我对PHP还很陌生,所以如果我忽略了一些简单的东西,请原谅我。我正在尝试构建一个会员搜索表单,允许人们通过输入一个或多个条件来查找会员:名字或用户名、城市、州、国家或电子邮件地址。如果输入单个字段,则表单有效,或者仅当名称/用户名字段具有值时,表单才有效。假设这是一个逻辑问题。提前谢谢。
if (!isset($_POST['fname']))
{
//If not isset -> set with dummy value
$_POST['fname'] = "undefine";
}
if (!isset($_POST['city']))
{
//If not isset -> set with dummy value
$_POST['city'] = "undefine";
}
if (!isset($_POST['state']))
{
//If not isset -> set with dummy value
$_POST['state'] = "undefine";
}
if (!isset($_POST['country']))
{
//If not isset -> set with dummy value
$_POST['country'] = "undefine";
}
if (!isset($_POST['email']))
{
//If not isset -> set with dummy value
$_POST['email'] = "undefine";
}
// DEFAULT QUERY STRING
$queryString = '';
if ($_POST['fname'] != '') {
$fname = $_POST['fname'];
$fname = stripslashes($fname);
$fname = strip_tags($fname);
$fname = preg_replace('#[^A-Za-z 0-9]#i', '', $fname);
$fname = mysql_real_escape_string($fname);
$queryString = "(firstname LIKE '%$fname%' OR username LIKE '%$fname%')";
} else {
$queryString = '';
}
if ($_POST['city'] != '') {
if (($_POST['fname'] != '') || ($_POST['state'] != '') || ($_POST['country'] != '') || ($_POST['email'] != '')){
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= " AND city='$city'";
} else {
$city = $_POST['city'];
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= "city='$city'";
}
} else {
$queryString .= '';
}
if ($_POST['state'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['country']) || ($_POST['email'])){
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= " AND state='$state'";
} else {
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= "state='$state'";
}
} else {
$queryString .= '';
}
if ($_POST['country'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['email'])) {
$country = $_POST['country'];
$queryString .= " AND country='$country'";
}
else {
$country = $_POST['country'];
$queryString .= "country='$country'";
}
} else {
$queryString .= '';
}
if ($_POST['email'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['country'])){
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$email = preg_replace('#[^A-Za-z 0-9,.@-]#i', '', $email);
$email = mysql_real_escape_string($email);
$queryString .= " AND email='$email'";
} else {
$email = $_POST['email'];
$queryString .= "email='$email'";
}
} else {
$queryString .= '';
}
////////////// QUERY THE MEMBER DATA USING THE $queryString variable's value
$sql = mysql_query("SELECT id, username, firstname, city, state, country FROM members WHERE $queryString AND emailactivated='1' ORDER BY id ASC");
绝对是构建查询字符串的一个非常可怕的方法。我会说废弃它并重新开始,但由于您是新手,我们将只使用您所拥有的。
第一步是停止假设你的SQL正在工作。您的查询调用没有任何错误检查,因此在有用的反馈中得到零。因此,将查询调用更改为:
$sql = mysql_query(...query...) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^---add this
现在,您将获得实际mysql错误消息的良好转储,以及查询片段,以解释查询错误的位置/方式。最有可能的是,考虑到您在那里添加的所有字段,您忘记了一个空格或其他东西,并使查询看起来像p=qand z=y(请注意q和and之间缺少空格)。
收到这些错误消息后,您将更容易确定语法错误的位置以及修复它所需的内容。
//像这样获取所有发布的数据
if(isset($_POST['fname']))
{
$fname=$_POST['fname'];
}
获取所有字段值
if(empty($fname))
{
}
else
{
$where . ="fname=$fname and ";
}
//Check and build where for each field
// then remove the last and
$where = rtrim($where, ' AND ');
if (empty($where)) {
$where_str = NULL;
} else {
$where_str = "WHERE $where";
}
$query ="select fieldNames from tableName ";
$query . =$where_str;
我看到的几个问题:
-
在
isset测试中,将未定义的变量设置为'undefine',但在创建查询时,将测试''。这意味着如果名称为空,您将始终寻找名为undefine的人。 -
不应尝试使用代码修改
$_POST变量。您需要将$_POST加载到另一个变量中,并在代码中使用它。