I think you may do some preprocessing, before running your query.

我认为您可以在运行查询之前进行一些预处理。

First off, you need to give your select options some sort of value to check against.

首先，您需要为选择的选项提供某种值以进行检查。

I don't know your exact database structure, but assuming that you're working with the select texts, you may want to try this:

我不知道您确切的数据库结构，但假设您正在使用选择文本，您可能想尝试以下操作：

$query = "SELECT * FROM projectitem WHERE (description LIKE '%$keywords%' OR item LIKE '%$keywords%')";

This is your base query and running it right now will check against the keywords, but no location.

这是您的基本查询，现在运行它会检查关键字，但不会检查位置。

if($keylocation != "Any location") $query .= " AND location = '$keylocation'";

This last line will add the location as additional filter to your query. Run it, and see what it does. (I'm not sure about the string comparison there though)

最后一行会将位置作为附加过滤器添加到您的查询中。运行它，看看它做了什么。（虽然我不确定那里的字符串比较）

Ah yes, as a final advice: Be sure to run your input through the escape function mysqli_escape_string. Otherwise you're opening yourself to SQL injections.

是的，作为最后的建议：确保通过转义函数运行您的输入mysqli_escape_string。否则，您将面临 SQL 注入。

You're not actually using the value of $keylocation; to narrow searches down, you need an ANDinstead of OR:

您实际上并没有使用$keylocation;的值。要缩小搜索范围，您需要一个AND而不是OR：

$stmt = mysqli_prepare($con, 'SELECT * FROM projectitem 
    where (description LIKE ? OR item LIKE ?) AND location LIKE ?');

mysqli_stmt_bind_param($stmt, 'sss', "%$keywords%", "%$keywords%", "%$keylocation%");

mysqli_stmt_execute($stmt);

// etc.

Update

更新

Since the drop down may have "any location" you would need to dynamically change your query:

由于下拉菜单可能有“任何位置”，您需要动态更改查询：

$sql = 'SELECT * FROM projectitem WHERE 1'; // base query

$types = ''; $vars = array();

if (!empty($keywords)) {
    $sql .= ' AND (description LIKE ? OR item LIKE ?)';
    $types .= 'ss';
    $vars[] = "%$keywords%";
    $vars[] = "%$keywords%";
}

if ($keylocation != 'Any Location') {
    $sql .= ' AND location LIKE ?';
    $types .= 's';
    $vars[] = $keylocation;
}

$stmt = mysqli_prepare($con, $sql);
if ($types) {
    mysqli_stmt_bind_param($stmt, $types, $vars);
}
mysqli_stmt_execute($stmt);

first you have sql injection

首先你有sql注入

use mysqli_real_escape_string

用 mysqli_real_escape_string

if keywords for example is null your query will be like this

例如，如果关键字为空，您的查询将是这样的

$result = mysqli_query($con,"SELECT * FROM projectitem where description  like '%%'  or item like '%%' or location like '%$keylocation%'");

and description like '%%'return all row !

并description like '%%'返回所有行！

you must check data first

你必须先检查数据

$query = "SELECT * FROM projectitem where 1=1 "
if($keywords)
  $query .= " AND ( description  like '%$keywords%' AND item like '%$keywords%' )";
if($keylocation)
  $query .= " AND location  like '%$keylocation%'";