PHP的选择*哪里像 [英] Php select * where like
问题描述
您好,我正在尝试搜索某个网站.它有2个输入信息,一个是下拉菜单.
Hi I am trying to get a search working for a site. It has 2 inputs for taking in info, one is a dropdown.
<div id="search">
<form action="projectsearchall.php" method="post" enctype="multipart/form-data">
<h3>Search for an Item</h3>
<p>Keywords</p><p><input name="keywords" type="text" value="keywords"></p>
<p>Select A Location</p><p>
<select name="location" id="jumpMenu">
<option>Any Location</option>
<option>Antrim</option>
<option>Armagh</option>
<option>Carlow</option>
<option>Cavan</option>
</select>
</p>
<p>
</form>
</div>
我似乎无法弄清楚如何组合这两个输入来得出结果,我可以单独完成它,但是不能一起工作以获得更准确的结果.
I cannot seem to figure out how to combine the 2 inputs to give a result, I can do it separately, but not working together to get a more accurate result.
php
$keywords = $_POST['keywords'];
$keylocation =$_POST['location'];
$username = $_SESSION['username'];
//MySQL Database Connect
include 'connect.php';
//make sql query
$result = mysqli_query($con,"SELECT * FROM projectitem where description like '%$keywords%' or item like '%$keywords%' or location like '%$keywords%'");
提前谢谢!
推荐答案
我认为您可以在运行查询之前进行一些预处理.
I think you may do some preprocessing, before running your query.
首先,您需要为选择选项提供某种值以供检查.
First off, you need to give your select options some sort of value to check against.
我不知道您的确切数据库结构,但是假设您正在使用选择的文本,则可能要尝试以下操作:
I don't know your exact database structure, but assuming that you're working with the select texts, you may want to try this:
$query = "SELECT * FROM projectitem WHERE (description LIKE '%$keywords%' OR item LIKE '%$keywords%')";
这是您的基本查询,现在运行它将查询关键字,但没有位置.
This is your base query and running it right now will check against the keywords, but no location.
if($keylocation != "Any location") $query .= " AND location = '$keylocation'";
最后一行将位置添加为查询的附加过滤器.运行它,看看它能做什么. (尽管我不确定那里的字符串比较)
This last line will add the location as additional filter to your query. Run it, and see what it does. (I'm not sure about the string comparison there though)
是的,最后的建议是:确保通过转义功能mysqli_escape_string
运行输入.否则,您将开始接受SQL注入.
Ah yes, as a final advice: Be sure to run your input through the escape function mysqli_escape_string
. Otherwise you're opening yourself to SQL injections.
这篇关于PHP的选择*哪里像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!