0

我正在创建一个包含所有学生和相关信息的可搜索数据库(用于涉及管理 iPad 部署的大型项目)。数据库有 7 列:

  • 身份证号码
  • 年级
  • 毕业年份
  • 学生邮箱
  • 出生日期

如果输入与行中的任何值匹配,我需要做的是返回整行。

我正在使用的 PHP 是:

<?php 
$conn = mysql_connect ("localhost", "blmrvftl_ipdb", "ipad-db") or die ('I cannot connect to the database because: ' . mysql_error()); 
$selected = mysql_select_db ("blmrvftl_ipdb") 
or die ("Could not select database because: " . mysql_error()); 


// PHP Search Script 

$sql = "select * from phonebook, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."'";
//$sql = "select * from student_database, where first_name = '".$_GET['seek']."' or last_name = '". $_GET['seek'] ."' or id_number = '". $_GET['seek'] ."' or grade = '". $_GET['seek'] ."' or grad_year = '". $_GET['seek'] ."' or student_email = '". $_GET['seek'] ."' or dob = '". $_GET['seek'] ."'"; 
// $sql = "select * from student_database, where first_name = '".$_POST['seek']."' or last_name = '". $_POST['seek'] ."' or id_number = '". $_POST['seek'] ."' or grade = '". $_POST['seek'] ."' or grad_year = '". $_POST['seek'] ."' or student_email = '". $_POST['seek'] ."' or dob = '". $_POST['seek'] ."'";
$result = mysql_query($sql,$conn)or die (mysql_error()); 


if (mysql_num_rows($result)==0){ 
echo "No Match Found"; 
}else{ 
while ($row = mysql_fetch_array($result)){ 
echo "Name: " .$row['first_name']." ".$row["last_name"]."<br>"; 
echo "Student ID: ".$row['id_number']."<br>"; 
// echo "Department: ".$row['department_name']."<br>"; 
// echo "Directorate: ".$row['directorate_name']."<br>"; 
//echo "Site: ".$row['site_name']."<br>"; 
//echo "Phone #: ".$row['pb_tel_ext']."<br>"; 
//echo "Email Address: ".$row['pb_email_address']."<br>"; 
echo "<br>"; 
echo "---------------------------------------------------------------------"."<br>"; 
} 
} 

mysql_close(); 
?>

我遇到的问题是我无法完全正确地获取格式来搜索所有列。(未注释的 $sql 行是我从网站抢夺这段代码的原始版本的修改版本。)我得到的错误是:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where first_name = 'Elliott' or last_name = 'Elliott' or id_number = 'Elliott'' at line 1
4

4 回答 4

1

我知道,当您开始开发时,您不希望事情变得过于复杂,并且您最不关心的是安全性。

但请始终牢记

  • Facebook 一开始是从一个容易被黑客入侵的学生数据库中窃取的图片,就像你的一样(有趣的事实)

  • 永远不要从未经过滤的用户输入构建 SQL 脚本

  • 不再使用 mysql_* 适配器,它处于弃用过程中。

请改用 mysqli 或 pdo_mysql。对于初学者来说,准备好的语句是输入转义的最佳选择。

http://www.php.net/manual/de/book.mysqli.php

http://www.php.net/manual/de/ref.pdo-mysql.php

现在关于您的问题,基本 SELECT 语句的 SQL 语法是

SELECT
     fields
FROM
     table
WHERE
     field1 = 'filter1'
     AND
     field2 = 'filter2'

表格后没有逗号

于 2012-11-22T09:12:00.593 回答
0

你有一个流氓逗号:

select * from phonebook, where

应该

select * from phonebook where

除此之外,应该工作 - 乍一看它看起来不错。

于 2012-11-22T09:00:31.250 回答
0

删除您的查询并粘贴此查询

$sql = "select * from phonebook
        where first_name = '".$_GET['seek']."' 
        or last_name = '". $_GET['seek'] ."' 
        or id_number = '". $_GET['seek'] ."'";
于 2012-11-22T09:04:54.747 回答
0
  <?php
  $submit=$_GET['submit'];

  $q1= "SELECT * FROM rent_page WHERE (local LIKE '%$submit%')";
  $r1 = mysql_query($q1);
  $num=mysql_num_rows($r1);
  if($num>0){     

  while($row=mysql_fetch_array($r1)){

  //$row=mysql_fetch_array($r);

  $_SESSION['nid']=$row['nid'];


    ?>


       <div class="prod_box" >
    <div class="top_prod_box" style="float:right; width:100%;"></div>
    <div class="center_prod_box" style="float:right; width:100%;">
      <div class="product_title" style="padding-top:20px; padding-bottom:2px;"><a href style="text-decoration:none; "="index.php"><b style="font-size:16px; color:red; "><?php echo $row['select_city']; ?></b></a></div>


      <div class="product_img" style="padding-top:2px; padding-bottom:2px;>
      <a href="index.php?nid=<?php echo $row['nid']; ?>" >

      <img width="90%" height="150px" src="uploads/<?php echo $row['image']; ?>" alt="" border="0" />

      </a>
      </div>
      <div class="product_title" style="padding-top:1px; padding-bottom:1px;> <span class="price">Location:<?php echo $row['local']; ?></span></div>
      <div class="prod_price" style="padding-top:1px; padding-bottom:1px;>  <span class="price">Minimum Price: <?php echo $row['minimum']; ?></span></div>
    </div>
    <div class="bottom_prod_box" style="padding-top:1px; padding-bottom:1px;><span class="price">Maximum Price: <?php echo $row['maximum']; ?></span></div>
    <div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Building Floor: <?php echo $row['name_of_floor']; ?></span></div>
  <div class="prod_details_tab" style="padding-top:1px; padding-bottom:1px;><span class="price">Posted By. <?php echo $row['opt']; ?></span></div>



  </div>


      <?php

    }
    }else{

        echo "Sorry invalid product";}


  ?>
于 2015-03-11T10:02:01.750 回答