1

我拥有的 Mysqli 代码没有显示成功搜索的结果。该查询在语句方面是正确的,因为这是在 MYSQL 中测试的。但是当尝试使用 mysqli 时,我似乎无法在成功搜索后显示结果。我究竟做错了什么?在进行错误报告时我没有收到任何错误,并且查询中没有拼写错误。我不知道是不是因为查询需要在循环之外,或者我错误地绑定了参数或类似的东西,但是代码曾经在旧的 mysql 代码中工作,但我无法让它在 mysqli 中工作(不能由于我的 PHP 版本,使用 PDO)

应用程序的 URL 在这里。如果您输入“AAD”,它会说它找不到任何结果,而实际上它应该这样做,因为数据库中有 5 行包含术语“AAD”

下面是表单代码:

<form action="previousquestions.php" method="get">
      <p>Search: <input type="text" name="questioncontent" value="<?php echo $questioncontent; ?>" onchange="return trim(this)" /></p>
      <p><input id="searchquestion" name="searchQuestion" type="submit" value="Search" /></p>
      </form>

下面是整个 mysqli 代码及其注释

//Get terms entered in the textbox    
$questioncontent = (isset($_GET['questioncontent'])) ? $_GET['questioncontent'] : '';

$searchquestion = $questioncontent;
$terms = explode(" ", $searchquestion);

//Start of query      
$questionquery = "
SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType,
FROM Answer an 
INNER JOIN Question q ON q.AnswerId = an.AnswerId
JOIN Reply r ON q.ReplyId = r.ReplyId 
JOIN Option_Table o ON q.OptionId = o.OptionId 

WHERE ";

$i=0;
//loop through each term
foreach ($terms as &$each) { 
$each = '%'.$each.'%';    
$i++;         

//if only 1 term entered then perform this LIKE statement       
if ($i == 1){         
$questionquery .= "q.QuestionContent LIKE ? ";     
} else {     
//If more than 1 term then add an OR statement    
$questionquery .= "OR q.QuestionContent LIKE ? ";    
} 
}  
//group terms by terms entered in chronilogical order                
$questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY "; $i = 0; foreach ($terms as $each) {     
$i++;      

//if multiple terms, then display results that contains all terms first, then start displaying other results by knocking off 1 term at a time                    
if ($i != 1)         
$questionquery .= "+";     
$questionquery .= "IF(q.QuestionContent LIKE ? ,1,0)"; 
} 

$questionquery .= " DESC "; 

//bind the parameters by the amount of terms there are      
$types = "";
for($i = 0; $i<sizeof($terms); $i++) {
$types .= "s";
}

//merge the parameters and the terms    
$eachterms = array_merge( array($types), $terms);

//prepare quert    
$stmt=$mysqli->prepare($questionquery);
//in array call all the parameters and its terms      
call_user_func_array(array($stmt, 'bind_param'), $eachterms);
//execute terms 
$stmt->execute();
//bind the result
$stmt->bind_result($dbQuestionContent); 


//display the results of the successful search
$output = "";
$output .= "
<table border='1' id='resulttbl'>
<tr>
<th class='questionth'>Question</th>
</tr>
";
while ($stmt->fetch()) {
$output .= "
<tr>
<td class='questiontd'>{$dbQuestionContent['QuestionContent']}</td>
</tr>";
}
$output .= "        </table>";

echo $output;

}
4

2 回答 2

1

此错误消息的原因$stmt是不是MySQLi_Stmt对象。原因是您传递给$mysqli->prepare.

"… q.QuestionContent LIKE '%'.$each.'%' "

这会导致类似:

… q.QuestionContent LIKE '%'.<value of each>.'%'

这里的问题:.不是 MySQL 中的字符串连接运算符(您需要使用+),并且$each可能不是正确引用的 MySQL 字符串声明,因此它会导致有效的表达式。

除此之外,将数据直接插入到您的语句中,您破坏了使用准备好的语句的主要原因之一:将命令和数据彼此分开,以便数据不会被误解为命令(即 SQL 注入)。

因此,不要直接插入字符串值,?而是放置 a 。然后准备语句并将参数绑定到它以执行:

$questionquery = "
SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType,
FROM Answer an 
INNER JOIN Question q ON q.AnswerId = an.AnswerId
JOIN Reply r ON q.ReplyId = r.ReplyId 
JOIN Option_Table o ON q.OptionId = o.OptionId 

WHERE ";

$paramTypes = '';
$params = array();
$i=0;
//loop through each term
foreach ($terms as $each) {
    $i++;
    //if only 1 term entered then perform this LIKE statement
    if ($i == 1){
        $questionquery .= "q.QuestionContent LIKE ? ";
    } else {
        //If more than 1 term then add an OR statement
        $questionquery .= "OR q.QuestionContent LIKE ? ";
    }
    $params[] = "%$each%";
    $paramTypes .= "s";
}  
//group terms by terms entered in chronilogical order                
$questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY ";
$i = 0;
foreach ($terms as $each) {
    $i++;
    //if multiple terms, then display results that contains all terms first, then start displaying other results by knocking off 1 term at a time
    if ($i != 1) $questionquery .= "+";
    $questionquery .= "IF(q.QuestionContent LIKE ? ,1,0)";
    $params[] = "%$each%";
    $paramTypes .= "s"
}
$questionquery .= " DESC ";

//prepare query
$stmt=$mysqli->prepare($questionquery);
//bind parameters
call_user_func_array(array($stmt, 'bind_params'), array_merge(array($paramTypes), $params));
//execute query
$stmt->execute();

哦,又一次:你真的应该看看全文搜索。它可以使整个手动查询构建过时:

… WHERE MATCH (q.QuestionContent) AGAINST ("search terms" IN NATURAL LANGUAGE MODE)
于 2012-06-24T14:14:21.200 回答
0

更改语句:

$questionquery .= "IF(q.QuestionContent LIKE '%'.$each.'%' ,1,0)";
$questionquery .= "q.QuestionContent LIKE '%'.$each.'%' ";
$questionquery .= "OR q.QuestionContent LIKE '%'.$each.'%' ";

对此(分别):

$questionquery .= "IF(q.QuestionContent LIKE '%" . $each . "%' ,1,0)";
$questionquery .= "q.QuestionContent LIKE '%" . $each . "%' ";
$questionquery .= "OR q.QuestionContent LIKE '%" . $each . "%' ";

另外,我认为您需要为您的$stmt变量执行此操作:

$stmt = $mysqli->stmt_init();
$stmt->prepare($questionquery);
//execute query
$stmt->execute();
于 2012-06-24T13:34:27.007 回答