我目前正在构建一个页面,该页面使用五个独立的下拉菜单(静态内容),当选择这些菜单时,所选内容的组合将过滤我的mysql查询,并使用这些参数显示正确的结果。
我是php的新手,我不知道如何进行
以下是index.php 的html代码
<form action="search.php" method="post">
<p>Body Type</p>
<select class="form-control" name="bodytype">
<option value="" selected="selected">Any body type</option>
<option value="saloon">Saloons</option>
<option value="hatchback">Hatchbacks</option>
<option value="4 wheel drive">4 wheel drives</option>
<option value="station wagon">Station wagon</option>
<option value="pickup">Pickups</option>
<option value="motor bike">Motor bikes</option>
<option value="convertible">Convertibles</option>
<option value="bus">Buses, Danfos & Vans</option>
<option value="truck">Trucks</option>
</select>
<p>Condition</p>
<select class="form-control" name="condition">
<option value="" selected="selected">Any condition</option>
<option value="brand new">Brand new</option>
<option value="foreign used">Foreign used (Tokunbo)</option>
<option value="nigerian used">Nigerian used (Registered)</option>
</select>
<p>Fuel type</p>
<select class="form-control" name="fueltype">
<option value="" selected="selected">Any fuel type</option>
<option value="petrol">Petrol</option>
<option value="diesel">Diesel</option>
<option value="hybrid">Hybrid</option>
</select>
<p>Transmission</p>
<select class="form-control" name="transmission">
<option value="" selected="selected">Any transmission</option>
<option value="automatic">Automatic</option>
<option value="manual">Manual</option>
</select>
<p>Drive type</p>
<select class="form-control" name="drivetype">
<option value="" selected="selected">Any drive type</option>
<option value="2 wheel drive">2 wheel drive</option>
<option value="4 wheel drive">4 wheel drive</option>
</select>
<input name="search" type="submit" value="Search">
</form>`
这是search.php
<body>
<?php
$selected_btype = $_POST['bodytype']; // Storing Selected Value In Variable
$selected_condition = $_POST['condition'];
$selected_fueltype = $_POST['fueltype'];
$selected_makemodel = $_POST['makemodel'];
$selected_transmission = $_POST['transmission'];
$selected_location = $_POST['location'];
$selected_dtype = $_POST['drivetype'];
$selected_year= $_POST['year'];
$selected_dsetup= $_POST['drivesetup'];
$query="SELECT * FROM vehicle WHERE(body_type=$selected_btype) OR
(condition='$selected_condition') OR (fuel_type='$selected_fueltype') OR
(make_model='$selected_makemodel') OR (transmission='$selected_transmission') OR
(location='$selected_location') OR (drive_type='$selected_dtype') OR
(year='$selected_year') OR (drive_setup='$selected_dsetup')";
$result=mysql_query($query);
if($result)
{
while ($row=mysql_fetch_array($result)){
echo "<tr>";
echo "<td>".$row['sn']."</td>";
echo "<td>".$row['body_type']."</td>";
echo "<td>".$row['make_model']."</td>";
echo "<td>".$row['location']."</td></tr>";
echo "<td>".$row['year']."</td>";
echo "<td>".$row['condition']."</td>";
echo "<td>".$row['transmission']."</td>";
echo "<td>".$row['description']."</td></tr>";
echo "<td>".$row['images']."</td></tr>";
}
}else{
die(mysql_error());
}
?>
search.php的输出:
您的SQL语法有错误;查看与MySQL服务器版本对应的手册,以获得在第1行的"condition='nigerianused'"或(fuel_type='')或(make_model='peugeot'"附近使用的正确语法
您的代码有几个问题:
首先,condition是MySQL的保留字,需要用backticks进行包装。
- http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
要么用反勾号将其包装起来,要么将其重命名为另一个单词。
$query="SELECT * FROM vehicle WHERE(body_type=$selected_btype) OR
(`condition`='$selected_condition')
注意错误指向的位置:
对于在'condition='nigerian used'附近使用的正确语法)^
然后是WHERE(body_type=$selected_btype)
$selected_btype变量需要用引号括起来,因为其中包含字符串值。
WHERE(body_type='$selected_btype')
脚注:
您应该考虑将mysqli与已准备好的语句一起使用,或者将PDO与已准备的语句一起,它们要安全得多,因为您当前的代码对SQL注入是开放的。
在您的查询中,主体类型选择是而不是像其他类型一样封装在引号中,但它是一个字符串,因此需要像这个
$query="SELECT * FROM vehicle WHERE(body_type=<b>'</b>$selected_btype<b>'</b>) OR......