1

您好我正在尝试在我的数据表服务器端处理文件中添加自定义 WHERE 子句。我设法让它在页面加载时工作,但在过滤后它会忽略 where 子句并返回所有结果。

代码:

$sWhere = "WHERE customers_id= ".$customersId;
if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
{
    $sWhere = "WHERE (";
    for ( $i=0 ; $i<count($aColumns) ; $i++ )
    {
        if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" )
        {
            $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
        }
    }
    $sWhere = substr_replace( $sWhere, "", -3 );
    $sWhere .= ')';
}

/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
    if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
    {
        if ( $sWhere == "" )
        {
            $sWhere = "WHERE ";
        }
        else
        {
            $sWhere .= " AND ";
        }
        $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
    }
}

我不知道在哪里添加其他 WHERE 子句,以便它在被过滤时也能工作。

4

3 回答 3

2

删除第一行并将其添加到末尾(在ifand之后for):

$sWhere .= ($sWhere ? ' AND ' : ' WHERE ') . 'customers_id = ' . $customersId;
于 2012-07-07T00:12:00.053 回答
0

最终解决它是解决方案:

$sWhere = "WHERE customers_id=".$customersId;
if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
{
    $sWhere = "WHERE (";
    for ( $i=0 ; $i<count($aColumns) ; $i++ )
    {
        if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" )
        {
            $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
        }
    }
    $sWhere = substr_replace( $sWhere, "", -3 );
    $sWhere .= ') AND customers_id='.$customersId;
    //var_dump($sWhere);
}

仅在这两个位置需要该代码

于 2012-07-07T05:47:28.590 回答
0

试试这个

/* LINE 86
    $sWhere = "";
        if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
        {
                $sWhere = "WHERE (";
                for ( $i=0 ; $i<count($aColumns) ; $i++ )
                {
                        $sWhere .= $aColumns[$i]." LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
                }
                $sWhere = substr_replace( $sWhere, "", -3 );
                $sWhere .= " AND customer_id='".$_GET['customer_id']."'";
                $sWhere .= ')';
        }else{
                $sWhere = "WHERE customer_id='".$_GET['customer_id']."'";
        }

我希望这能解决你的目的。

于 2012-10-15T11:40:46.877 回答