[英]Specific syntax to search multiple columns in a MySQL Database?
我正在為所有學生和相關信息創建一個可搜索的數據庫(用於涉及管理iPad部署的較大項目)。 該數據庫有7列:
我需要做的是,如果輸入匹配該行中的任何值,則返回整行。
我正在使用的PHP是:
<?php
$conn = mysql_connect ("localhost", "blmrvftl_ipdb", "ipad-db") or die ('I cannot connect to the database because: ' . mysql_error());
$selected = mysql_select_db ("blmrvftl_ipdb")
or die ("Could not select database because: " . mysql_error());
// PHP Search Script
$sql = "select * from phonebook, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."'";
//$sql = "select * from student_database, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."' or grade = '". $_GET['seek'] ."' or grad_year = '". $_GET['seek'] ."' or student_email = '". $_GET['seek'] ."' or dob = '". $_GET['seek'] ."'";
// $sql = "select * from student_database, where first_name = '".$_POST['seek']."' or last_name = '". $_POST['seek'] ."' or id_number = '". $_POST['seek'] ."' or grade = '". $_POST['seek'] ."' or grad_year = '". $_POST['seek'] ."' or student_email = '". $_POST['seek'] ."' or dob = '". $_POST['seek'] ."'";
$result = mysql_query($sql,$conn)or die (mysql_error());
if (mysql_num_rows($result)==0){
echo "No Match Found";
}else{
while ($row = mysql_fetch_array($result)){
echo "Name: " .$row['first_name']." ".$row["last_name"]."<br>";
echo "Student ID: ".$row['id_number']."<br>";
// echo "Department: ".$row['department_name']."<br>";
// echo "Directorate: ".$row['directorate_name']."<br>";
//echo "Site: ".$row['site_name']."<br>";
//echo "Phone #: ".$row['pb_tel_ext']."<br>";
//echo "Email Address: ".$row['pb_email_address']."<br>";
echo "<br>";
echo "---------------------------------------------------------------------"."<br>";
}
}
mysql_close();
?>
我遇到的問題是我無法完全獲得正確的格式來搜索所有列。 (未注釋的$ sql行是我從該網站搶走的這段代碼的原始版本的修改后的版本。)我得到的錯誤是:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where first_name = 'Elliott' or last_name = 'Elliott' or id_number = 'Elliott'' at line 1
我知道,當您開始開發時,您不希望事情變得太復雜,而您最關心的就是安全性。
但請始終牢記
Facebook首先從像您一樣的容易入侵的學生數據庫中竊取的圖片開始(有趣的事實)
切勿從未經過濾的用戶輸入中構建SQL腳本
改用mysqli或pdo_mysql。 對於初學者而言,准備好的語句是有關輸入轉義的最佳選擇。
http://www.php.net/manual/de/book.mysqli.php
http://www.php.net/manual/de/ref.pdo-mysql.php
現在關於您的問題,基本SELECT語句的SQL語法是
SELECT
fields
FROM
table
WHERE
field1 = 'filter1'
AND
field2 = 'filter2'
表格后沒有逗號
您有一個流氓逗號:
select * from phonebook, where
應該
select * from phonebook where
除此之外,應該可以工作-乍一看看起來還可以。
刪除您的查詢並將其粘貼
$sql = "select * from phonebook
where first_name = '".$_GET['seek']."'
or last_name = '". $_GET['seek'] ."'
or id_number = '". $_GET['seek'] ."'";
<?php
$submit=$_GET['submit'];
$q1= "SELECT * FROM rent_page WHERE (local LIKE '%$submit%')";
$r1 = mysql_query($q1);
$num=mysql_num_rows($r1);
if($num>0){
while($row=mysql_fetch_array($r1)){
//$row=mysql_fetch_array($r);
$_SESSION['nid']=$row['nid'];
?>
<div class="prod_box" >
<div class="top_prod_box" style="float:right; width:100%;"></div>
<div class="center_prod_box" style="float:right; width:100%;">
<div class="product_title" style="padding-top:20px; padding-bottom:2px;"><a href style="text-decoration:none; "="index.php"><b style="font-size:16px; color:red; "><?php echo $row['select_city']; ?></b></a></div>
<div class="product_img" style="padding-top:2px; padding-bottom:2px;>
<a href="index.php?nid=<?php echo $row['nid']; ?>" >
<img width="90%" height="150px" src="uploads/<?php echo $row['image']; ?>" alt="" border="0" />
</a>
</div>
<div class="product_title" style="padding-top:1px; padding-bottom:1px;> <span class="price">Location:<?php echo $row['local']; ?></span></div>
<div class="prod_price" style="padding-top:1px; padding-bottom:1px;> <span class="price">Minimum Price: <?php echo $row['minimum']; ?></span></div>
</div>
<div class="bottom_prod_box" style="padding-top:1px; padding-bottom:1px;><span class="price">Maximum Price: <?php echo $row['maximum']; ?></span></div>
<div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Building Floor: <?php echo $row['name_of_floor']; ?></span></div>
<div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Posted By. <?php echo $row['opt']; ?></span></div>
</div>
<?php
}
}else{
echo "Sorry invalid product";}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.