搜索栏无法正常运行
[英]Search bar not functioning properly
问题描述
My problem is when I enter a specific country name, for example: France, it'll output every data from my database instead of just France.
我的问题是当我输入一个特定的国家名称时,例如:法国,它会输出我数据库中的所有数据,而不仅仅是法国。 I don't know where I've gone wrong and its probably something very simple but I don't even know how to attempt to fix it so I've come here to get some help我不知道我哪里出错了,它可能很简单,但我什至不知道如何尝试修复它,所以我来这里寻求帮助
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$country = $_POST['country'];
$_SESSION['country'] = $country;
$sqlQuery = "SELECT * FROM campsites WHERE country LIKE '%$country%'";
$result = $campDataSet->fetchAllCamps($sqlQuery);
//var_dump($result);
if (count($result) > 0) {
echo'<div class="table-responsive">
<table class="table">
<thead id="table1Head">
<tr><td>Name</td>
<td>Address</td>
<td>Postcode</td>
<td>Country</td>
<td>Latitude</td>
<td>Longitude</td>
<td>email</td>
<td>Phone<td>
</thead>
<tbody>
</div>';
foreach ($result as $row) {
echo '<tr><td>' . $row->campsite_name . '</td> <td>' . $row->address . '</td> <td>' . $row->postcode . '</td> <td>' . $row->country. '</td> <td>' . $row->lattitude . '</td> <td>' . $row->longitude . '</td> <td>' . $row->email . '</td> <td>' . $row->phone_number . '</td></td></tr>';
}
echo "</tbody></table>";
} else {
print " 0 results";
}
}
my Database class我的数据库类
class campDataSet
{
public $dbHandle, $dbInstance;
public function __construct()
{
$this->db = new campData();
$this->conn = $this->db->getCampData();
}
public function fetchAllCamps()
{
//$sqlQuery = "SELECT campsites.id_campsite, campsites.campsite_name, campsites.address, campsites.postcode, campsites.country, campsites.lattitude, campsites.longitude, campsites.email, campsites.phone_number
// FROM sgb220_clientserver.campsites";
$sqlQuery = "SELECT * FROM sgb220_clientserver.campsites";
if ($data = $this->conn->prepare($sqlQuery)) {
$data->execute();
$dataSet = [];
while ($row = $data->fetch()) {
$dataSet[] = new DBdata($row);
}
} else {
echo "<script> alert(\"Could not prepare SQL statement\") </script>";
}
return $dataSet;
}
2 个解决方案
解决方案1
3 已采纳 2019-04-23 14:28:37
Your fetchAllCamps() method doesn't accept any arguments.您的fetchAllCamps()方法不接受任何参数。
Instead of defining the $sqlQuery inside fetchAllCamps , use a parameter:不要在fetchAllCamps中定义$sqlQuery ,而是使用参数:
public function fetchAllCamps($sqlQuery) // <- This
{
if ($data = $this->conn->prepare($sqlQuery)) {
$data->execute();
$dataSet = [];
...
A warning about SQL Injection关于 SQL 注入的警告
Because you are inserting $_POST data directly into your query, the user is able to manipulate the sql and thus can extract/manipulate data however he wants to.因为您将$_POST数据直接插入到您的查询中,所以用户能够操作 sql,从而可以随意提取/操作数据。 Read up in SQL Injection and how to prevent it to keep your database safe from attackers.阅读 SQL 注入以及如何防止它以保护您的数据库免受攻击者的侵害。
This might be a good starting point: https://stackoverflow.com/a/601524/2232127这可能是一个很好的起点: https : //stackoverflow.com/a/601524/2232127
解决方案2
0 2019-04-23 15:10:39
Your issue is that you are running a query that just gets all of the camps instead of only the ones in a certain country.您的问题是您正在运行的查询仅获取所有营地,而不仅仅是某个国家/地区的营地。 Your fetchAllCamps() function does not accept any parameters.您的 fetchAllCamps() 函数不接受任何参数。
It would probably be best to move your query into the fetchAllCamps() function, or make another function entirely if you need a function to give you all the camps instead o just ones in a certain country.最好将您的查询移动到 fetchAllCamps() 函数中,或者如果您需要一个函数来为您提供所有营地而不是某个国家/地区的营地,则完全创建另一个函数。 Instead of passing in the query, just pass the $country variable.而不是传递查询,只需传递 $country 变量。 Build your query inside the function and run it.在函数内构建查询并运行它。
This way you are separating all of your SQL from where you are building your HTML.通过这种方式,您可以将所有 SQL 与构建 HTML 的位置分开。 This is more in line with modern programming standards.这更符合现代编程标准。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.