最受欢迎

一个提交按钮中的多个搜索表单 PHP/HTML

Multiple Search Form in one Submit button PHP/HTML

本文关键字:搜索表 搜索 表单 HTML PHP 一个 提交 按钮 | 更新日期: 2023-09-27

我正在尝试创建一个搜索查询,用户可以在其中使用名字或姓氏或两者来搜索数据库。我只能使用 1 种类型的搜索来做到这一点,但如果我同时做这两种搜索,我不确定我该怎么做。

    <html>
  <head>
    <meta  http-equiv="Content-Type" content="text/html;  charset=iso-8859-1">
    <title>Search  Contacts</title>
    <link href="site.css" rel="stylesheet">
  </head>
  <body>
    <nav id="nav01"></nav>
    <div id="main">
    <h3>Search  Contact Details</h3>
    <form  method="post" action="#"  id="searchform">
      First Name:<br>
      <input  type="text" name="fname">
      <br>Last Name:<br>
      <input type="text" name="lname">
      <br>
      <input  type="submit" name="submit" value="Search">
    </form>
<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
// SQL query
if (!empty($myquery)) {
    $sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
           from Userlist where FirstName LIKE '%". $myquery  ."%' OR LastName LIKE '%".$myquery2."%'";
    //Get query on the database
    $result = mysqli_query($conn, $sql);
    //Check results
    if (mysqli_num_rows($result) > 0)
    {
    //Headers
     echo "<table>";
        echo "<tr>";
        echo "<th>Image ID</th>";
        echo "<th>Lastname</th>";
        echo "<th>Firstname</th>";
        echo "<th>Email</th>";
        echo "<th>PhoneNumber</th>";
        echo "</tr>";
  //output data of each row
      while($row = mysqli_fetch_assoc($result))
        {
                echo "<tr>";
                  echo "<td>".$row['ID']."</td>";
                  echo "<td>".$row['LastName']."</td>";
                  echo "<td>".$row['FirstName']."</td>";
                  echo "<td>".$row['Email']."</td>";
                  echo "<td>".$row['PhoneNumber']."</td>";
                echo "</tr>";
        }
              echo "</table>";
    } else {
        echo "0 results";
    }
}
        mysqli_close($conn);
?>
<footer id="foot01"></footer>
</div>
<script src="script.js"></script>
</body>

</html>

你可以这样做: 

<?php
      if(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])>0){
            $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%' AND LastName LIKE '%". $_POST["lname"])>."%'";
      }
      elseif(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])==0){
           $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%'";
      }
      elseif(strlen($_POST["lname"])>0 AND strlen($_POST["fname"])==0){
           $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE LastName LIKE '%". $_POST["lname"])>."%'";
      }
      else{
          //No keywords specified
      }
?>

您可以简单地在 ID 上使用 OR 和 distinct ,这样当用户同时搜索 FirstName 和 LastName 时,您只会获得 1 个条目

$myquery = mysqli_real_escape_string($connection,$_POST["fname"]); //<<< change $connection to your connection variable
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);
$sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
           from Userlist where FirstName LIKE '%". $myquery  ."%' OR LastName LIKE '%".$myquery2."%'";

您应该转义您在查询中搜索的所有内容,无论是使用 

mysqli_real_escape_string

如上所述,或者您最好使用准备好的陈述

编辑:

这:

$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);

需要在建立连接后。当您使用$conn进行连接时,您需要将其更改为 

$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);

喜欢这个:

<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);

您的代码受到 sql 注入攻击,因此我试图通过更正使其更好。 

<h3>Search  Contact Details</h3>
<form  method="post" action="#"  id="searchform">
  First Name:<br>
  <input  type="text" name="fname">
  <br>Last Name:<br>
  <input type="text" name="lname">
  <br>
  <input  type="submit" name="submit" value="Search">
</form>
<?php
/*USE PDO prepared statement to prevent mysql injection attacks*/
//PDo constructor instantiating instance of database object.
$pdo =  PDO('mysql:host=localhost;dbname=YourDatabaseName;charset=utf8', 'YourUserName', 'YourPassword');
//check if something is submitted
if(isset($_POST['submit']) ){
//remove tags from the user input
$fname  = strip_tags('%'.$_POST['fname'].'%');
$lname   = strip_tags('%'.$_POST['lname'] .'%');    
//you need to use the if- conditional to 
//check if one or both fields are set 
if  ( (isset($fname) && !empty($fname)) || (isset($lname) && !empty($lname)) ) {
    try{
        $sql = "SELECT distinct ID, FirstName, LastName, Email, PhoneNumber
                 FROM Userlist
                 WHERE `FirstName` LIKE :FirstName  OR `LastName` LIKE :LastName";
         //Prepare the statment
        $query = $pdo->prepare($sql);
        $query->bindParam(':FirstName', $fname, PDO::PARAM_STR);
        $query->bindParam(':LastName', $lname, PDO::PARAM_STR);
        $query->execute();
        $result = $query->fetchAll();

    } catch (Exception $e) {
        print "Database Problem: " . $e->getMessage();
    }

}
//you can use foreach to display the result. 
    foreach ($result as $res): 
            echo $rs['FirstName']; //and so on
    endforeach;
}
else{
    echo 'search for some thing';
}
?>
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习