I'm coding a feature in PHP, it's a search engine.
<form action="result" method="POST"> <select name="instrument" id="instrument"> <option value="all">All instrument</option> <option value="1">Guitar</option> <option value="2">Bass</option> <option value="3">Battery</option> <option value="4">Singer</option> </select> <select name="theme" id="theme"> <option value="all">All themes</option> <option value="1">Metal</option> <option value="2">Jazz</option> <option value="3">Rock</option> <option value="4">Blues</option> </select> <input type="submit" value="search" /> </form>
I already code this search engine like this and it works
<?php
if(isset($_POST)) {
$theme = $_POST['theme'];
$instrument = $_POST['instrument'];
$req_search = $bdd->query("SELECT * FROM user,theme,instrument WHERE theme.theme_id = user.user_theme AND instrument.instrument_id = user.user_instrument AND theme_id =".$theme." AND instrument_id =".$instrument);
if($req_search->rowCount()>0) {
while($search = $req_search->fetch()) {
?>
<p><?php echo $search['user_username']; ?></p>
<?php
}
$req_search->closeCursor();
} else {
echo "Users not found";
}
}
?>
You can find users who is matching with those options (without All instrument
and All themes
.
Everything is stored into a MySql database.
However when I click on All themes
and All instrument
. I want to update my select request. Like if I select All instrument
and All themes
I want to display every users. Or if I select All instrument
and Metal
, I want to display all users listening to metal and playing whatever instrument.
Thanks for your help !
You can construct your query to be conditional depending on whether $theme
and $instrument
have values:
$query = "SELECT * FROM user,theme,instrument
WHERE theme.theme_id = user.user_theme
AND instrument.instrument_id = user.user_instrument".
($theme!="" ? " AND theme_id='$theme'" : "").
($instrument!="" ? " AND instrument_id='$instrument'" : "");
$req_search = $bdd->query($query);
That said, you should look into PDO Prepared Statements and Placeholders , because all this would take is someone to fiddle around with the DOM to perform some MySQL Injection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.