PDO搜索引擎故障

Question

我想製作一個高級搜索引擎，您可以通過名字，姓氏，郵編，城市，州，電話，手機和電子郵件進行搜索。

我設法讓它搜索的名字，但你必須輸入正確的名字，因爲與其他任何東西，我拿出一切，但第一個名字搜索找到我的問題，但我還沒有找到它，這是我試圖轉換爲PDO的搜索代碼的MySQL版本。

的MySQL：

<?php 
    //This is only displayed if they have submitted the form 

    if ($searching =="yes") { 
     echo "<h2>Results</h2><p>"; 
     //If they did not enter a search term we give them an error 

     if ($find == "") 
     if ($f == "") 
     if ($info == "") 
     if ($zip == "") 
     if ($state == "") 
     if ($email == "") 

     { 
      echo "<p>You forgot to enter a search term"; 
      exit; 
     } 

     // Otherwise we connect to our Database 
     mysql_connect("xxx", "xxxx", "xxx") or die(mysql_error()); 
     mysql_select_db("xxxx") or die(mysql_error()); 
     // We preform a bit of filtering 

     //Now we search for our search term, in the field the user specified 
$data = mysql_query("SELECT * FROM users WHERE fname 
LIKE '%" . mysql_real_escape_string($find)  . "%' AND lname 
LIKE '%" . mysql_real_escape_string($f)   . "%' AND info 
LIKE '%" . mysql_real_escape_string($info)  . "%' AND zip 
LIKE '%" . mysql_real_escape_string($zip)  . "%' AND state 
LIKE '%" . mysql_real_escape_string($state)  . "%' AND email 
LIKE '%" . mysql_real_escape_string($city) . "%' AND city 
LIKE '%" . mysql_real_escape_string($email)  . "%'"); 
?> 


<?php 

//And we display the results 
while($result = mysql_fetch_array($data)) 
    { 
    echo "<hr><br>First Name:&nbsp;"; 
echo $result['fname']; 
echo "<br>Last Name:&nbsp;"; 
echo $result['lname']; 
echo "<br>Home Phone:&nbsp;"; 
echo $result['info']; 
echo "<br>Cell Phone:&nbsp;"; 
echo $result['cp']; 
echo "<br>City:&nbsp;"; 
echo $result['city']; 
echo "<br>State:&nbsp;"; 
    echo $result['state']; 
echo "<br>Zip:&nbsp;"; 
echo $result['zip']; 
echo "<br>Email:&nbsp;"; 
echo $result['email']; 
echo "<br><hr>"; 


} 

//This counts the number or results - and if there wasn't any it gives them a little message explaining that 
$anymatches=mysql_num_rows($data); 
if ($anymatches == 0) 
{ 
echo "Sorry, but we can not find an entry to match your query<br><br>"; 
} 
//And we remind them what they searched for 
echo "<b>Searched For: 
     </b> " .$find; 
    } 
?> 

現在，這裏是我的PDO版本：

<? 
    $dsn = 'mysql:host=xxx;dbname=xxx;charset=utf8'; 
    $opt = array(
     PDO::ATTR_ERRMODE   => PDO::ERRMODE_EXCEPTION, 
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC 
    ); 
    $pdo = new PDO($dsn,'xxx','xxx', $opt); 


$stmt = $pdo->prepare("SELECT * FROM users WHERE fname= ?"); 



if ($stmt->execute(array($fname))); 
    while ($row = $stmt->fetch()) { 


     print $row['fname'] . "<br>"; 
     print $row['lname'] . "\t<br>"; 
     print $row['info'] . "\n<br>"; 
     print $row['cp'] . "\n<br>"; 
     print $row['state'] . "\n<br>"; 
     print $row['city'] . "\n<br>"; 
     print $row['zip'] . "\n<br>"; 
     print $row['email'] . "\n<br>"; 

    } 



    ?> 

提示，建議和意見，歡迎和讚賞。

Answer 1

我想你會建立一個sql字符串並使用參數。
你不會在你的sql字段中包含用戶留空的。

// **EDIT** check if there's any user-input... 

if (!isset($_POST['fname']) && !isset($_POST['lname'])) { // add all your input-fields 

    echo "<p>please enter a search term!</p>"; 
    echo '<a href="search.php">try again</a>"; 
    exit(); 
} 

    $sql = ''; 
    $bind = array(); 

if (strlen($_POST[‘firstname‘]) > 0) { // assuming your form-method is "post" 
    $sql .= 'AND fname LIKE :fname '; 
    $bind['fname'] = '%'.$_POST['firstname'].'%'; 
} 

if (strlen($_POST['lastname']) > 0) 
    $sql .= 'AND lname LIKE :lname '; 
    $bind['lname'] = '%'.$_POST['lastname'].'%'; 
} 
// ... 
// do this will all of your input-fields... 

$sql = 'SELECT * FROM users WHERE ' . trim($sql, 'AND') . ' ORDER BY lname'; 

$stmt = $pdo->prepare($sql); 
$stmt->execute(array($bind)); 
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 

// go ahead and display your results with foreach... 

Answer 2

你最大的問題是你在你的WHERE條款使用AND代替OR。將其更改爲：

SELECT * 
FROM `table` 
WHERE `name` LIKE '%string%' 
OR `zip` LIKE '%string%' 
// AND SO ON