0

我无法让我的网站的“高级搜索”功能正常工作。本质上,它是对音乐家的高级搜索(城市、姓名成员、按文本框的 zip 和按复选框的流派)。这是“高级搜索”php页面上的代码...

<form method="post" action="advsearchresults.php">
<div class="control-group">
    <div class="controls span4">
    <label>City</label>
        <input type="text" name="advCity" placeholder="Ex: San Marcos..." />
    <label>Zip Code</label>
    <input type="text" name="advZip" placeholder="Ex: 78666..." />
    <label>Band Name</label>
        <input type="text" name="advBand" placeholder="Ex: Catchy Band Name..." />
    <label>Band Member Name</label>
        <input type="text" name="advMember" placeholder="Ex: Steve Stevenson..." />
</div>
<div class="controls span2"><br/><br/><br/>
    <label class="checkbox">
        <input type="checkbox" name="check_list[]" value="Blues"> Blues
    </label>
    <label class="checkbox">
        <input type="checkbox" name="check_list[]" value="Classical"> Classical
    </label>
    <label class="checkbox">
        <input type="checkbox" name="check_list[]" value="Comedy"> Comedy
    </label>
    <label class="checkbox">
    <input type="checkbox" name="check_list[]" value="Country"> Country
    </label>
    ...
    ...
    </div>
    <div class="span12">
        <center>
        <input type="submit" class="btn btn-info" value=" Advanced Search ">
    </div>
    ...

这是“高级搜索结果”页面...

...
<?php
$advCity = $_POST['advCity'];
$advZip = $_POST['advZip'];
$advBand = $_POST['advBand'];
$advMember = $_POST['advMember'];
$check = $_POST['check_list'];
?>
...

<?php
if(isset($_POST['check_list']) && is_array($_POST['check_list'])){
    foreach($_POST['check_list'] as $check) {
        $genreQuery = "SELECT profile.PROFILE_GENRE, profile.PROFILE_BANDNAME
        FROM profile INNER JOIN band ON profile.PROFILE_PROFILEID = band.BAND_PROFILEID
        INNER JOIN bandmember ON band.BAND_BANDID = bandmember.BANDMEMBER_BANDID
        WHERE band.BAND_CITY = '$advCity' OR profile.PROFILE_GENRE = '$check' 
        OR band.BAND_ZIP = '$advZip' OR profile.PROFILE_BANDNAME = '$advBand' 
        OR bandmember.BANDMEMBER_NAME = '$advMember'";              
    $result = mysql_query($genreQuery) OR die(mysql_error());
    $num=mysql_numrows($result);
    mysql_close();
if ($num > 0){
    ?>
    <table class="table table-hover span8" method="post" action="bandpage.php">
    <thead>
    <tr>
        <th>Genre</th>
        <th>Band Name</th>
    </tr>
    </thead>
    <?php
        $i = 0;
        while ($i < $num) {
            $GENRE = mysql_result($result,$i,"profile.PROFILE_GENRE");
            $BANDNAME = mysql_result($result,$i,"profile.PROFILE_BANDNAME");
    ?>
    <tbody>
    <tr>
    <td><?php echo $GENRE; ?></td>
    <td><a href="bandpage.php" name="band"><?php echo $BANDNAME; ?>
    </a></td></tr</tbody>
    <?php
        $i++;               
        }
        }
else {
?>  
    <table class="table span8">
    <thead>
        <tr>
        <th>No musicians available for the city: <?php echo $advCity ?></th>
        </tr>
    </thead>
    </table>
<?php
    }
    }
    }
?>

搜索结果根本不显示,而是显示随机表数据。任何帮助深表感谢!

格式化的 SQL:

SELECT
    profile.PROFILE_GENRE,
    profile.PROFILE_BANDNAME
FROM
    profile
    INNER JOIN band       ON profile.PROFILE_PROFILEID = band.BAND_PROFILEID
    INNER JOIN bandmember ON band.BAND_BANDID          = bandmember.BANDMEMBER_BANDID
WHERE
    band.BAND_CITY             = '$advCity' OR
    profile.PROFILE_GENRE      = '$check' OR
    band.BAND_ZIP              = '$advZip' OR
    profile.PROFILE_BANDNAME   = '$advBand' OR
    bandmember.BANDMEMBER_NAME = '$advMember'
4

1 回答 1

2

您的 SQL 正在执行所有谓词,而不管它们是否被设置,因此如果用户没有明确提供值,$advBand那么它将具有""(空字符串)的值,该值仍将包含在您的查询中。因为是可交换的,所以将返回OR任何具有空值的行。PROFILE_BANDNAME

有两种可能的解决方案:手动添加谓词的“动态 SQL”,或者为每个谓词添加保护表达式。动态 SQL 可能容易出错,因此向 WHERE 添加表达式可能更容易,它应该如下所示:

(此示例使用 MySQL 特定的field > ''语法,这是一种快速执行“不是 null 或空”值比较的方法,它还使用 MySQL 参数。

WHERE
    (:advCity   > '' AND band.BAND_CITY             = :advCity   ) OR
    (:check     > '' AND profile.PROFILE_GENRE      = :check     ) OR
    (:advZip    > '' AND band.BAND_ZIP              = :advZip    ) OR
    (:advBand   > '' AND profile.PROFILE_BANDNAME   = :advBand   ) OR
    (:advMember > '' AND bandmember.BANDMEMBER_NAME = :advMember )

修改 PHP 的其余部分以使用 MySQL 参数是读者的练习 :)

于 2013-03-20T22:07:58.697 回答