与LIKE语句

Question

语言Innacurate查询是PHP，数据库ORM是红豆

if(isset($get['last']) || isset($get['first'])){   
    $query = ''; 
    $search_params = []; 
    if(isset($get['first']) && !isset($get['last'])){ 
     //search only with first name 
     $query .= ' AND name LIKE :first '; 
     $search_params[':first'] = '%'.$get['first'].'%'; 
     $args['first'] = $get['first']; 
    } 
    else if(!isset($get['first']) && isset($get['last'])){ 
     //search only with last name 
     $query .= ' AND name LIKE :last '; 
     $search_params[':last'] = '%'.$get['last'].'%'; 
     $args['last'] = $get['last']; 
    } 
    else{ 
     //search with both first and last name 
     $query = ' AND (name LIKE :first OR name LIKE :last) '; 
     $search_params[':first'] = '%'.$get['first'].'%'; 
     $search_params[':last'] = '%'.$get['last'].'%'; 
     $args['first'] = $get['first']; 
     $args['last'] = $get['last']; 
    } 
    if($args['admin']){ 
     //if the user is the admin of the account they can see all transactions 
     $args['transaction'] = admin_example($id, $query, $search_params); 
    }else{ 
     //if the user is a member of the account and was involved in the transaction 
     $args['transaction'] = member_example($id,$user->email,$query,$search_params); 
    } 
}else{ 
    $args['transaction'] = false; 
} 

//get archived transaction the user was involved in matching search parameters 
function admin_example($account_id,$query_segment,$search_params) 
{ 
    $params = array_merge([':id'=>$account_id],$search_params); 
    return R::getAll('SELECT name,tx_id,otp,property_type,property,ins_documents,active FROM transaction WHERE account_id=:id AND active="0" '.$query_segment.' ORDER BY name ASC', 
     $params 
    ); 
} 

//get archived transaction the user was involved in for the current account and matching search parameters 
function member_example($account_id,$email,$query_segment,$search_params) 
{ 
    //gets transactions the account member is able to view. 
    $params = array_merge([':account'=>$account_id,':email'=>$email],$search_params); 
    return R::getAll('SELECT name,tx_id,otp,property,property_type,ins_documents,active FROM 
    transaction WHERE account_id=:account AND (primary_email=:email OR secondary_email=:email) AND active="0" '.$query_segment.' ORDER BY name ASC', 
     $params 
    ); 
} 

查询

SELECT 
    name,tx_id,otp,property_type,property,ins_documents,active 
FROM 
    transaction 
WHERE 
    account_id='1' AND active='0' AND (name LIKE '%ABC%' OR name LIKE '%DEF%') 
ORDER BY 
    name ASC 

以下假设：

1. 我输入“ABC “输入名字输入并将”DEF“输入姓氏中放。
2. 该表有1行满足active="0"条件。
3. 该行的名称列包含姓氏和名字，用逗号分隔，即Flip, Tre。

似乎无论输入框中输入什么内容，当它不应该与LIKE语句匹配时，记录总是被检索。我不知道为什么，我在想如果还有什么我可以做的？我已经添加了name列的索引，但没有骰子。我也尝试使用REGEXP，但我无法检索那样的东西。

Answer 1

根据您的代码和您的评论显示问题，它看起来像last和first在表单上为空时，它们仍然被传递给脚本。

这意味着isset()检查已通过，但它们没有值（即空字符串，即''）。当这被添加到or子句中时，它将添加'%%'，显然，它将与任何值匹配。

您还需要检查并确保这些变量在将它们包括在查询中之前未设置为空字符串。你可以通过调用isempty()这个变量，或者通过检查空字符串''来检查它是否不等。