PHP的选择*哪里像 [英] Php select * where like

问题描述

您好，我正在尝试搜索某个网站.它有2个输入信息，一个是下拉菜单.

Hi I am trying to get a search working for a site. It has 2 inputs for taking in info, one is a dropdown.

<div id="search">
<form action="projectsearchall.php" method="post" enctype="multipart/form-data">
<h3>Search for an Item</h3>

<p>Keywords</p><p><input name="keywords" type="text" value="keywords"></p>


<p>Select A Location</p><p>

<select name="location" id="jumpMenu">
 <option>Any Location</option>
 <option>Antrim</option>
 <option>Armagh</option>
 <option>Carlow</option>
 <option>Cavan</option>


</select>
</p>
<p>

</form>
</div>

我似乎无法弄清楚如何组合这两个输入来得出结果，我可以单独完成它，但是不能一起工作以获得更准确的结果.

I cannot seem to figure out how to combine the 2 inputs to give a result, I can do it separately, but not working together to get a more accurate result.

php

$keywords = $_POST['keywords'];
$keylocation =$_POST['location'];
$username = $_SESSION['username'];

   //MySQL Database Connect
 include 'connect.php';
 //make sql query

$result = mysqli_query($con,"SELECT * FROM projectitem where description  like '%$keywords%'  or item like '%$keywords%' or location like '%$keywords%'");

提前谢谢！

推荐答案

我认为您可以在运行查询之前进行一些预处理.

I think you may do some preprocessing, before running your query.

首先，您需要为选择选项提供某种值以供检查.

First off, you need to give your select options some sort of value to check against.

我不知道您的确切数据库结构，但是假设您正在使用选择的文本，则可能要尝试以下操作:

I don't know your exact database structure, but assuming that you're working with the select texts, you may want to try this:

$query = "SELECT * FROM projectitem WHERE (description LIKE '%$keywords%' OR item LIKE '%$keywords%')";

这是您的基本查询，现在运行它将查询关键字，但没有位置.

This is your base query and running it right now will check against the keywords, but no location.

if($keylocation != "Any location") $query .= " AND location = '$keylocation'";

最后一行将位置添加为查询的附加过滤器.运行它，看看它能做什么. (尽管我不确定那里的字符串比较)

This last line will add the location as additional filter to your query. Run it, and see what it does. (I'm not sure about the string comparison there though)

是的，最后的建议是:确保通过转义功能mysqli_escape_string运行输入.否则，您将开始接受SQL注入.

Ah yes, as a final advice: Be sure to run your input through the escape function mysqli_escape_string. Otherwise you're opening yourself to SQL injections.

这篇关于PHP的选择*哪里像的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！