高级搜索 PHP、MySQL

Question

I am trying to set up an advanced search on my site, however when the user is submitting their search if there is an empty field it is send as NULL.我正在尝试在我的网站上设置高级搜索，但是当用户提交他们的搜索时，如果有一个空字段，它将作为 NULL 发送。 Im not sure how to exclude the empty parameters.我不确定如何排除空参数。

Below is the form for the search:以下是搜索表格：

<form>
  <div class="form-group">
    <div class="col-sm-2">
      <label for="Author" class="control-label">Author</label>
    </div>
    <div class="col-sm-10">
      <input type="text" class="form-control" id="author" placeholder="Author" name="author">
    </div>
  </div>
  <div class="form-group has-feedback">
    <div class="col-sm-2">
      <label for="isbn" class="control-label">ISBN</label>
    </div>
    <div class="col-sm-10">
      <input type="text" class="form-control" id="isbn" placeholder="ISBN" name="isbn">
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-2">
      <label for="genre" class="control-label">Genre</label>
    </div>
    <div class="col-sm-10">
      <input type="text" class="form-control" id="genre" placeholder="Genre" name="genre">
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-2">
      <label for="tags" class="control-label">Tags</label>
    </div>
    <div class="col-sm-10">
      <input type="text" class="form-control" id="tags" placeholder="Tags" name="tags">
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-2">
      <label for="location" class="control-label">Location</label>
    </div>
    <div class="col-sm-10">
      <input type="text" class="form-control" id="location" placeholder="Location" name="location">
    </div>
  </div>

  <div class="form-group">
    <div class="col-sm-offset-2 col-sm-10">
      <button type="submit" name="AdvancedSearch" value="Search" class="btn btn-block btn-lg btn-primary">Search</button>

    </div>
  </div>
</form>

Below is the query:下面是查询：

$sql = "select *
          from Book_info
          where user_id=$u_id
            AND title like '%$_REQUEST[title]%'
            AND location like '%$_REQUEST[location]%'
            AND author like '%$_REQUEST[author]%'
            AND tags like '%$_REQUEST[tags]%'
            AND genre like '%$_REQUEST[genre]%'
             OR ISBN='$_REQUEST[isbn]'";

Answer 1

First of all, I feel I should make a comment about preferring prepared statements over injecting request values directly into a query string.首先，我觉得我应该评论一下，更喜欢准备好的语句而不是将请求值直接注入到查询字符串中。

The simplest solution to your issue would be something like this:您的问题的最简单解决方案是这样的：

<?php

$sql="select * from Book_info where user_id=$u_id";

$title = $_REQUEST['title'];
$location = $_REQUEST['location'];

if($title != null) {
    $sql .= " AND title like '%$title%'"; 
}

if($location != null) {
    $sql .= " AND location like '%$location%'";
}

//and so on...

the idea being that you check if the value is null, and then append a new where clause to your query so long as the value is not null (or empty or whatever other predicates you want to add).这个想法是你检查值是否为空，然后在你的查询中附加一个新的 where 子句，只要该值不为空（或空或任何其他你想添加的谓词）。

高级搜索 PHP、MySQL

问题描述

1 个解决方案

解决方案1
0 已采纳 2016-03-30 01:54:58

高级搜索 PHP、MySQL

问题描述

1 个解决方案

解决方案1 0 已采纳 2016-03-30 01:54:58

解决方案1
0 已采纳 2016-03-30 01:54:58