使用PHP表单中的2个字段来从MySQL数据库中检索信息
[英]Issue using 2 fields in PHP form to retrieve information from a MySQL Database
问题描述
I have a MySQL database with 3 columns: 
我有一个包含3列的MySQL数据库:
id | articletitle | articleorganization
And a simple PHP form with 2 fields and a submit button: search.php 还有一个简单的PHP表单,包含2个字段和一个提交按钮:search.php
<div class="content">
<form id="form1" name="form1" method="post" action="searchdb.php">
<table width="100%" border="0" cellpadding="6">
<tr>
<td width="29%" align="right">Article Title:</td>
<td width="71%" align="left"><input name="title" type="text" id="articletitle" size="50" /></td>
</tr>
<tr>
<td align="right">Author or Organization:</td>
<td align="left"><input name="organization" type="text" id="articleorganization" size="50" /></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="6">
<tr>
<td><input type="submit" name="submit" value="Submit" /></td>
</tr>
</table>
</form>
</div>
The form connects to searchdb.php: 表单连接到searchdb.php:
<?php
include('settings.php');
$title = mysql_real_escape_string($_POST['title']);
$organization = mysql_real_escape_string($_POST['organization']);
$sql = "SELECT * FROM articles WHERE 1 "
. (isset($title) ? "AND articletitle LIKE '$title%' " : "")
. (isset($organization) ? "AND articleorganization LIKE '$organization%'" : "");
while ($row = mysql_query($sql)){
echo '<br/> Article Title: '.$row['articletitle'];
echo '<br/> Article Organization: '.$row['articleorganization'];
echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
echo '<td><a href="entry.php?id=' . $row['id'] . '">View Full Entry</a></td>';
echo '<br/><br/>';
}
?>
After some revision with the help of commenters the problem has changed. 在评论者的帮助下进行了一些修订后,问题发生了变化。
Now, upon submitting a search, the results page begins scrolling the table that is created via searchdb.php over and over again, though without any results in the table. 现在,在提交搜索后,结果页面开始一遍又一遍地滚动通过searchdb.php创建的表,尽管表中没有任何结果。
3 个解决方案
解决方案1
1 2012-06-14 02:10:14
Basically, when you have several items with the same name referencing some kind of array what you get is an actual array afterwards. 基本上,当你有几个具有相同名称的项目引用某种类型的数组时,你得到的是一个实际的数组。
That is to say that if the input boxes are filled with "a" and "b" the variable $_POST['term'] will be equal to array("a", "b") . 也就是说,如果输入框中填充了“a”和“b”,则变量$_POST['term']将等于array("a", "b") 。
With regards to indenting, it is part of your code style, do it whatever way you feel comfortable with as long as you are consistent across your whole code base. 关于缩进,它是您的代码风格的一部分,只要您在整个代码库中保持一致,就可以以您感觉舒适的方式执行。
Edit : I do agree with others that you should be a lot more careful with user input and how you add that data to your queries 编辑 :我同意其他人的意见,你应该更加小心用户输入以及如何将这些数据添加到查询中
解决方案2
1 2012-06-14 02:35:42
If you echo your query, it will print something like this: 如果您回显查询,它将打印如下内容:
select * from articles where articletitle like '%%'
That's why your code returning all rows from the table. 这就是你的代码从表中返回所有行的原因。 To make it work the way you want, change the name of your <input> to match with your columns. 要使其按您希望的方式工作,请更改<input>的名称以与列匹配。
<input type="text" name="title" />
<input type="text" name="organization" />
Given these tags, you'll have $_POST contains array like this: 鉴于这些标签,你将有$_POST包含这样的数组:
Array
(
[title] => 'some value',
[organization] => 'another value',
)
And you have to perform some logic in your query. 而且你必须在查询中执行一些逻辑。 If only title is supplied, 如果只提供title ,
SELECT * FROM articles WHERE articletitle LIKE '%$title%'
If only organization is supplied, 如果只提供organization ,
SELECT * FROM articles WHERE articleorganization LIKE '%$organization%'
If both are supplied, 如果两者都供应,
SELECT * FROM articles
WHERE articletitle LIKE '%$title%' AND
articleorganization LIKE '%$organization%'
Here's the PHP to make SQL like above: 这是上面提到SQL的PHP:
// Don't forget to properly escape your input
$title = mysql_real_escape_string($_POST['title']);
$organization = mysql_real_escape_string($_POST['organization']);
// Build the SQL
// Echo this string to make sure the SQL is correct
$sql = "SELECT * FROM articles WHERE 1 "
. (strlen($title) ? "AND articletitle LIKE '%$title%' " : "")
. (strlen($organization) ? "AND articleorganization LIKE '%$organization%'" : "");
$qry = mysql_query($sql);
解决方案3
0 已采纳 2012-06-14 02:46:34
$_POST[term] becomes an array with key's like 0,1. $ _POST [term]成为一个数组,其键如0,1。 Loosing the field reference for your SQL query. 丢失SQL查询的字段引用。
Use these names in your input fields: 在输入字段中使用这些名称:
<input name="articletitle" type="text" id="articletitle" size="50" />
<input name="articleorganization" type="text" id="articleorganization" size="50" />
You can build your query like this: 您可以像这样构建查询:
$sql = mysql_query("select * from articles WHERE articletitle LIKE '%".mysql_real_escape_string($_POST['articletitle'])."%' OR articleorganization LIKE '%".mysql_real_escape_string($_POST['articleorganization'])."%'");
Note: Never ever use $_POST (user input) vars in a query without escaping first to prevent mysql injection. 注意:永远不要在查询中使用$ _POST(用户输入)变量而不首先转义以防止mysql注入。
PS My personal taste on indenting is: Always indent every block of matching HTML elements. PS我对缩进的个人品味是:始终缩进每个匹配的HTML元素块。 So yes, I would indent the table one tab further. 所以是的,我会进一步缩进表格一个标签。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.