mysql - Multiple WHERE in MySQL statement is giving me trouble

Question

I'm using CodeIgniter's db class to create the query.

The query ends up looking like this;

    SELECT `user_id`, `firstname`, `lastname`, `email`, `school_id`, `country_id`
    FROM (`users`)
    WHERE `user_id` != '1'
    AND `firstname` =  'thomas'
    OR `lastname` =  'thomas'
    OR `email` =  'thomas'
    OR `firstname` =  'jefferson'
    OR `lastname` =  'jefferson'
    OR `email` =  'jefferson'

In this case a user has searched for "thomas jefferson" and the user's own id is 1. So to make sure the user can't search for himself it checks so that the user_id isn't 1.

I know the query isn't that good but it works perfectly for what I need it for, as well as me being too lazy to do it correctly.

The PHP-code behind this all is

    $this->db->select('user_id, firstname, lastname, email, school_id, country_id')->from('users');
    $this->db->where('user_id !=', $this->session->userdata('user_id'));
    for ($i = 0; $i < count($searchQuery); $i++) {
        if ($i == 0) {
            $this->db->where('firstname', $searchQuery[$i])->or_where('lastname', $searchQuery[$i])->or_where('email', $searchQuery[$i]);
        } else {
            $this->db->or_where('firstname', $searchQuery[$i])->or_where('lastname', $searchQuery[$i])->or_where('email', $searchQuery[$i]);
        }
    }
    $this->db->limit(10);
    $query = $this->db->get();

I'm 99% positive that the

    WHERE `user_id` != '1'
    AND(<-- this) `firstname` = ...

is wrong but I can't seem to figure out a different way to do it.

score 1 · Accepted Answer

看一下sql server中的Operation Precedence。
在那里你会发现AND操作是在操作之前评估的OR。

这意味着您的查询首先评估AND：

user_id != '1' AND firstname = 'thomas'

接着

OR blablablablabla (the rest of the query)

为了使它正确，它就像这样：

   SELECT `user_id`, `firstname`, `lastname`, `email`, `school_id`, `country_id`
    FROM (`users`)
    WHERE `user_id` != '1'
    AND (`firstname` =  'thomas'
    OR `lastname` =  'thomas'
    OR `email` =  'thomas'
    OR `firstname` =  'jefferson'
    OR `lastname` =  'jefferson'
    OR `email` =  'jefferson')

score 1 · Accepted Answer

您必须以这种形式组织括号... SELECT user_id, firstname, lastname, email, school_id, country_id FROM ( users) WHERE user_id!= '1' AND( firstname= 'thomas' OR lastname= 'thomas' OR email= 'thomas' OR firstname= 'jefferson' OR lastname= '杰斐逊' OR email= '杰斐逊'）

score 0 · Accepted Answer

感谢您的回答！我通过这样做来修复它；

    $sql = "SELECT user_id, firstname, lastname, email, school_id, country_id FROM users WHERE user_id != " . $this->session->userdata('user_id');
    $firstname = array();
    $lastname = array();
    $email = array();

    foreach ( $searchQuery as $a )
    {
        if ( ! empty($a) )
        {
            $firstname[] = "'".$a."'";
            $lastname[] = "'".$a."'";
            $email[] = "'".$a."'";
        }
    }
    $firstname = implode(',', $firstname);
    $lastname = implode(',', $lastname);
    $email = implode(',', $email);

    $sql .= " AND(firstname IN($firstname) OR lastname IN($lastname) OR email IN($email))";

    $query = $this->db->query($sql);

编辑：刚刚注意到我还没有真正清除注射中的字符串

score 0 · Accepted Answer

像这样试试

SELECT `user_id`, `firstname`, `lastname`, `email`, `school_id`, `country_id`
FROM (`users`)
WHERE `user_id` != 1 
AND 
( `firstname` =  'thomas'
OR `lastname` =  'thomas'
OR `email` =  'thomas'
OR `firstname` =  'jefferson'
OR `lastname` =  'jefferson'
OR `email` =  'jefferson' )

mysql - Multiple WHERE in MySQL statement is giving me trouble

4 回答 4

Related

Reference