选择所有具有特定MySql请求PHP的用户
[英]Select all users with specific MySql request PHP
问题描述
I'm coding a feature in PHP, it's a search engine. 
我正在用PHP编写功能,它是一个搜索引擎。
<form action="result" method="POST"> <select name="instrument" id="instrument"> <option value="all">All instrument</option> <option value="1">Guitar</option> <option value="2">Bass</option> <option value="3">Battery</option> <option value="4">Singer</option> </select> <select name="theme" id="theme"> <option value="all">All themes</option> <option value="1">Metal</option> <option value="2">Jazz</option> <option value="3">Rock</option> <option value="4">Blues</option> </select> <input type="submit" value="search" /> </form>
I already code this search engine like this and it works 我已经像这样编码了这个搜索引擎,并且可以正常工作
<?php
if(isset($_POST)) {
$theme = $_POST['theme'];
$instrument = $_POST['instrument'];
$req_search = $bdd->query("SELECT * FROM user,theme,instrument WHERE theme.theme_id = user.user_theme AND instrument.instrument_id = user.user_instrument AND theme_id =".$theme." AND instrument_id =".$instrument);
if($req_search->rowCount()>0) {
while($search = $req_search->fetch()) {
?>
<p><?php echo $search['user_username']; ?></p>
<?php
}
$req_search->closeCursor();
} else {
echo "Users not found";
}
}
?> ?>
You can find users who is matching with those options (without All instrument and All themes . 您可以找到与这些选项(没有“ All instrument和“ All themes )匹配的用户 。
Everything is stored into a MySql database. 一切都存储在MySql数据库中。
However when I click on All themes and All instrument . 但是,当我单击“ All themes和“ All instrument 。 I want to update my select request. 我想更新我的选择请求。 Like if I select All instrument and All themes I want to display every users. 就像我选择“ All instrument和“ All themes我想向每个用户显示。 Or if I select All instrument and Metal , I want to display all users listening to metal and playing whatever instrument. 或者,如果我选择“ All instrument和Metal ,则想显示所有正在听金属并弹奏任何乐器的用户。
Thanks for your help ! 谢谢你的帮助 !
1 个解决方案
解决方案1
0 2015-10-29 15:52:07
You can construct your query to be conditional depending on whether $theme and $instrument have values: 您可以将查询构造为条件查询,具体取决于$theme和$instrument是否具有值:
$query = "SELECT * FROM user,theme,instrument
WHERE theme.theme_id = user.user_theme
AND instrument.instrument_id = user.user_instrument".
($theme!="" ? " AND theme_id='$theme'" : "").
($instrument!="" ? " AND instrument_id='$instrument'" : "");
$req_search = $bdd->query($query);
That said, you should look into PDO Prepared Statements and Placeholders , because all this would take is someone to fiddle around with the DOM to perform some MySQL Injection. 就是说,您应该研究PDO Prepared Statements和Placeholders ,因为这将需要有人在DOM上摆弄一些MySQL注入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.