发表新帖
发表新帖

SQL search multiple values in same field

后端 未结
关注
4 1289
北恋
北恋 2020-11-30 04:48

I\'m building a simple search algorithm and I want to break my string with spaces, and search my database on it, like so:

$
相关标签:
4条回答
  • 眼角桃花
    2020-11-30 05:05

    Try this

    Using UNION

    $sql = '';
$count = 0;
foreach($search as $text)
{
  if($count > 0)
     $sql = $sql."UNION Select name From myTable WHERE Name LIKE '%$text%'";
  else
     $sql = $sql."Select name From myTable WHERE Name LIKE '%$text%'";

  $count++;
}

    Using WHERE IN

    $comma_separated = "('" . implode("','", $search) . "')";  // ('1','2','3')
$sql = "Select name From myTable WHERE name IN ".$comma_separated ;
    0 讨论(0)
  • 我寻月下人不归
    2020-11-30 05:17

    This has been partially answered here: MySQL Like multiple values

    I advise against

    $search = explode( ' ', $search );

    and input them directly into the SQL query as this makes prone to SQL inject via the search bar. You will have to escape the characters first in case they try something funny like: "--; DROP TABLE name;

    $search = str_replace('"', "''", search );

    But even that is not completely safe. You must try to use SQL prepared statements to be safer. Using the regular expression is much easier to build a function to prepare and create what you want.

    function makeSQL_search_pattern($search) {
    search_pattern = false;
    //escape the special regex chars
    $search = str_replace('"', "''", $search);
    $search = str_replace('^', "\\^", $search);
    $search = str_replace('$', "\\$", $search);
    $search = str_replace('.', "\\.", $search);
    $search = str_replace('[', "\\[", $search);
    $search = str_replace(']', "\\]", $search);
    $search = str_replace('|', "\\|", $search);
    $search = str_replace('*', "\\*", $search);
    $search = str_replace('+', "\\+", $search);
    $search = str_replace('{', "\\{", $search);
    $search = str_replace('}', "\\}", $search);
    $search = explode(" ", $search);
    for ($i = 0; $i < count($search); $i++) {
        if ($i > 0 && $i < count($search) ) {
           $search_pattern .= "|";
        }
        $search_pattern .= $search[$i];
    }
    return search_pattern;
}

$search_pattern = makeSQL_search_pattern($search);
$sql_query = "SELECT name FROM Products WHERE name REGEXP :search LIMIT 6"
$stmt = pdo->prepare($sql_query);
$stmt->bindParam(":search", $search_pattern, PDO::PARAM_STR);
$stmt->execute();

    I have not tested this code, but this is what I would do in your case. I hope this helps.

    0 讨论(0)
  • 借酒劲吻你
    2020-11-30 05:21

    Yes, you can use SQL IN operator to search multiple absolute values:

    SELECT name FROM products WHERE name IN ( 'Value1', 'Value2', ... );

    If you want to use LIKE you will need to use OR instead:

    SELECT name FROM products WHERE name LIKE '%Value1' OR name LIKE '%Value2';

    Using AND (as you tried) requires ALL conditions to be true, using OR requires at least one to be true.

    0 讨论(0)
  • 误落风尘
    2020-11-30 05:23

    This will works perfectly in both cases, one or multiple fields searching multiple words.

    Hope this will help someone. Thanks

    declare @searchTrm varchar(MAX)='one two three four'; 
--select value from STRING_SPLIT(@searchTrm, ' ') where trim(value)<>''
select * from Bols 
WHERE EXISTS (SELECT value  
    FROM STRING_SPLIT(@searchTrm, ' ')  
    WHERE 
        trim(value)<>''
        and(    
        BolNumber like '%'+ value+'%'
        or UserComment like '%'+ value+'%'
        or RequesterId like '%'+ value+'%' )
        )
    0 讨论(0)
 看不清?
提交回复
热议问题