0

大家好,你能指出我的错误吗:(我想对我的页面进行多列搜索:所以我的脚本是这样的:

<?
$search=$_GET['s'];

$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or ' order by seriq asc ";
?>

想要按价格范围进行搜索,所以我创建了这个:

<?
$search=$_GET['s'];
$pricemin=$_GET['min'];
$pricemax=$_GET['max'];
$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or 'seriq' BETWEEN '$pricemin' and '$pricemax'  order by seriq asc ";
?>

在这种情况下如何替换它?我看一些其他人为搜索引擎编写代码,他们使用(SELECT * FROM table WHERE Table1 LIKE '%$table1%' AND Table2 LIKE '%$table2%' AND Price BETWEEN '%$min%','%$max%'"); 但它不适用于我的;(请帮助

4

2 回答 2

0

用于BETWEEN按价格范围过滤您的结果集,如下所示

$query="SELECT * FROM `filmi` 
         WHERE (`nomer` RLIKE '$search' OR 
                `rezume` RLIKE '$search' OR 
                `kategoriq` RLIKE '$search') AND 
                `seriq` BETWEEN '$pricemin' AND '$pricemax'  
         ORDER BY seriq";

这是sqlfiddle

正如@cryptic 建议的那样,考虑使用带有mysqli_*或的准备好的语句PDO

UPDATE3:这就是您如何在您的情况下使用准备好的语句,mysqli并可以仅按关键字、按关键字和价格范围或仅按价格范围进行搜索:

$stype = 0;
if (isset($_GET['s']) && $_GET['s']){
    $search=$_GET['s'];
    $stype += 1;
}
if (isset($_GET['min']) && $_GET['min'] && 
    isset($_GET['max']) && $_GET['max']){
    $pricemin=$_GET['min'];
    $pricemax=$_GET['max'];
    $stype +=2;
}
if (!$stype) {
    echo "Required parameter(s) missing.";
    exit;
}
/* connect to the database*/
$db = new mysqli("localhost", "user", "password", "dbname");
/* check connection */
if ($db->connect_errno) {
    echo "Connection failed: " . $db->connect_error;
    exit();
}
$query="SELECT * FROM `filmi` WHERE ";
if ($stype == 1) {
    $query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) ";
} elseif ($stype == 2) {
    $query .= " `seriq` BETWEEN ? AND ? ";
} elseif ($stype == 3) {
    $query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) AND `seriq` BETWEEN ? AND ?";
}
$query .= " ORDER BY seriq";
/* create a prepared statement */
if (!$stmt = $db->prepare($query)) {
    //handle error here;
    echo "Error preparing statement.";
    exit;
}
/* bind parameters for markers */
if ($stype == 1) {
    $stmt->bind_param("sss", $search, $search, $search);
} elseif ($stype == 2) {
    $stmt->bind_param("dd", $pricemin, $pricemax);
} elseif ($stype == 3) {
    $stmt->bind_param("sssdd", $search, $search, $search, $pricemin, $pricemax);
}
/* execute query */
$stmt->execute();
/* get result */
$result = $stmt->get_result();
if ($result) {
/* now you can fetch the results into an assoc array */
    while ($row = $result->fetch_assoc()) {
        echo $row['nomer']. ", " .$row['rezume']. ", " .$row['kategoriq']. ", " .$row['seriq']. "<br>";
    }
}
/* close statement */
$stmt->close();
/* close db connection */
$db->close();
于 2013-02-16T00:41:03.873 回答
0

查询(忽略 SQL 注入):

SELECT * FROM table 
WHERE field1 LIKE '%$table1%' 
AND field2 LIKE '%$table2%' 
AND Price BETWEEN 'val3' AND 'val2'

您不能使用BETWEEN进行like比较。

于 2013-02-16T00:43:13.487 回答