dongzan1970 2014-08-17 19:33
浏览 68
已采纳

SQL查询条件不起作用

I'm working on a search script with pagination but can't get it to work properly.

Here is my query:

$query = "SELECT COUNT(*) FROM server_data WHERE trash = '0' AND server_address LIKE '%$search%' OR title LIKE '%$search%' OR short_desc LIKE '%$search%'";

This is to count how many results there are in the database.

Here is my query for the actual data:

$query = "SELECT * FROM server_data WHERE trash = '0' AND server_address LIKE '%$search%' OR title LIKE '%$search%' OR short_desc LIKE '%$search%' ORDER BY id DESC $limit";

For some reason, this is returning results where trash = 1 and trash = 0, when it should only be returning where trash = 0 obviously. Anybody have any idea why this could be happening?

  • 写回答

1条回答 默认 最新

  • douyiyang6317 2014-08-17 19:36
    关注

    Use parenthesis

    $query = "SELECT * FROM server_data WHERE trash = '0' AND (server_address LIKE '%$search%' OR title LIKE '%$search%' OR short_desc LIKE '%$search%') ORDER BY id DESC $limit";
    

    Without parenthesis your query is evaluated as follows:

    $query = "SELECT * FROM server_data WHERE (trash = '0' AND server_address LIKE '%$search%') OR title LIKE '%$search%' OR short_desc LIKE '%$search%' ORDER BY id DESC $limit";
    

    The reason for this is that AND is "strong" than OR (it's like in math where multiplication is stronger than addition: 3*5+3=15+3=18).

    Btw. please make sure $search is properly escaped, otherwise you allow SQL injection.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 MATLAB怎么通过柱坐标变换画开口是圆形的旋转抛物面?
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿