MySQL Like 查询只识别数据库中的第一个单词
MySQL Like query not recognising anything but first word in database
基本上,我尝试使用 $gen 变量将用户查询与存储在描述音乐流派的数据库中的字符串相匹配。我的问题是,如果类型是 Indie/Pop 并且用户 selects Indie 作为搜索查询,事件将显示。如果他们 select Pop 事件不显示。
这是我查询数据库的方式。
$sql="SELECT * FROM $tab WHERE genre LIKE '$gen%'AND dateForm = '$datepicker'";
一如既往地感谢您的帮助
php 获取信息的脚本
<?php
$con = mysqli_connect('localhost','root','','python');
if (!$con) {
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"ajax");
$gen = $_GET['gen'];
$gen = mysql_real_escape_string($gen);
$tab = $_GET['tab'];
$tab = mysql_real_escape_string($tab);
$datepicker = $_GET['datepicker'];
$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%' AND dateForm = '$datepicker'";
$result = mysqli_query($con,$sql);
echo "<table class='table table-hover'><thead>
<tr>
<th><h3>Artist</th>
<th><h3>Location</th>
<th><h3>Date</th>
<th><h3>Genre</th>
<th><h3>Preview</th>
</tr></thead>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['artist'] . "</td>";
echo "<td> <b>Venue: </b>" . $row['venue'] . "<p><b>Location: </b>" . $row['location'] . "</td>";
echo "<td>" . $row['datez'] . "</td>";
echo "<td>" . $row['genre'] . "</td>";
echo "<td>" . '<iframe width="100%" height="100" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/' . $row['link'] . '&color=000000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false"></iframe>' . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
gen变量是使用AJAX
创建的
function ajaxFunction(){
var ajaxRequest; // The variable that makes Ajax possible!
try{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
} catch (e){
// Internet Explorer Browsers
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}
// Create a function that will receive data
// sent from the server and will update
// div section in the same page.
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
var ajaxDisplay = document.getElementById('ajaxDiv');
ajaxDisplay.innerHTML = ajaxRequest.responseText;
}
}
// Now get the value from user and pass it to
// server script.
var gen = document.getElementById('gen').value;
var datepicker = document.getElementById('datepicker').value;
var tab = document.getElementById('tab').value;
//var datepicker = document.getElementById('datepicker').value;
var queryString = "?gen=" + gen ;
queryString += "&datepicker=" + datepicker +"&tab=" + tab;
ajaxRequest.open("GET", "getuser.php" +
queryString, true);
ajaxRequest.send(null);
}
尝试在搜索值的开头添加一个 %
$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%'AND dateForm = '$datepicker'";
好的,这里有一些安全课程。在准备好的查询中绑定参数 $gen(添加了通配符)和 $datepicker。由于您无法绑定列或 table 名称,因此我 运行 就像我在下面使用 $tab 和允许的 $ 所做的那样tables数组。这允许您设置一个预定义的 table 列表,允许查询 运行 反对,如果提供的 table 不在列表中,将抛出异常。
我不喜欢 mysqli 或过程代码,所以我用得不多,但我很确定一切都井井有条。
mysqli_select_db($con,"ajax");
// Add wildcards here
$gen = '%'.$_GET['gen'].'%';
$tab = $_GET['tab'];
$datepicker = $_GET['datepicker'];
// Check if $tab is in allowed tables (array $tables)
$tables = ['valid_table1', 'valid_table2', 'valid_table3'];
if (!in_array($tab, $tables)) {
throw new Exception('Hey, get outta here!');
}
$sql="SELECT * FROM $tab WHERE genre LIKE ? AND dateForm = ?";
// Prepare, bind, and execute
$stmt = mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt, 'ss', $gen, $datepicker);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result)) {
...
}
基本上,我尝试使用 $gen 变量将用户查询与存储在描述音乐流派的数据库中的字符串相匹配。我的问题是,如果类型是 Indie/Pop 并且用户 selects Indie 作为搜索查询,事件将显示。如果他们 select Pop 事件不显示。
这是我查询数据库的方式。
$sql="SELECT * FROM $tab WHERE genre LIKE '$gen%'AND dateForm = '$datepicker'";
一如既往地感谢您的帮助
php 获取信息的脚本
<?php
$con = mysqli_connect('localhost','root','','python');
if (!$con) {
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"ajax");
$gen = $_GET['gen'];
$gen = mysql_real_escape_string($gen);
$tab = $_GET['tab'];
$tab = mysql_real_escape_string($tab);
$datepicker = $_GET['datepicker'];
$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%' AND dateForm = '$datepicker'";
$result = mysqli_query($con,$sql);
echo "<table class='table table-hover'><thead>
<tr>
<th><h3>Artist</th>
<th><h3>Location</th>
<th><h3>Date</th>
<th><h3>Genre</th>
<th><h3>Preview</th>
</tr></thead>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['artist'] . "</td>";
echo "<td> <b>Venue: </b>" . $row['venue'] . "<p><b>Location: </b>" . $row['location'] . "</td>";
echo "<td>" . $row['datez'] . "</td>";
echo "<td>" . $row['genre'] . "</td>";
echo "<td>" . '<iframe width="100%" height="100" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/' . $row['link'] . '&color=000000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false"></iframe>' . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
gen变量是使用AJAX
创建的 function ajaxFunction(){
var ajaxRequest; // The variable that makes Ajax possible!
try{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
} catch (e){
// Internet Explorer Browsers
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}
// Create a function that will receive data
// sent from the server and will update
// div section in the same page.
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
var ajaxDisplay = document.getElementById('ajaxDiv');
ajaxDisplay.innerHTML = ajaxRequest.responseText;
}
}
// Now get the value from user and pass it to
// server script.
var gen = document.getElementById('gen').value;
var datepicker = document.getElementById('datepicker').value;
var tab = document.getElementById('tab').value;
//var datepicker = document.getElementById('datepicker').value;
var queryString = "?gen=" + gen ;
queryString += "&datepicker=" + datepicker +"&tab=" + tab;
ajaxRequest.open("GET", "getuser.php" +
queryString, true);
ajaxRequest.send(null);
}
尝试在搜索值的开头添加一个 %
$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%'AND dateForm = '$datepicker'";
好的,这里有一些安全课程。在准备好的查询中绑定参数 $gen(添加了通配符)和 $datepicker。由于您无法绑定列或 table 名称,因此我 运行 就像我在下面使用 $tab 和允许的 $ 所做的那样tables数组。这允许您设置一个预定义的 table 列表,允许查询 运行 反对,如果提供的 table 不在列表中,将抛出异常。
我不喜欢 mysqli 或过程代码,所以我用得不多,但我很确定一切都井井有条。
mysqli_select_db($con,"ajax");
// Add wildcards here
$gen = '%'.$_GET['gen'].'%';
$tab = $_GET['tab'];
$datepicker = $_GET['datepicker'];
// Check if $tab is in allowed tables (array $tables)
$tables = ['valid_table1', 'valid_table2', 'valid_table3'];
if (!in_array($tab, $tables)) {
throw new Exception('Hey, get outta here!');
}
$sql="SELECT * FROM $tab WHERE genre LIKE ? AND dateForm = ?";
// Prepare, bind, and execute
$stmt = mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt, 'ss', $gen, $datepicker);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result)) {
...
}