SQL Query 在一个参数中给出错误的输出
Posted
技术标签:
【中文标题】SQL Query 在一个参数中给出错误的输出【英文标题】:SQL Query gives wrong output in one argument 【发布时间】:2019-08-02 07:22:39 【问题描述】:我在 php 中使用 sql 语句从服务器数据库中获取结果。 查询执行良好,但是我在查询结果中收到错误,来自 SQL 语句中的参数之一 (cardName)。
搜索测试用例结果:
IF(cardNumber= '',cardName != 空,cardOwner ='') Result=>返回表中的所有记录,无论数据库中是否存在cardName值。
IF cardName + (cardNumber OR cardOwner) 搜索过滤器 Result => 返回的记录比实际预期的要多。
IF cardNumber、CardName 和 cardOwner 都不为空 结果=>在所有场景中显示的准确结果
cardNumber 和 cardOwner 在所有测试场景中都给出了正确的结果(除非与 cardName 结合使用)
数据获取和搜索代码
/*...........Get Values............*/
if($_POST['srch_cardNumber_txt'])
$cardNumber = $_POST['srch_cardNumber_txt'];
else$cardNumber="";
if($_POST['srch_cardName_txt'])
$cardName = $_POST['srch_cardName_txt']; // _/
else$cardName = ""; // _/
if($_POST['srch_cardOwner_txt'])
$cardOwner = $_POST['srch_cardOwner_txt'];
else $cardOwner="";
echo "Filters:: Card Number: ".$cardNumber." -- Card Name: ".$cardName.
" -- Card Owner: ".$cardOwner."<br>";
if(!empty($cardName) or !empty($cardNumber) or !empty($cardOwner) )
include_once("db_connect.php");
if ( mysqli_connect_error())
die('Connect Error('.mysqli_connect_errno().')'.mysqli_connect_error());
else
//.............Search Pseudo Code........
/* SELECT *
FROM Table
WHERE (f1 = '' or c1 = f1)
AND (f2 = '' or c2 = f2)
AND (f3 = '' or c3 = f3)
AND (f4 = '' or c4= f4)
*/
$SELECT = "SELECT *
FROM cards
WHERE (? = '' or cardNumber = ? )
AND (? = '' or cardName = ? )
AND (? = '' or cardOwner = ? )
";
/*ERROR: Searching only cardName returns all cards data - cardName filter can work in combination with additional filters*/
// if All values are equal to null, then retrun false / end search
if($cardName ='' AND $cardNumber ='' AND $cardOwner='')
echo "Search fields are all empty<br>";s
return False;
//.........Prepare statement.....
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("iissss",$cardNumber,$cardNumber,$cardName,$cardName,$cardOwner, $cardOwner); //Works with HardCoded cardName value
$stmt-> execute();
$stmt->store_result();
$rnum = $stmt->num_rows;
if($rnum == 0)
$stmt->close();
echo "No card records found on given search inputs <br>";
else
$stmt->bind_result($cardNumber,$cardName,$cardOwner);
// $conn->close();
else
echo "no data entered for search";
die();
?>
数据输出代码
<?php
if( $rnum > 0 )
echo "Number of records found: ".$rnum."<br>";
while($stmt->fetch())
echo "A card is found with Card #".$cardNumber."<br>".$cardName."<br>".$cardOwner."<br>------------<br>";
$stmt->close();
$conn->close();
else
echo "No records found<br>";
?>
数据图像
https://imgur.com/a/xBztII5
【问题讨论】:
在声明if($cardName ='' AND $c... - 这是对所有值的赋值,而不是测试。
使用 pdo 应该更容易,这种情况下你基本上需要动态绑定参数
@NigelRen 哇——我没有意识到这一点!这是一个真正的菜鸟错误-感谢您指出
【参考方案1】:
48 行后出现错误:
if($cardName ='' AND $cardNumber ='' AND $cardOwner='')
echo "Search fields are all empty<br>";s
return False;
您正在检查值,而不是设置。使用双等号 (==)。 应该是:
if ($cardName =='' AND $cardNumber =='' AND $cardOwner=='')
echo "Search fields are all empty<br>";
exit;
【讨论】:
谢谢!我不敢相信我错过了这个错误 - 感谢您指出!以上是关于SQL Query 在一个参数中给出错误的输出的主要内容,如果未能解决你的问题,请参考以下文章