对于所有关心的人,if if empty empty语句对我有用
我是SQL和PHP的新手,我正在尝试实现搜索功能,以便从处理葡萄酒的MySQL数据库中获取数据。
我已经弄清楚如何在有一个搜索变量的情况下进行查询,并且我已经找到了如何使用两个搜索变量进行查询,我确定我可以继续使用该模式 - 但是我想要做的是实现一个搜索功能,可以根据用户输入的变量进行搜索(这意味着,用户必须输入至少一个值,搜索将抓取相关的字段到搜索变量)。
比如说我有这些搜索变量:
根据用户输入的变量数量,将决定搜索的精确程度。
我试过搜索论坛但似乎找不到任何东西。如果我的格式或问题是错误的,请道歉。非常感谢任何帮助或指向正确的方向,谢谢!
这是我的代码到目前为止,如果用户同时输入变量&wine;' wineName'和' wineryName'。尝试使用isset触发某种切换,但我不认为我在正确的轨道上。
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html401/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Answer Page</title>
</head>
<body bgcolor="white">
<?php
function showerror() {
die("Error " . mysql_errno() . " : " . mysql_error());
}
require 'db.php';
// Show all wines in a region in a <table>
function displayWines($connection, $query, $wineName) {
// Run the query on the server
if (!($result = @ mysql_query ($query, $connection))) {
showerror();
}
// Find out how many rows are available
$rowsFound = @ mysql_num_rows($result);
// If the query has results ...
if ($rowsFound > 0) {
// ... print out a header
print "You searched for $wineName with a region of $wineryName <br><br>";
// and start a <table>.
print "\n<table>\n<tr>" .
"\n\t<th>Wine ID</th>" .
"\n\t<th>Wine Name</th>" .
"\n\t<th>Winery Name</th>" .
"\n\t<th>Year</th>\n</tr>";
// Fetch each of the query rows
while ($row = @ mysql_fetch_array($result)) {
// Print one row of results
print "\n<tr>\n\t<td>{$row["wine_id"]}</td>" .
"\n\t<td>{$row["wine_name"]}</td>" .
"\n\t<td>{$row["winery_name"]}</td>" .
"\n\t<td>{$row["year"]}</td>\n</tr>";
} //end while loop body
//finish table
print "\n</table>";
} //end if $rowsFound body
//Report how many rows were found
print "<br>{$rowsFound} records found matching your criteria<br>";
} //end of function
// Connect to the MySQL server
if (!($connection = @ mysql_connect(DB_HOST, DB_USER, DB_PW))) {
die("Could not connect");
}
//get user data
$wineName = $_GET['wineName'];
$wineryName = $_GET['wineryName'];
if (!mysql_select_db(DB_NAME, $connection)) {
showerror();
}
//start a query
$query = "SELECT wine_id, wine_name, winery_name, year
FROM wine, winery
WHERE wine.winery_id = winery.winery_id";
if (isset($wineName)) {
$query .= " AND wine_name = '{$wineName}'";
}
if (isset($wineryName)) {
$query .= " AND winery_name = '{$wineryName}'";
}
//order the list
$query .= " ORDER BY wine_name";
//run query, show results
displayWines($connection, $query, $wineName);
?>
</body>
</html>
答案 0 :(得分:0)
首先,将您的INPUT名称更改为数组,例如
<input name="wine[wineName]" ...>
<input name="wine[wineryName]" ...>
现在您必须更改获取用户数据的方式:
// Define an array of allowed fields ("whitelist")
$fields = array('wineName', 'wineryName');
// Get the fields given by the user
$wine = array();
foreach($fields as $field)
if (isset($_GET['wine'][$field]))
$wine[$field] = mysql_real_escape_string($_GET['wine'][$field]);
// ... your code here ...
//start a query
$query = "SELECT wine_id, wine_name, winery_name, year
FROM wine, winery
WHERE wine.winery_id = winery.winery_id";
foreach ($wine as $field => $value) $query .= " AND ".$field." = '".$value."'";
一个重要的提示:永远不要在查询中使用用户给定的输入而不转义! (见http://php.net/manual/en/function.mysql-real-escape-string.php)
答案 1 :(得分:0)
//start a query
$query = "SELECT wine_id, wine_name, winery_name, year
FROM wine, winery
WHERE wine.winery_id = winery.winery_id";
if (isset($wineName)) {
$query .= " AND wine_name LIKE '%$wineName%'";
}
if (isset($wineryName)) {
$query .= " AND winery_name LIKE '%$wineryName%'";
}
//order the list
$query .= " ORDER BY wine_name";
//run query, show results
displayWines($connection, $query, $wineName);
答案 2 :(得分:0)
请查看以下内容:
print "\n<tr>\n\t<td>{$row["wine_id"]}</td>" .
"\n\t<td>{$row["wine_name"]}</td>" .
"\n\t<td>{$row["winery_name"]}</td>" .
"\n\t<td>{$row["year"]}</td>\n</tr>";
应该是
print "\n<tr>\n\t<td>{$row['wine_id']}</td>" .
"\n\t<td>{$row['wine_name']}</td>" .
"\n\t<td>{$row['winery_name']}</td>" .
"\n\t<td>{$row['year']}</td>\n</tr>";
代替。数组键的双引号正在关闭字符串。
注意:
因为您的导师已经说过要使用已弃用的mysql_ *函数,所以你无法做很多事情。但请记住,您最好使用参数化预处理语句并将输入值绑定到参数(使用PDO或mysqli)。