我正在尝试仅根据 POST 中的州条目或州和城市条目来提取结果,这让我发疯......
提前感谢!
$totnum=mysql_query("SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'");
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);
预期成果:
州 = 佛罗里达州
或
州 = 佛罗里达市 = 代托纳比奇
首先,你能显示 SQL 吗?
$sql = "SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'";
echo $sql; //Let's see
$totnum=mysql_query($sql);
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);
然后。。。尝试在"phpMyAdmin"上运行它进行测试...
2 - 您的SQL非常非常危险,请尝试阅读"SQL注入"并将查询更改为预准备语句
这是我必须做的,花了几个小时才弄清楚,但现在我得到了正确的结果......感谢大家的投入。原谅我是一个业余爱好者。
if($_POST['state'] AND $_POST['city']=="Select City"){
$search_fields[]=" state='$st'";
$showsearch[]=" $st ";
} else {
if($_POST['state'] AND $_POST['city']){
$search_fields[]=" state='$st' AND city1='$_POST[city]'";
$showsearch[]=" $st - $_POST[city]";
}
}
$search_fields = implode(' AND ',$search_fields);
$showsearch = implode(" AND ",$showsearch);
$sql = "SELECT item_id from items WHERE $search_fields AND active='1'";
$totnum=mysql_query($sql);
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);