我正在尝试通过db列中包含的单词来过滤sql查询。
这是有效的(请不要告诉我,“ Hinging错了……它不适用于Where”)
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius));
$result = mysql_query($query, $dbConn);
我想添加以下内容:
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' AND SubjectList like '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius),
mysql_real_escape_string($subject));
$result = mysql_query($query, $dbConn);
最佳答案
这是现在可以使用的解决方案-感谢大家的帮助
$query = "SELECT *, ( 3959 * acos( cos( radians('". addslashes($lat) ."') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('". addslashes($lng) ."') ) + sin( radians('". addslashes($lat) ."') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors WHERE `SubjectList` LIKE '%". addslashes($subject) ."%' GROUP BY distance HAVING distance < '". addslashes($radius) ."'";