dqkf49487 2014-03-18 16:38
浏览 61
已采纳

“搜索数据库列时,”Where子句中的未知列'Bloomsbury'错误

After Selection from drop down list

PHP CODE To Create Dropdown List

function getPublishers (){

    $sql = "SELECT DISTINCT bookid, publisher FROM book GROUP BY publisher ORDER BY    
publisher ASC";
    $rs = mysql_query($sql) or die(mysql_error());
    $rows = mysql_fetch_assoc($rs);
    $tot_rows = mysql_num_rows($rs);
    if($tot_rows>0){
        echo "<select name=\"srch_publisher\" id=\"srch_publisher\">
";
        echo "<option value=\"\">Any Publisher&hellip;</option>
";
        do{
            echo "<option value=\"".$rows['bookid']."\"";
            getSticky(2, 'srch_publisher', $rows['bookid']);
            echo ">".$rows['publisher']."</option>";
        } while($rows = mysql_fetch_assoc($rs));
        echo "</select>";
    }
    mysql_free_result($rs);
}

PHP CODE that carries out query based on selection

$sql =  "SELECT DISTINCT bk.title AS Title, bk.year AS Year, bk.publisher AS Publisher, aut.authorname AS Author 
         FROM book bk 

         JOIN book_category bk_cat 
         ON bk_cat.book_id = bk.bookid

         JOIN categories cat 
         ON cat.id = bk_cat.category_id

         JOIN books_authors bk_aut 
         ON bk_aut.book_id = bk.bookid

         JOIN authors aut
         ON aut.id = bk_aut.author_id";

if(isset($_GET['searchInput'])){
$input = $_GET['searchInput'];
$input = preg_replace('/[^A-Za-z0-9]/', '', $input);
}
if (isset($input)){

    $getters = array();
    $queries = array();

    foreach ($_GET as $key => $value) {
        $temp = is_array($value) ? $value : trim($value);
        if (!empty($temp)){
        if (!in_array($key, $getters)){
            $getters[$key] = $value;
            }
        }
    }

    if (!empty($getters)) {

        foreach($getters as $key => $value){
            ${$key} = $value;
            switch ($key) {
                case 'searchInput':
                    array_push($queries,"(bk.title LIKE '%$searchInput%' 
                    || bk.description LIKE '%$searchInput%' || bk.isbn LIKE '%$searchInput%' 
                    || bk.keywords LIKE '%$searchInput%' || aut.authorname LIKE '%$searchInput%')");
                break;
                case 'srch_publisher':
                    array_push($queries, "(bk.bookid = $srch_publisher)");
                break;
                case 'srch_author':
                    array_push($queries, "(bk_aut.author_id = $srch_author)");
                break;          
        }
    }
}

if(!empty($queries)){
    $sql .= " WHERE ";
    $i = 1;
    foreach ($queries as $query) {
        if($i < count($queries)){
            $sql .= $query." AND ";
        } else {
            $sql .= $query;
        }   
        $i++;
    }
}
$sql .= " GROUP BY bk.title  ORDER BY bk.title ASC";

}else{
    $sql .= " GROUP BY bk.title ORDER BY bk.title ASC";
}

When i search for books with the publisher Bloomsbury or any other publisher i get "Unknown column 'Bloomsbury in the Where Clause' even tho i am searching the column of publisher

  • 写回答

1条回答 默认 最新

  • duanhan9479 2014-03-18 16:44
    关注

    The line 

    array_push($queries, "(bk.bookid = $srch_publisher)"

    Should be 

    array_push($queries, "(bk.bookid = '$srch_publisher')"

    ...you need quotes around strings if you're going to search on them.

    HOWEVER - you shouldn't introduce parameters in this way, and the mysql_* functions are deprecated. Have a look at mysqli (http://uk3.php.net/manual/en/book.mysqli.php) or PDO (http://uk3.php.net/manual/en/book.pdo.php) and parameter binding.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?