我正在遵循本教程:
http://coderexample.com/datatable-demo-server-side-in-phpmysql-and-ajax/
这是演示:
http://coderexample.com/demo/datatable-demo-server-side-in-phpmysql-and-ajax/
如果我在搜索输入中搜索ou
,我会得到No matching records found
但我希望返回的是至少Airi Satou
这一行。
我认为这是我必须更改的代码,因为我必须做搜索服务器端。
<?php
/* Database connection start */
$servername = "localhost";
$username = "root";
$password = "Password1";
$dbname = "test";
$conn = mysqli_connect($servername, $username, $password, $dbname) or die("Connection failed: " . mysqli_connect_error());
/* Database connection end */
// storing request (ie, get/post) global array to a variable
$requestData= $_REQUEST;
$columns = array(
// datatable column index => database column name
0 =>'employee_name',
1 => 'employee_salary',
2=> 'employee_age'
);
// getting total number records without any search
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalData = mysqli_num_rows($query);
$totalFiltered = $totalData; // when there is no search parameter then total number rows = total number filtered rows.
if( !empty($requestData['search']['value']) ) {
// if there is a search parameter
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' "; // $requestData['search']['value'] contains search parameter
$sql.=" OR employee_salary LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR employee_age LIKE '".$requestData['search']['value']."%' ";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalFiltered = mysqli_num_rows($query); // when there is a search parameter then we have to modify total number filtered rows as per search result without limit in the query
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." "; // $requestData['order'][0]['column'] contains colmun index, $requestData['order'][0]['dir'] contains order such as asc/desc , $requestData['start'] contains start row number ,$requestData['length'] contains limit length.
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees"); // again run query with limit
} else {
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." ";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
}
$data = array();
while( $row=mysqli_fetch_array($query) ) { // preparing an array
$nestedData=array();
$nestedData[] = $row["employee_name"];
$nestedData[] = $row["employee_salary"];
$nestedData[] = $row["employee_age"];
$data[] = $nestedData;
}
$json_data = array(
"draw" => intval( $requestData['draw'] ), // for every request/draw by clientside , they send a number as a parameter, when they recieve a response/data they first check the draw number, so we are sending same number in draw.
"recordsTotal" => intval( $totalData ), // total number of records
"recordsFiltered" => intval( $totalFiltered ), // total number of records after searching, if there is no searching then totalFiltered = totalData
"data" => $data // total data array
);
echo json_encode($json_data); // send data as json format
?>
我说这是我必须更改的代码是对的吗?
如果是这样,谁能告诉我必须做什么?
我知道这有很多问题要问,但希望得到指导!
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' ";
将匹配搜索词,然后匹配任何内容(由于通配符%)
由于您要匹配名称中间的搜索词,因此还需要在乞讨处添加通配符:
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
请注意,这将禁止在employee_name
上使用索引,这对您来说可能是也可能不是问题。
这不是最好的搜索方法,您不应该检查所有三个字段,而是询问搜索者使用哪个字段。毕竟年龄和薪水可以有一些匹配的数字。
搜索 27,可以匹配年龄 27 或 27000 工资等。没有人会有鲍勃的年龄,所以做这个搜索是没有意义的
您的查询需要更新。
以下 SQL 语句选择所有以"搜索字段值"开头的employee_name:
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' ";
因此,您的查询应该如下所示,以获得所需的输出,因为它检查employee_name中是否存在特定模式。
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
构造 Where 子句的方式,要搜索的字段必须以搜索词开头。将 where 子句更改为
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
通过做你正在做的事情,你也可以对SQL注入持开放态度。您需要使用参数化查询来消除此漏洞。请参阅如何防止 PHP 中的 SQL 注入?供参考