搜索MySQL-PDO-PHP
我有JSON“”,从中获取数据并填充MySQL。然后我连接到MySQL并显示数据。我做了一个搜索框和按钮在我的桌子里搜索,效果非常好。结果显示在MTPHP页面的表中。但我有一个问题。这就是我将JSON数据插入MySQL的方式,下面是我在php页面中显示DB中数据的表格:搜索MySQL-PDO-PHP,php,mysql,json,Php,Mysql,Json,我有JSON“”,从中获取数据并填充MySQL。然后我连接到MySQL并显示数据。我做了一个搜索框和按钮在我的桌子里搜索,效果非常好。结果显示在MTPHP页面的表中。但我有一个问题。这就是我将JSON数据插入MySQL的方式,下面是我在php页面中显示DB中数据的表格: function getDati() { $url = 'https://jsonplaceholder.typicode.com/todos/'; $c
function getDati()
{
$url = 'https://jsonplaceholder.typicode.com/todos/';
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_URL, $url);
curl_setopt($cURL, CURLOPT_HTTPGET, true);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Accept: application/json'
));
$result = curl_exec($cURL);
curl_close($cURL);
$all_items = json_decode($result);
return $all_items;
}
//DB CONECTION
class Database
{
private $db_host;
private $db_name;
private $db_username;
private $db_password;
public function dbConnection()
{
$this->db_host = 'localhost';
$this->db_name = 'items';
$this->db_username = '*****';
$this->db_password = '****';
try {
$conn = new PDO('mysql:host=' . $this->db_host . ';dbname=' . $this->db_name, $this->db_username, $this->db_password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $conn;
} catch (PDOException $e) {
echo "Connection error " . $e->getMessage();
exit;
}
}
}
//connecto to DB to displayit into my php page
<?php
$database = new Database;
$db = $database->dbConnection();
$stmt = $db->query("SELECT * FROM posts ");
$stmt->execute();
?>
<table class="table table-hover">
<hr>
<div style="text-align: center"> <label class="badge badge-light" style="font-size:30px; background-color: #2196F3;">All Items</label></div>
<hr>
<thead>
<tr>
<th>User ID</th>
<th>ID</th>
<th>Title</th>
<th>Compiled</th>
</tr>
</thead>
<?php foreach ($stmt as $item) : ?>
<tr>
<td><?php echo $item['userId'] ?> </td>
<td><?php echo $item['id'] ?> </td>
<td><?php echo $item['title'] ?></td>
<td><?php echo $item['completed'] ? 'Compiled' : 'Not Compiled' ?></td> //completed is boolean so I used "? 'Compiled' : 'Not Compiled'" to not be displayed 0 or 1
</tr>
<?php endforeach ?>
</table>
我建议您的搜索框为用户可以提供的每个参数包含一个单独的输入小部件 您应该使用
HTML标记指定已完成的
搜索参数,如下所示:
<select name="completed">
<option value=''>-- Select a Completion Value --</option>
<option value="0">Not Completed</option>
<option value="1">Completed</option>
</select>
以上内容必须在循环中初始化。或者您可以有一个简单的文本框,用户必须在其中键入感兴趣行的id
您应该有文本输入字段userId和title:
User Id: <input type="text" name="userId">
Title: <input type="text" name="title">
注意,上面的代码使用了一个准备好的语句来防止SQL注入攻击。如果您可以确保始终至少指定一个输入条件,使得
$conditions
数组不为空,则可以从SELECT语句中删除1
条件。警告!您完全可以接受SQL注入攻击!在这样的查询中,您应该使用参数化的用户数据,而不是直接使用完全未设置场景的用户数据。例如:如果搜索字符串包含单引号或以反斜杠结尾,您的查询将失败。@Magnus Eriksson是的,我知道,但在这种情况下这不是问题。$completedTest=$\u POST['search']=='Completed'@RiggsFolly应该把它放在哪里?同样是$stmt=$db->query(“选择*,IF(completed=1,'completed','notcompleted'),从id类似于“$keyword”或userId类似于“$keyword”或title类似于“$keyword”或completed类似于“$keyword”的帖子中完成)代码>不起作用我应该将我的函数search()
更改为您发布的PHP代码应该是:?是的,如果您按照我的建议对搜索框进行更改,或者将其用作指南。我试图提出两点:(1)使用事先准备好的声明。(2) 不同的用户界面,更易于用户理解和使用。我还建议您对代码进行结构化,以便将表示(HTML输出)与生成表示内容的逻辑分离。我理解。谢谢我会试试你能帮我写PHP代码吗?我输入了两个userId和title。它给我错误未定义索引:标题和未定义索引:userId和语法错误或访问冲突:。。。
<div class="container bg-light " style=" margin-top:8%; width:30%;" id="searcform">
<form method="post">
<div class="text-center">
<label class="h3 font-weight-bold">SEARCH BY:</label>
</div>
<hr>
<div class="form-group">
<label for="formGroupExampleInput">User ID: </label>
<input type="text" name="userId" class="form-control" id="formGroupExampleInput" required>
</div>
<div class="form-group ">
<label for="formGroupExampleInput2">Title</label>
<input type="text" name="title" class="form-control" id="formGroupExampleInput2" required>
</div>
<button type="submit" name="search-btn2" class="btn btn-primary">Search</button>
<hr>
</form>
</div>
if (isset($_POST['search-btn2'])) {
$values = [];
$conditions = [];
$conditions[] = "1"; /* trivial condition that is True */
$userId = $_POST['userId'];
if ($userId != '') {
$values[] = $userId;
$conditions[] = "userId = ?";
}
$title = $_POST['title'];
if ($title != '') {
$values[] = $title;
$conditions[] = "title like concat('%', ?, '%')";
}
$database = new Database;
$db = $database->dbConnection();
$cond = join(' AND ', $conditions);
$sql = "SELECT * FROM posts WHERE $cond";
$stmt = $db->prepare($sql);
$stmt->execute($values);
}
?>
<select name="completed">
<option value=''>-- Select a Completion Value --</option>
<option value="0">Not Completed</option>
<option value="1">Completed</option>
</select>
<select name="id">
<option value=''>-- Select an id value --</option>
<option value="id-value-1">id-value-1</option>
<option value="id-value-2">id-value-2</option>
. . .
<option value="id-value-N">id-value-N</option>
</select>
User Id: <input type="text" name="userId">
Title: <input type="text" name="title">
$values = [];
$conditions = [];
$conditions[] = "1";
$completed = $_POST['completed'];
if ($completed != '') {
$values[] = $completed;
$conditions[] = "completed = ?";
}
$id = $_POST['id'];
if ($id != '') {
$values[] = $id;
$conditions[] = "id = ?";
}
$userId = $_POST['userId'];
if ($userId != '') {
$values[] = $userId;
$conditions[] = "userId = ?";
}
$title = $_POST['title'];
if ($title != '') {
$values[] = $title;
$conditions[] = "title like concat('%', ?, '%')";
}
$cond = join(' AND ', $conditions);
$db = $database->dbConnection();
$stmt = $db->prepare("SELECT * FROM posts WHERE $cond");
$stmt->execute($values);