SQL选择where子句问题 [英] Sql select where clause issue
问题描述
希望有人可以帮助这推动我前进.
Hope someone can help this is driving me made.
有人可以告诉我此选择有什么问题吗,它目前可以正确搜索,但它检查的是图库"中的每个结果,而不仅仅是类别:夏季"和状态:已使用"中的结果.
Can anybody tell me what is wrong with this select, It currently does the search properly but it checks every result in "Galleries" rather than just the ones in "category: summer" and "Status: used".
因此,我要执行的操作是仅在关键字夏季"和状态已使用"中搜索关键字($ find).任何想法,我需要做什么. 大声笑生病在这一点上.强调:)
So what i want it to do is search for the keywords ($find) only if they are in category "summer" and Status "used". Any ideas what i need to do. Lol ill take anything at this point. stressed :)
$result = mysql_query("
SELECT
Gallery_URL,
Thumbnail_URL,
Nickname,
Description
FROM Galleries
WHERE
Category = 'summer'
AND Status = 'Used'
AND Nickname LIKE '%$find1%'
OR Nickname LIKE '%$find2%'
OR Nickname LIKE '%$find3%'
OR Description LIKE '%$find1%'
OR Description LIKE '% $find2%'
OR Description LIKE '%$find3%'
LIMIT 0 , 10");
推荐答案
您正在短路AND
和OR
运算符.尝试通过将OR
放在一个组中来隔离它们,
You are shortcircuiting the AND
and OR
operators. Try to isolate the OR
by placing them in a group,
SELECT Gallery_URL,
Thumbnail_URL,
Nickname,
Description
FROM Galleries
WHERE Category = 'summer' AND
Status = 'Used' AND
(
Nickname LIKE '%$find1%' OR
Nickname LIKE '%$find2%' OR
Nickname LIKE '%$find3%' OR
Description LIKE '%$find1%' OR
Description LIKE '% $find2%' OR
Description LIKE '%$find3%'
)
LIMIT 0 , 10
作为一个附带说明,如果值( s)是 SQL Injection
,则该查询容易受到攻击)的变量来自外部.请查看下面的文章,以了解如何防止这种情况的发生.通过使用PreparedStatements
,您可以避免在值周围使用单引号.
As a sidenote, the query is vulnerable with SQL Injection
if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements
you can get rid of using single quotes around values.
这篇关于SQL选择where子句问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!