我目前正在使用 "$search_field LIKE '$this->db->escape_like_str($search_string)%'"; 来转义动态创建的搜索查询。创建的结果 SQL 语句不会产生任何错误,但也不会产生任何结果。下面是我在做什么的详细描述。
我正在使用 jqGrid 及其搜索功能。当用户输入搜索词时,它会将 $filters json 对象发送到我的服务器。然后我解析它并创建一个 SQL 语句来获取请求的数据。
这是转义传入搜索数据的代码(这也是问题所在):
$search_string_like = $this->CI->db->escape_like_str($search_string);
$operator['bw'] = "$search_field LIKE '$search_string_like%'"; //begins with
这是生成的 SQL 语句:
SELECT *
FROM player_data_temp_table
WHERE first_name LIKE '\'zech\'%' AND last_name LIKE '\'camp\'%'
ORDER BY date_won desc
LIMIT 0 , 15
这个查询没有抛出任何错误,但它也不起作用。当我直接在 phpmyadmin 中运行类似的查询时,我得到 MySQL 返回了一个空结果集(即零行)。 即使我知道可以找到结果。如果我简单地从 first_name LIKE '\'zech\'%' 中删除反斜杠和单引号,使其成为 first_name LIKE 'zech%' 我就会得到预期的结果.我担心的是,这不再是正确的转义,对吧?
总结
一个变量,$filters,包含这样的数据 {"groupOp":"AND","rules":[{"field":"first_name","op":"bw","data":"zech"}]} 被传递到 build_where_clause($filters)。 build_where_clause 返回完整的 $where 语句,然后在模型中用于创建最终的 SQL 搜索语句。
jqgrid_lib.php
class jqgrid_lib
{
private $CI;
public function __construct()
{
$this->CI =& get_instance();
}
/**
* Function takes a json string with search rules and turns it into an sql statement.
*
* To use this function make sure you set stringResult: true, see example below:
* $("#list").jqGrid('filterToolbar',{stringResult: true});
* @param json string
* @author zechdc
*/
public function build_where_clause($filters)
{
$sql_fragments = array();
$filters = json_decode($filters);
$rules = $filters->rules;
$group_op = $filters->groupOp;
//loop through each rule and create an sql statement
foreach($rules as $rule)
{
$temp_sql = $this->create_search_field($rule->field, $rule->data, $rule->op);
array_push($sql_fragments, $temp_sql);
}
//combine all sql fragments with the group_operator
$data['sql'] = implode(' ' . $group_op . ' ', $sql_fragments);
return $data;
}
/**
* Takes a field, string and search condition and turns it into a sql search statement
*
* To use this function make sure you set stringResult: true, see example below:
* $("#list").jqGrid('filterToolbar',{stringResult: true});
* @param json string
* @return string
* @author zechdc
*/
public function create_search_field($search_field, $search_string, $search_operator)
{
//$search_field = $this->CI->db->escape($search_field); //escaping the column breaks it.
$search_string = $this->CI->db->escape($search_string);
$search_string_like = $this->CI->db->escape_like_str($search_string);
//$search_string_like = $search_string;
$operator['eq'] = "$search_field=$search_string"; //equal to
$operator['ne'] = "$search_field<>$search_string"; //not equal to
$operator['lt'] = "$search_field < $search_string"; //less than
$operator['le'] = "$search_field <= $search_string "; //less than or equal to
$operator['gt'] = "$search_field > $search_string"; //less than
$operator['ge'] = "$search_field >= $search_string "; //less than or equal to
$operator['bw'] = "$search_field LIKE '$search_string_like%'"; //begins with
$operator['bn'] = "$search_field NOT LIKE '$search_string_like%'"; //not begins with
$operator['in'] = "$search_field IN ($search_string)"; //in
$operator['ni'] = "$search_field NOT IN ($search_string)"; //not in
$operator['ew'] = "$search_field LIKE '%$search_string_like'"; //ends with
$operator['en'] = "$search_field NOT LIKE '%$search_string_like%'"; //not ends with
$operator['cn'] = "$search_field LIKE '%$search_string_like%'"; //in
$operator['nc'] = "$search_field NOT LIKE '%$search_string_like%'"; //not in
$operator['nu'] = "$search_field IS NULL"; //is null
$operator['nn'] = "$search_field IS NOT NULL"; //is not null
if(isset($operator[$search_operator]))
{
//set the sql search statement
return $operator[$search_operator];
}
}
}
型号
/*
* Gets all columns from table with limit and sort order set dynamically
*/
function get_specific($sidx, $sord, $start, $limit, $where = NULL)
{
$result = FALSE;
if($where)
{
$where = ' WHERE ' . $where;
}
// usually I dont do select all but since this whole table is temp and only holds the needed data
// then just do select all.
$sql = "SELECT *
FROM player_data_temp_table
$where
ORDER BY $sidx $sord
LIMIT $start , $limit";
$q = $this->db->query($sql);
if($this->db->affected_rows() > 0)
{
$result = $q->result();
}
return $result;
}
看来我解决了这个问题。在模型中,我删除了手工制作的 $sql 语句并将其替换为
if($where)
{
$this->db->where($where);
}
$this->db->order_by($sidx, $sord);
$q = $this->db->get('player_data_temp_table', $limit, $start);
这似乎正确地转义了所有变量,包括我在 $where 语句中的列名。
最佳答案
Manual :
$this->db->escape_like_str() This method should be used when strings are to be used in LIKE conditions so that LIKE wildcards ('%', '_') in the string are also properly escaped.
$search = '20% raise';
$sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";
所以你在最后两行代码中做对了。
以下代码对您有何作用?
$search_string = 'zech';
$search_string_like = $this->CI->db->escape_like_str($search_string);
$operator['bw'] = "$search_field LIKE '$search_string_like%'";
关于php - 如何正确转义 mysql "search/like"查询?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8583014/
我正在学习如何使用Nokogiri,根据这段代码我遇到了一些问题:require'rubygems'require'mechanize'post_agent=WWW::Mechanize.newpost_page=post_agent.get('http://www.vbulletin.org/forum/showthread.php?t=230708')puts"\nabsolutepathwithtbodygivesnil"putspost_page.parser.xpath('/html/body/div/div/div/div/div/table/tbody/tr/td/div
总的来说,我对ruby还比较陌生,我正在为我正在创建的对象编写一些rspec测试用例。许多测试用例都非常基础,我只是想确保正确填充和返回值。我想知道是否有办法使用循环结构来执行此操作。不必为我要测试的每个方法都设置一个assertEquals。例如:describeitem,"TestingtheItem"doit"willhaveanullvaluetostart"doitem=Item.new#HereIcoulddotheitem.name.shouldbe_nil#thenIcoulddoitem.category.shouldbe_nilendend但我想要一些方法来使用
关闭。这个问题是opinion-based.它目前不接受答案。想要改进这个问题?更新问题,以便editingthispost可以用事实和引用来回答它.关闭4年前。Improvethisquestion我想在固定时间创建一系列低音和高音调的哔哔声。例如:在150毫秒时发出高音调的蜂鸣声在151毫秒时发出低音调的蜂鸣声200毫秒时发出低音调的蜂鸣声250毫秒的高音调蜂鸣声有没有办法在Ruby或Python中做到这一点?我真的不在乎输出编码是什么(.wav、.mp3、.ogg等等),但我确实想创建一个输出文件。
我正在尝试测试是否存在表单。我是Rails新手。我的new.html.erb_spec.rb文件的内容是:require'spec_helper'describe"messages/new.html.erb"doit"shouldrendertheform"dorender'/messages/new.html.erb'reponse.shouldhave_form_putting_to(@message)with_submit_buttonendendView本身,new.html.erb,有代码:当我运行rspec时,它失败了:1)messages/new.html.erbshou
我在从html页面生成PDF时遇到问题。我正在使用PDFkit。在安装它的过程中,我注意到我需要wkhtmltopdf。所以我也安装了它。我做了PDFkit的文档所说的一切......现在我在尝试加载PDF时遇到了这个错误。这里是错误:commandfailed:"/usr/local/bin/wkhtmltopdf""--margin-right""0.75in""--page-size""Letter""--margin-top""0.75in""--margin-bottom""0.75in""--encoding""UTF-8""--margin-left""0.75in""-
给定这段代码defcreate@upgrades=User.update_all(["role=?","upgraded"],:id=>params[:upgrade])redirect_toadmin_upgrades_path,:notice=>"Successfullyupgradeduser."end我如何在该操作中实际验证它们是否已保存或未重定向到适当的页面和消息? 最佳答案 在Rails3中,update_all不返回任何有意义的信息,除了已更新的记录数(这可能取决于您的DBMS是否返回该信息)。http://ar.ru
我在我的项目目录中完成了compasscreate.和compassinitrails。几个问题:我已将我的.sass文件放在public/stylesheets中。这是放置它们的正确位置吗?当我运行compasswatch时,它不会自动编译这些.sass文件。我必须手动指定文件:compasswatchpublic/stylesheets/myfile.sass等。如何让它自动运行?文件ie.css、print.css和screen.css已放在stylesheets/compiled。如何在编译后不让它们重新出现的情况下删除它们?我自己编译的.sass文件编译成compiled/t
我在开发的Rails3网站的一些搜索功能上遇到了一个小问题。我有一个简单的Post模型,如下所示:classPost我正在使用acts_as_taggable_on来更轻松地向我的帖子添加标签。当我有一个标记为“rails”的帖子并执行以下操作时,一切正常:@posts=Post.tagged_with("rails")问题是,我还想搜索帖子的标题。当我有一篇标题为“Helloworld”并标记为“rails”的帖子时,我希望能够通过搜索“hello”或“rails”来找到这篇帖子。因此,我希望标题列的LIKE语句与acts_as_taggable_on提供的tagged_with方法
我正在用Ruby编写一个简单的程序来检查域列表是否被占用。基本上它循环遍历列表,并使用以下函数进行检查。require'rubygems'require'whois'defcheck_domain(domain)c=Whois::Client.newc.query("google.com").available?end程序不断出错(即使我在google.com中进行硬编码),并打印以下消息。鉴于该程序非常简单,我已经没有什么想法了-有什么建议吗?/Library/Ruby/Gems/1.8/gems/whois-2.0.2/lib/whois/server/adapters/base.
我正在寻找执行以下操作的正确语法(在Perl、Shell或Ruby中):#variabletoaccessthedatalinesappendedasafileEND_OF_SCRIPT_MARKERrawdatastartshereanditcontinues. 最佳答案 Perl用__DATA__做这个:#!/usr/bin/perlusestrict;usewarnings;while(){print;}__DATA__Texttoprintgoeshere 关于ruby-如何将脚