？

Answer 1

第一件事的第一件事：不要忘記逃避你的輸入價值。這可以在你的情況下，無論是在初始值來實現，或者在$each

// If your query() method calls mysql_query() 
$keyword = mysql_real_eascape_string(trim($_POST['keyword'])); 
// Or if query() is mysqli::query() 
$keyword = $this->db->real_escape_string(trim($_POST['keyword'])); 
// Or if this is Codeigniter's API 
$keyword = $this->db->escape_like_str(trim($_POST['keyword'])); 

你需要在每個foreach循環的開始重置$x foreach循環的每次迭代：

 // Reset $x to 0 before the start of each of your loops. 
     $x = 0; 
     foreach($search_explode as $each){ 
      $x++; 
      if($x == 1){ 
       $sql .= " name LIKE '%$each%' ";}       
      else { 

       $sql .= " AND name LIKE '%$each%' "; 
      } 
     } 

注意：通常建議使用參數化查詢，而不是通過串聯和插值來構建查詢。 Codeigniter使用?佔位符。

Answer 2

您查詢錯誤駐留在第二，第三和第四SELECT語句，你有WHERE AND name而不是WHERE name