我正试图弄清楚如何创建一个更改Query的表单示例(HTML)
<form action="change.php" method="POST" name="Update">
<table>
<tr>
<td>
<input type="text" value="Enter New Criteria" name="where" >
<input type="text" value="Enter New Criteria" name="where2" >
</td>
</tr>
<tr>
<td align="center" style="font-family:Calibri">
<input type="submit" value="Search"/>
</tr>
</table>
SQL查询
$Query = "SELECT order_number
FROM order_header
WHERE (order_number LIKE **'%CHANGE VALUE HERE%'**
OR order_number LIKE **'%CHANGE VALUE HERE%'**
我该怎么做呢?我是个新手,但我正在努力。我试过搜索,但可能我没有使用正确的关键词。
使用$_POST['where']和$_POST['where2']代替%CHANGE VALUE HERE%。更多信息:http://php.net/manual/en/reserved.variables.post.php
例如:
$Query = "SELECT order_number
FROM order_header
WHERE (order_number LIKE '$_POST[where]'
OR order_number LIKE '$_POST[where2]')";
当你完成它的工作后,阅读一下SQL注入:http://php.net/manual/en/security.database.sql-injection.php
尝试:
$where = $_POST['where'];
$where2 = $_POST['where2'];
$Query = "SELECT order_number
FROM order_header
WHERE (order_number LIKE '%whereParameter%'
OR order_number LIKE '%where2Partameter%'"
$Query = str_replace("whereParameter", $where, $QueryTemplate);
$Query = str_replace("where2Parameter", $where2, $QueryTemplate);