我从之前的开发人员那里继承了这个项目,我将尝试尽可能具有描述性。
在页面上,用户输入搜索字符串并提交页面。页面命中存储过程,查询返回结果。问题是搜索字符串超过15个字符。如果是15或更少,结果返回正常。手动执行存储过程时,将返回正确的结果。当尝试从浏览器执行时,我得到了错误的回复。
首先,存储过程和参数:
exec crm_selectSearch2 1, 'commonwealth water', 'PCBI'
接下来是存储过程的部分查询:
IF @search_type = 1 BEGIN -- Organization Name
SELECT org.org_name_1 AS name,
org.org_id AS id,
addr.address_city AS city,
org.phone_number AS phone,
org.email AS email,
CASE WHEN ((org.org_status_flag = 'R' OR org.org_status_flag = 'N' OR org.org_status_flag = 'F') AND org.dues_category = 'MBR') THEN 1 ELSE 0 END 'member',
CASE WHEN (org.org_status_flag = 'P' AND org.dues_category = 'FREE') THEN 1 ELSE 0 END AS 'associate',
CASE WHEN (org.delete_reason = 'OUT' AND org.org_delete_flag = 'Y' AND org.org_status_flag = 'C') THEN 1 ELSE 0 END 'out',
org.affiliate_code
FROM organiz AS org
LEFT JOIN address AS addr ON addr.address_id = org.address_id
WHERE (org.org_name_1 LIKE '%'+@search_string+'%' OR org.org_name_2 LIKE '%'+@search_string+'%' OR org.org_search LIKE '%'+@search_string+'%')
AND (org.affiliate_code = @affiliate_code OR (@affiliate_code = 'PCBI' AND ((org.org_status_flag = 'R' OR org.org_status_flag = 'N' OR org.org_status_flag = 'F') AND org.dues_category = 'MBR')))
ORDER BY out ASC, org_name_1 ASC
END
手动执行此存储过程时,我返回一个肯定的结果。以前的开发人员编写了自己的数据库处理程序:
$rpResult = dbStoredProc('crm_selectSearch2',$_REQUEST['search_type'],ereg_replace(' ','',$_REQUEST['search_string']),$GLOBALS['aPermissions']['affiliate_code']
dbStoredProc函数如下所示:
if($iMSSQL = dbConnect()) {
if($iResult = dbExec("select syscolumns.name as column_name, syscolumns.length as length, syscolumns.colorder, syscolumns.type from sysobjects inner join syscolumns on sysobjects.[id] = syscolumns.[id] where sysobjects.name = '".$sProcName."' order by syscolumns.colorder asc")) {
$aArgs = func_get_args();
$sSQL = 'EXECUTE '.$sProcName.' ';
while(@$aRow = mssql_fetch_array($iResult)) {
if(dbValidate($aRow['type'],$aRow['length'],$aArgs[$aRow['colorder']])) {
$sSQL = $sSQL.$aRow['column_name'].'='.dbValue($aArgs[$aRow['colorder']],$aRow['type']).',';
dbDebug('dbStoredProc: Attached "'.$aArgs[$aRow['colorder']].'" to "'.$aRow['column_name'].'";',3);
} else {
dbDebug('dbStoredProc: Failed to Attach "'.$aArgs[$aRow['colorder']].'" to "'.$aRow['column_name'].':'.$aRow['type'].'";',2);
}
}
$sSQL[strlen($sSQL)-1] = ';';
dbDebug('dbStoredProc: "'.$sSQL.'";',3);
if(@$iResult = mssql_query($sSQL)) {
dbDebug('dbStoredProc: Executed "'.$sProcName.'"',1);
var_dump($iResult);
return $iResult;
} else {
dbDebug('dbStoredProc: Failed to Execute "'.$sProcName.'";',1);
dbDebug('dbStoredProc: '.mssql_get_last_message().';',3);
return FALSE;
}
} else {
dbDebug('dbStoredProc: Failed to Select Procedure from SysObjects;',1);
return FALSE;
}
} else {
dbDebug('dbStoredProc: Failed to Connect to Database;',1);
return FALSE;
}
如果您在执行查询后立即注意到,我正在var_dump上执行$iResult。答复是:
resource(5) of type (mssql result) bool(false)
当我使用长于15的字符串时会发生此结果。如果我使用小于15的字符串,则会返回正确的结果。
我错过了一些明显的东西吗?
答案 0 :(得分:0)
此代码:
ereg_replace(' ','',$_REQUEST['search_string'])
从搜索字符串中删除空格。所以不要寻找
'commonwealth water'
它寻找
'commonwealthwater'
列org.org_search删除了所有空格,因此它匹配了间隔开的搜索字符串,但由于它限制为15个字符(至少在示例中):
'COMMONWEALTHWAT'
它只能匹配长达15个(非空格)字符的搜索字符串。
由于列org_search可能是出于某种原因而创建的,并且可能也在其他代码中使用,因此解决方案是重新创建所有(损坏的?)org_search值而不限制15个字符,并留下适当的距离。