将 HTML 选择中的值添加到 MySQL 查询中
[英]Adding value from HTML select into MySQL query
问题描述
I've been re-learning HTML & MySQL, and diving into PHP lately.
我一直在重新学习 HTML 和 MySQL,最近又开始研究 PHP。 I'm having some trouble (likely due to the fact that I'm still learning PHP) getting a situation to work correctly.我遇到了一些麻烦(可能是因为我仍在学习 PHP)让情况正常工作。 I have an instance of MySQL running on my server, which is also an IIS7 web server, with PHP installed.我的服务器上有一个 MySQL 实例,它也是一个 IIS7 Web 服务器,安装了 PHP。 I've created a form with HTML & PHP to add entries to the table, and another to display the table, and filter it (if needed).我创建了一个带有 HTML 和 PHP 的表单来向表中添加条目,另一个用于显示表并对其进行过滤(如果需要)。 Currently it looks messy to me, and would also say it's wet.目前对我来说它看起来很乱,并且还会说它是湿的。 Trying to follow the principals of DRY, I'd like to change this latter piece (which currently uses a text box & button for each possible table column to filter on) to use a dropdown to select the column to filter, and a single text box to fill in a value to filter for.尝试遵循 DRY 的原则,我想更改后一块(当前使用文本框和按钮来过滤每个可能的表格列)以使用下拉列表来选择要过滤的列和单个文本框以填充要过滤的值。 This is my current code (with multiple text boxes & buttons):这是我当前的代码(带有多个文本框和按钮):
<?php
/**
* Function to query information based on
* a parameter: in the first case, track_eps.
*
*/
if (isset($_POST['search_eps'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_eps = :track_eps";
$track_eps = $_POST['track_eps'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_eps', $track_eps, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_artist'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_artist = :track_artist";
$track_artist = $_POST['track_artist'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_artist', $track_artist, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_album'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_album = :track_album";
$track_album = $_POST['track_album'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_album', $track_album, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_year'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_year = :track_year";
$track_year = $_POST['track_year'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_year', $track_year, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_pick'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_pick = :track_pick";
$track_pick = $_POST['track_pick'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['view'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list";
$track_pick = $_POST['track_pick'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
?>
<?php require "templates/header.php"; ?>
<?php
if (isset($_POST['search_eps'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_eps']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_artist'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_artist']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_album'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_album']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_year'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_year']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_pick'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
<?php }
}
if (isset($_POST['view'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
<?php }
} ?>
<h2>Find track based on Episode #</h2>
<form method="post">
<input type="submit" name="view" value="View All">
<label for="track_eps">Episode #</label>
<input type="text" id="track_eps" name="track_eps">
<input type="submit" name="search_eps" value="Search Episodes">
<label for="track_artist">Artist</label>
<input type="text" id="track_artist" name="track_artist">
<input type="submit" name="search_artist" value="Search Artist">
<label for="track_album">Album</label>
<input type="text" id="track_album" name="track_album">
<input type="submit" name="search_album" value="Search Album">
<label for="track_year">Year</label>
<input type="text" id="track_year" name="track_year">
<input type="submit" name="search_year" value="Search Year">
<label for="track_pick">Picked By</label>
<input type="text" id="track_pick" name="track_pick">
<input type="submit" name="search_pick" value="Search Pick">
</form>
<a href="index.php">Back to home</a>
<?php require "templates/footer.php"; ?>
As you can see - very lengthy.正如你所看到的 - 很长。 I have a basic understanding of how to get dropdowns - although it seems like there's more than 1 way, I was trying this:我对如何获得下拉菜单有一个基本的了解 - 尽管似乎有不止一种方法,但我正在尝试这样做:
<form method="post">
<select name="colunm">
<option value="track_eps">Episode #</option>
<option value="track_artist">Artist</option>
<option value="track_album">Album</option>
<option value="track_year">Year</option>
<option value="track_pick">Picked by</option>
</select>
<input type="text" id="filter" name="filter">
<input type="submit" name="Search" value="Search">
</form>
But the thing I'm having trouble with is taking the if statements from the beginning and making it more streamlined so that I only need 1 which will insert the value for the option selection and the value of the text box into the SQL statement WHERE [option value] = [text value]";但是我遇到的问题是从一开始就采用if语句并使其更加精简,这样我只需要 1 即可将选项选择的值和文本框的值插入到 SQL 语句WHERE [option value] = [text value]";
Does anyone have any suggestions?有没有人有什么建议? I'm likely overlooking something basic.我可能忽略了一些基本的东西。
1 个解决方案
解决方案1
1 已采纳 2020-02-19 21:50:09
In your first set of if statements, the only thing changing is the query.在您的第一组if语句中,唯一改变的是查询。 There is no need to repeat everything else.没有必要重复其他一切。 In your second set of if statements, there is literally a single word changed in the dozens of lines of code.在您的第二组if语句中,在数十行代码中实际上只更改了一个单词。 This is wasteful.这是浪费。
So, as you suspected, this can be done much more efficiently.因此,正如您所怀疑的,这可以更有效地完成。
<?php
require_once "../config.php";
require_once "../common.php";
// if it doesn't already, $options should look like this:
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
// these are safe columns to search
$columns = ["track_eps", "track_artist", "track_album", "track_year", "track_pick"];
try {
// fall back to a safe value if needed
$column = in_array($_POST["search_column"], $columns) ? $_POST["search_column"] : $columns[0];
// if it doesn't already, $dsn should include charset=utf8mb4
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT * FROM track_list WHERE $column = ?";
$statement = $connection->prepare($sql);
// no need for binding, just pass parameters to execute
$statement->execute([$_POST["search_text"]]);
$result = $statement->fetchAll();
} catch (\Exception $e) {
// don't show errors to the user, just pretend you got no results
$result = [];
// if you have a global exception handler, let it take over
throw $e;
}
?>
<?php if(count($result) === 0): ?>
<div class="alert">No results found for <?= escape($_POST["search_text"]) ?>.</div>
<?php else: ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row): ?>
<tr>
<td><?= escape($row["track_name"]) ?></td>
<td><?= escape($row["track_artist"]) ?></td>
<td><?= escape($row["track_album"]) ?></td>
<td><?= escape($row["track_year"]) ?></td>
<td><?= escape($row["track_eps"]) ?></td>
<td><?= escape($row["track_pick"]) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<form method="post">
<select name="search_column">
<option value="track_eps">Episode #</option>
<option value="track_artist">Artist</option>
<option value="track_album">Album</option>
<option value="track_year">Year</option>
<option value="track_pick">Picked by</option>
</select>
<input type="text" id="filter" name="search_text">
<button type="submit">Search</button>
</form>
<a href="index.php">Back to home</a>
<?php require "templates/footer.php"; ?>
A couple of notes:一些注意事项:
When mixing HTML and PHP, if you aren't using a proper templating system, it's neater to use alternative syntax for control structures andshort echo tags .在混合 HTML 和 PHP 时,如果您没有使用合适的模板系统,那么使用控制结构和短回显标签的替代语法会更简洁。 This is somewhat a matter of opinion, but once you've tried figuring out something like <?php }}} ?> 100 lines down the page, you'll appreciate endif and endforeach a lot.这有点见仁见智,但是一旦您尝试找出像<?php }}} ?>页面向下 100 行这样的内容,您就会非常喜欢endif和endforeach 。
I assume your escape() function is doing nothing more than htmlspecialchars() , nothing more is needed.我假设您的escape()函数只做htmlspecialchars() ,不需要更多。 So if you want to save typing, why not call it e() instead?因此,如果您想节省打字时间,为什么不将其称为e()呢?
It's a 20 year old argument, but you should not be using semantic elements like <blockquote> for presentational purposes.这是一个已有 20 年历史的论点,但您不应该将诸如<blockquote>类的语义元素用于展示目的。 Make it a <div> , give it a class, and style it.使它成为一个<div> ,给它一个类,并设置它的样式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.