开发者

PHP/SQL Statements - I understand the process but not the individual lines of code, can anyone help?

开发者 https://www.devze.com 2023-02-09 15:39 出处:网络
I have this code below on a website, it was written by someone else. I understand that it is taking the information that was entered in (company) and if the entry is empty it takes the user to compani

I have this code below on a website, it was written by someone else. I understand that it is taking the information that was entered in (company) and if the entry is empty it takes the user to companies.php page. If it is not empty it takes the entry and looks it up in the table.

The Bit I really do not understand is after the else, $Where Section, in particular the %, I thought that was when you make a comment??

Hope someone can help?

Thanks :)

if ($_POST["Company"] == "")
{  
    header("Location: companies.php?page=1");  
    $Orders = "<div id='ErrorMessage'>Please enter a company name or partial company name to search the Credit Report Shop.</div>\n";  
}  
else  
{  
    $WhereSection="";  
    if ($_POST["Company"])  
        $WhereSection .= "WHERE UPPER(Company) LIKE '%".strtoupper($_POST["C开发者_开发问答ompany"])."%'";  

    $Statement = "SELECT * from jos_companies
                    $WhereSection
                    ORDER BY Company ASC, LastReport DESC";

    db_connect();
    $rid=mysql_query($Statement);
    $rcount=0;
}


The % is a wildcard used in a LIKE clause in a SQL WHERE statement. So if the value of company is 'ABC', LIKE '%ABC%' will match any value that contains 'ABC' either at the beginning, in the middle or at the end; LIKE 'ABC%' will match all values beginning with 'ABC' and LIKE '%ABC' will match all values ending in 'ABC'

And you should be escaping your $_POST fields before embedding them in SQL statements


The % is a wildcard character for the LIKE search.

So, for example, if the input was "don", then LIKE '%don%' would match names like "McDonalds" and "Donlen", etc.


    $WhereSection .= "WHERE UPPER(Company) LIKE '%".strtoupper($_POST["Company"])."%'";  

If there is information in $_POST['Company'] then we'd like to filter the query to match the company name. LIKE '%text%' will match for anything that has text in it. % is a wildcard that matches anything.

UPPER() is used to skip case sensitivity.

Good Luck

0

精彩评论

暂无评论...
验证码 换一张
取 消