在php中仅从一个下拉框中选择
我有两个列表框,我单击这两个来创建SELECT查询。我将$POST变量放入另一个变量中,然后将它们放入SELECT查询中。这似乎很好,但当我只想从其中一个框中选择时,问题就出现了。例如,我只想从肯·戴维斯的所有书或冒险类的所有书中选择。在我得到结果之前,我似乎必须选择两个框。有人能建议一种解决方法吗在php中仅从一个下拉框中选择,php,Php,我有两个列表框,我单击这两个来创建SELECT查询。我将$POST变量放入另一个变量中,然后将它们放入SELECT查询中。这似乎很好,但当我只想从其中一个框中选择时,问题就出现了。例如,我只想从肯·戴维斯的所有书或冒险类的所有书中选择。在我得到结果之前,我似乎必须选择两个框。有人能建议一种解决方法吗 <html> <head> <title>My Page</title> </head> <body> <br>
<html>
<head>
<title>My Page</title>
</head>
<body>
<br>
<form name="myform" action="dropdown2.php" method="POST">
<select name="author" size="4">
<option value="ken davies">ken davies</option>
<option value= "arthur smith">arthur smith</option>
<option value="gill rafferty">gill rafferty</option><br />
<option value="molly brown">molly brown</option><br />
<option value="gilbert riley">gilbert riley</option><br />
<input type = "submit" name = "submit" value = "go">
<select name="genre" size="4">
<option value="adventure">adventure</option>
<option value="biography">biography</option>
<option value="crime">crime</option><br />
<option value="romance">romance</option>
<option value="2007">thriller</option>
<input type = "submit" name = "submit" value = "go">
<?php
$_POST['author'];
$bird = $_POST['author'];
$_POST['genre'];
$cat = $_POST['genre'];
$con = mysql_connect("localhost","root","");
If (!$con){
die("Can not Connect with database" . mysql_error());
}
Mysql_select_db("authors",$con);
$sql = "SELECT * FROM books WHERE author = '$bird' AND genre = '$cat' ";
$myData = mysql_query($sql,$con);
echo"<table border=1>
<tr>id</th>
<tr>author</th>
<tr>title</th>
<tr>publisher</th>
<tr>year</th>
<tr>genre</th>
<tr>sold</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['id'] . "</td>";
echo "<td>" . $record['author'] . "</td>";
echo "<td>" . $record['title'] . "</td>";
echo "<td>" . $record['publisher'] . "</td>";
echo "<td>" . $record['year'] . "</td>";
echo "<td>" . $record['genre'] . "</td>";
echo "<td>" . $record['sold'] . "</td>";
echo "<tr />";
}
echo "</table>";
mysql_close($con);
?>
</form>
</body>
</html>
我的页面
肯·戴维斯
亚瑟·史密斯
吉尔·拉弗蒂
莫莉·布朗
吉尔伯特·莱利
冒险
传记
犯罪
浪漫
惊悚片
if (isset($bird) && isset($cat))
$sql = "SELECT * FROM books WHERE author = '$bird' AND genre = '$cat' ";
elseif (isset($bird))
$sql = "SELECT * FROM books WHERE author = '$bird' ";
elseif (isset($cat))
$sql = "SELECT * FROM books WHERE genre = '$cat' ";
此外,法律要求我让您知道,在SQL中添加变量将导致SQL注入。你应该准备和执行。我将在下面(一秒钟)编写一些示例代码。首先,您需要像现在这样从表单中获取值,但您需要添加一些代码,允许它们是非强制性的:
$bird = ( ! empty($_POST['author'])) ? $_POST['author'] : null;
$cat = ( ! empty($_POST['genre'])) ? $_POST['genre'] : null;
null$genres = array('adventure', 'biography', 'crime', 'romance', 'thriller');
if ( ! in_array($cat, $genres)) {
// invalid data supplied (you could show an error)
unset($cat); // destroys the invalid variable
}
if (isset($bird) && isset($cat)) {
// SELECT by both
}
else if (isset($bird)) {
// SELECT by author
}
else if (isset($cat)) {
// SELECT by cat
}
else {
// SELECT all
}
缩短上述内容的方法有很多,但这是一个很好的起点。在这种情况下,您必须在PHP代码中为不同的情况编写不同的查询
//When both the list boxes are selected
if(isset($_POST['author'])&&isset($_POST['genre']))
{
$sql = "SELECT * FROM books WHERE author = '$bird' AND genre = '$cat' ";
unset($_POST['genre']);
unset($_POST['author']);
}
//When searching genre-wise (author variable not set)
elseif(!isset($_POST['author']))
{
$sql = "SELECT * FROM books WHERE genre = '$cat' ";
unset($_POST['genre']);
}
//When searching authorwise (genre variable not set)
elseif(!isset($_POST['genre']))
{
$sql = "SELECT * FROM books WHERE author = '$bird'";
unset($_POST['author']);
}
非常感谢diggersworld、krish94和Dave Chen的这些精彩回复,他们都非常有帮助..Dave。。。sql注入,我听说过,但不太明白。这是代码中的某种漏洞吗?@colin如果
$bird$catunset($\u POST['genre'])&unset($_POST['author'])正在生成错误。我已经更新了我的代码。请应用更改。嗨,ikk,非常感谢您对其进行的修改。非常好!如果你找到了答案,就按答案旁边的箭头。很乐意帮忙!