Web application in the design of fuzzy query about class, what should write SQL statements,
For example, I according to the title or the author or ISBN different attributes, such as query book,

CodePudding user response:

Sorry I'm coming water points

CodePudding user response:

Finally is joining together the SQL statement, if the field is the text "... WHERE xx LIKE '% % "+ val +"' "+" OR XXXX LIKE '% "+ val +" %' "
Submitted to variable val to do SQL injection treatment,
Complex point, according to different field types have different SQL statements, do a query analyzer, can define a set of syntax, deal with and the or, different field types do their respective query and numerical test,

CodePudding user response:

refer to the second floor hookee response:

would eventually joining together the SQL statement, if the field is the text "... WHERE xx LIKE '% % "+ val +"' "+" OR XXXX LIKE '% "+ val +" %' "
Submitted to variable val to do SQL injection treatment,
Complex point, according to different field types have different SQL statements, do a query analyzer, can define a set of syntax, deal with and the or, different field types do their respective query and numerical test,

Variable val?

CodePudding user response:

Variable val is your into the title or the author refs or ISBN etc. Different properties; % (fuzzy query is to use the like, and then sign on behalf of the match any character, such as: thanks for listening, xiao-xue wang, dusting of snow; And small, "small % % so take thanks for listening, xiao-xue wang, light snow snow all query out);