会话ID和搜索脚本

时间:2016-06-05 20:14:13

标签: php mysql sql search

我已经制作了一个搜索脚本来搜索各种记录,但是当我在sql中添加一个WHERE会话时,脚本就不再工作了。你可以检查代码并告诉我如何更改脚本以便我可以使用它吗?

这是我的脚本:

    <?php
    //include connection file
    include_once("connection.php");
    session_start();
   if (!isset($_SESSION['GEBRUIKER_ID'])) {
   header ("Location: ");
   die;
}


    // initilize all variable
    $params = $columns = $totalRecords = $data = array();

    $params = $_REQUEST;

    //define index of column
    $columns = array(
        0 =>'id',
        1 =>'user_id',
        2 => 'klant_id',
        3 => 'naam_klant',
        4 => 'contactpersoon',
        5 => 'adres'
    );

    $where = $sqlTot = $sqlRec = "";

    // check search value exist
    if( !empty($params['search']['value'])) {  
        $where .=" WHERE ";
        $where .=" ( naam_klant LIKE '".$params['search']['value']."%' ";    
        $where .=" OR contactpersoon LIKE '".$params['search']['value']."%' ";

        $where .=" OR adres LIKE '".$params['search']['value']."%')";
    }

    // getting total number records without any search
        $sql = "SELECT id,naam_klant,contactpersoon,adres FROM klanten WHERE user_id='".$_SESSION['GEBRUIKER_ID']."' ";
    $sqlTot .= $sql;
    $sqlRec .= $sql;
    //concatenate search sql if value exist
    if(isset($where) && $where != '') {

        $sqlTot .= $where;
        $sqlRec .= $where;
    }


     $sqlRec .=  " ORDER BY ". $columns[$params['order'][0]['column']]."   ".$params['order'][0]['dir']."  LIMIT ".$params['start']." ,".$params['length']." ";

    $queryTot = mysqli_query($conn, $sqlTot) or die("database error:". mysqli_error($conn));


    $totalRecords = mysqli_num_rows($queryTot);

    $queryRecords = mysqli_query($conn, $sqlRec) or die("error to fetch employees data");

    //iterate on results row and create new index array of data
    while( $row = mysqli_fetch_row($queryRecords) ) {
        $data[] = $row;
    }    

    $json_data = array(
            "draw"            => intval( $params['draw'] ),  
            "recordsTotal"    => intval( $totalRecords ),  
            "recordsFiltered" => intval($totalRecords),
            "data"            => $data   // total data array
            );

    echo json_encode($json_data);  // send data as json format
?>

    <script type="text/javascript">
    $( document ).ready(function() {
    $('#employee_grid').DataTable({
    "bProcessing": true,
    "serverSide": true,
    "ajax":{
    url :"response.php", // json datasource
    type: "post", // type of method ,GET/POST/DELETE
    error: function(){
    $("#employee_grid_processing").css("display","none");
    }
    }
    });
    });
    </script>
    <div class="container">
    <div class="">
    <h3>Klanten overzicht</h3>
    <div class="">
    <table id="employee_grid" class="display" width="100%" cellspacing="0">
    <thead>
    <tr>
    <th>Klantnummer</th>
    <th>Naam</th>
    <th>Contactpersoon</th>
    <th>Adres</th>
    </tr>
    </thead>

    <tfoot>
    <tr>
    <th>Klantnummer</th>
    <th>Naam</th>
    <th>Contactpersoon</th>
    <th>Adres</th>

    </tr>
    </tfoot>
    </table>
    </div>
    </div>

    </div>

1 个答案:

答案 0 :(得分:0)

在构建查询时,显然会为登录用户添加where user_id = ?子句。如果搜索值不为空,则添加第二个where子句,使查询基本上为select .. from .. where user_id = ? where (naam_klant like ".." OR .. OR ..)。您在一个查询中不能有两个where,它必须是and,如下所示:

select .. from .. where user_id = ? AND (naam_klant like ".." OR .. OR ..)