在MySQL數據庫中搜索多列的特定語法？

Question

我正在為所有學生和相關信息創建一個可搜索的數據庫（用於涉及管理iPad部署的較大項目）。 該數據庫有7列：

• 名字
• 姓
• 身份證號
• 年級
• grad_year
• student_email
• DOB

我需要做的是，如果輸入匹配該行中的任何值，則返回整行。

我正在使用的PHP是：

<?php 
$conn = mysql_connect ("localhost", "blmrvftl_ipdb", "ipad-db") or die ('I cannot connect to the database because: ' . mysql_error()); 
$selected = mysql_select_db ("blmrvftl_ipdb") 
or die ("Could not select database because: " . mysql_error()); 


// PHP Search Script 

$sql = "select * from phonebook, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."'";
//$sql = "select * from student_database, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."' or grade = '". $_GET['seek'] ."' or grad_year = '". $_GET['seek'] ."' or student_email = '". $_GET['seek'] ."' or dob = '". $_GET['seek'] ."'"; 
// $sql = "select * from student_database, where first_name = '".$_POST['seek']."' or last_name = '". $_POST['seek'] ."' or id_number = '". $_POST['seek'] ."' or grade = '". $_POST['seek'] ."' or grad_year = '". $_POST['seek'] ."' or student_email = '". $_POST['seek'] ."' or dob = '". $_POST['seek'] ."'";
$result = mysql_query($sql,$conn)or die (mysql_error()); 


if (mysql_num_rows($result)==0){ 
echo "No Match Found"; 
}else{ 
while ($row = mysql_fetch_array($result)){ 
echo "Name: " .$row['first_name']." ".$row["last_name"]."<br>"; 
echo "Student ID: ".$row['id_number']."<br>"; 
// echo "Department: ".$row['department_name']."<br>"; 
// echo "Directorate: ".$row['directorate_name']."<br>"; 
//echo "Site: ".$row['site_name']."<br>"; 
//echo "Phone #: ".$row['pb_tel_ext']."<br>"; 
//echo "Email Address: ".$row['pb_email_address']."<br>"; 
echo "<br>"; 
echo "---------------------------------------------------------------------"."<br>"; 
} 
} 

mysql_close(); 
?>

我遇到的問題是我無法完全獲得正確的格式來搜索所有列。 （未注釋的$ sql行是我從該網站搶走的這段代碼的原始版本的修改后的版本。）我得到的錯誤是：

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where first_name = 'Elliott' or last_name = 'Elliott' or id_number = 'Elliott'' at line 1

Answer 1

我知道，當您開始開發時，您不希望事情變得太復雜，而您最關心的就是安全性。

但請始終牢記

• Facebook首先從像您一樣的容易入侵的學生數據庫中竊取的圖片開始（有趣的事實）

• 切勿從未經過濾的用戶輸入中構建SQL腳本

• 不再使用mysql_ *適配器，它正在棄用過程中。

改用mysqli或pdo_mysql。 對於初學者而言，准備好的語句是有關輸入轉義的最佳選擇。

http://www.php.net/manual/de/book.mysqli.php

http://www.php.net/manual/de/ref.pdo-mysql.php

現在關於您的問題，基本SELECT語句的SQL語法是

SELECT
     fields
FROM
     table
WHERE
     field1 = 'filter1'
     AND
     field2 = 'filter2'

表格后沒有逗號

Answer 2

您有一個流氓逗號：

select * from phonebook, where

應該

select * from phonebook where

除此之外，應該可以工作-乍一看看起來還可以。

Answer 3

刪除您的查詢並將其粘貼

$sql = "select * from phonebook
        where first_name = '".$_GET['seek']."' 
        or last_name = '". $_GET['seek'] ."' 
        or id_number = '". $_GET['seek'] ."'";

Answer 4

  <?php
  $submit=$_GET['submit'];

  $q1= "SELECT * FROM rent_page WHERE (local LIKE '%$submit%')";
  $r1 = mysql_query($q1);
  $num=mysql_num_rows($r1);
  if($num>0){     

  while($row=mysql_fetch_array($r1)){

  //$row=mysql_fetch_array($r);

  $_SESSION['nid']=$row['nid'];


    ?>


       <div class="prod_box" >
    <div class="top_prod_box" style="float:right; width:100%;"></div>
    <div class="center_prod_box" style="float:right; width:100%;">
      <div class="product_title" style="padding-top:20px; padding-bottom:2px;"><a href style="text-decoration:none; "="index.php"><b style="font-size:16px; color:red; "><?php echo $row['select_city']; ?></b></a></div>


      <div class="product_img" style="padding-top:2px; padding-bottom:2px;>
      <a href="index.php?nid=<?php echo $row['nid']; ?>" >

      <img width="90%" height="150px" src="uploads/<?php echo $row['image']; ?>" alt="" border="0" />

      </a>
      </div>
      <div class="product_title" style="padding-top:1px; padding-bottom:1px;> <span class="price">Location:<?php echo $row['local']; ?></span></div>
      <div class="prod_price" style="padding-top:1px; padding-bottom:1px;>  <span class="price">Minimum Price: <?php echo $row['minimum']; ?></span></div>
    </div>
    <div class="bottom_prod_box" style="padding-top:1px; padding-bottom:1px;><span class="price">Maximum Price: <?php echo $row['maximum']; ?></span></div>
    <div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Building Floor: <?php echo $row['name_of_floor']; ?></span></div>
  <div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Posted By. <?php echo $row['opt']; ?></span></div>



  </div>


      <?php

    }
    }else{

        echo "Sorry invalid product";}


  ?>