[英]Multiple search query php
我有一個擁有標題的數據庫
Titles
Celeste from the moon
Sweet Dreams Tomorrow
Time machine from past
現在,當我對關鍵字進行搜索查詢時,說“'celeste from'”,那么它將向我顯示我想要的東西,即從月球來的Celeste。 但是,如果我將查詢更改為'celeste the moon',則顯示無結果。
這是我的查詢腳本
if(!empty($_REQUEST['string']))
{
$search_string = " title LIKE %".mysql_real_escape_string($_REQUEST["string"])."%'";
$query = mysql_query("SELECT * FROM products WHERE ".$search_string);
$row = mysql_num_rows($query) or die(mysql_error());
$row = $row;
$cur_page = $_GET['page'];
$cur_page = ($cur_page < 1)? 1 : $cur_page;
$offset = ($cur_page-1)*$per_page;
$pages = ceil($row/$per_page);
$start = (($cur_page - $num_links) > 0) ? ($cur_page - ($num_links - 1)) : 1;
$end = (($cur_page + $num_links) < $pages) ? ($cur_page + $num_links) : $pages;
$res = mysql_query("SELECT * FROM products WHERE ".$search_string." ORDER BY title LIMIT ".$per_page." OFFSET ".$offset);
while($row=mysql_fetch_array($res))
{
include ('include/form.php');
}
}
我嘗試了各種方法,但無法獲得預期的結果。
首先,您分割搜索字符串
$words = explode(' ',$_REQUEST['string']);
然后在選擇中使用OR操作
$query='SELECT * FROM `products` WHERE `title` LIKE ';
foreach($words as $key=> value){
$query.='"%'.$value.'%" OR';
}
$query=rtrim($string, "OR");
$query.='ORDER BY title LIMIT '.$per_page.' OFFSET '.$offset;
include 'include/common.php';
while($row=mysql_fetch_array(mysql_query($query))) {
include ('include/form.php');
}
您使用mysqli代替mysql函數的Nex時間
問題是您的查詢查找您輸入的確切文本。 因此,如果您輸入Celeste the moon
,它將查找包含該短語的文本。 WHERE x LIKE '%foo bar%'
意思是“查找其中x恰好包含foo bar
的行,但是在它之前或之后還有其他內容是可以的。
您需要按照Shidil的建議將其分解,但是您需要對查詢的每個部分進行轉義。 Shidil的代碼存在一些邏輯錯誤,並且不安全。 因此,例如(Shidil代碼的修改,更正和更安全的版本):
$words = explode(' ',$_REQUEST['string']); // split up the input
$query='SELECT * FROM `products` WHERE '; // first part of the query
foreach($words as $key=> value) {
/* Build the WHERE clause
Note that you need `title` LIKE for each term, and each term
needs to be run through mysql_real_escape_string() */
$query.='`title` LIKE "%'.mysql_real_escape_string($value).'%" OR';
}
// Strip the last "OR"
$query=rtrim($string, "OR");
/* You don't show where $per_page or $offset came from.
If they are user input (even a drop-down or something), you MUST
validate them; otherwise, you will have a SQL injection vulnerability */
$query.=' ORDER BY title LIMIT '.$per_page.' OFFSET '.$offset;
include 'include/common.php';
/* don't put mysql_query() in the while(); it will run the query over and over,
but you'll just keep getting the first row over and over */
$result = mysql_query($query);
while($row=mysql_fetch_array($result)) {
include ('include/form.php');
}
就像每個人都指出的那樣: 不要使用mysql_*
; mysql_*
函數已過時, 過時和不安全。 改用MySQLi
或PDO
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.