允许用户通过简单的下拉列表对MySQL结果进行排序
[英]Allowing users to sort MySQL results via simple dropdown
问题描述
I have created a very simple CRUD that queries my database for Hotel details and displays them within an HTML table. 
我创建了一个非常简单的CRUD,可在数据库中查询酒店的详细信息并将其显示在HTML表中。
By default my mysql query returns the Hotels in the order they were created. 默认情况下,我的mysql查询按创建顺序返回酒店。 I have come up with a few different sql statements to return results by distance or AZ and I would like the user to select which they prefer. 我想出了一些不同的sql语句按距离或AZ返回结果,我希望用户选择他们喜欢的结果。
How can I create a simple dropdown with for example "Name" and "Distance", which when selected will reload the page using the correct sort query using PHP? 如何创建一个简单的下拉列表,例如“名称”和“距离”,当选择这些下拉列表时,将使用PHP使用正确的排序查询来重新加载页面?
3 个解决方案
解决方案1
1 已采纳 2012-11-26 17:50:08
Your basic structure is going to look like; 您的基本结构将看起来像;
HTML; HTML;
<SELECT id="sort_select" onchange="javascript:re_sort();">
//options
</SELECT>
Javascript function; Javascript功能;
function re_sort() {
//make ajax call using sort_select value
//refresh table contents
}
PHP; PHP;
if($_GET['sort_field'] == 'fish') {
//execute fish sort sql
}
else if($_GET['sort_field'] == 'goat') {
//execute goat sort sql
}
//return response
Do Not use the $_GET value directly in the sql query, instead use the structure above. 不要在SQL查询中直接使用$_GET值,而应使用上面的结构。
解决方案2
0 2012-11-26 17:49:57
Sounds simple enough. 听起来很简单。 You add an ORDER BY clause populated by the value from the dropdown. 您添加一个ORDER BY子句,该子句由下拉列表中的值填充。
Fair Warning! 公平警告!
Direct user input is highly dangerous! 用户直接输入非常危险! And prepared statements cannot be used on an ORDER BY value. 并且准备好的语句不能在ORDER BY值上使用。 You'll need very aggressive whitelisting , make sure the value you receive is one of pre-defined values, which are fetched from somewhere on the server (the database schema, or hardcoded into the PHP code) . 您将需要非常激进的白名单 ,确保接收到的值是预定义的值之一,该值是从服务器上的某个位置(数据库架构,或硬编码到PHP代码)中获取的 。
Never let user input arrive your query unchecked and unsanitized! 永远不要让用户输入未经检查和未经消毒就到达您的查询!
解决方案3
0 2012-11-26 17:51:50
You will need to use JavaScript that handles the change event and reload event. 您将需要使用处理change事件和reload事件的JavaScript。 However, you will want to handle disabled JavaScript browsers too. 但是,您也将要处理禁用的JavaScript浏览器。 You can do that by maybe showing a sumbit button and hiding it with the JavaScript. 您可以通过显示一个sumbit按钮并将其隐藏在JavaScript中来实现。
As far as PHP there are several ways to approach it, but here is an idea. 就PHP而言,有几种方法可以解决它,但这是一个想法。 Store the sorting values into an array. 将排序值存储到数组中。 Then have the index be a number, just so SQL injection will not take place if done right as we do not want to allow pure SQL statements. 然后使索引为数字,只是为了使SQL注入如果正确完成就不会发生,因为我们不想允许纯SQL语句。 When the user changes submit it. 当用户更改时,将其提交。
In the code have a switch and append the appropriate SQL statement to it based on the number input. 在代码中有一个开关,并根据输入的数字向其附加适当的SQL语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.