Php SQL中的Select语句与下拉列表变量
我目前遇到以下代码的问题:Php SQL中的Select语句与下拉列表变量,php,html,sql,select,drop-down-menu,Php,Html,Sql,Select,Drop Down Menu,我目前遇到以下代码的问题: <form action="" method="post"> <input type="text" name="term" placeholder="Search Terms"/> <select id=""drop"" name="drop""> <option value="CODE">Code</option> <option value="SCIN
<form action="" method="post">
<input type="text" name="term" placeholder="Search Terms"/>
<select id=""drop"" name="drop"">
<option value="CODE">Code</option>
<option value="SCINAME">Scientific Name</option>
<option value="COLLECTOR">Holder</option>
<option value="DATA">Data</option>
</select>
<br/>
<button type="submit" class="button primary">Search</button>
</form>
<?php
if (!empty($_REQUEST['term'])) {
$term = mysql_real_escape_string($_REQUEST['term']);
$drop = ($_REQUEST['drop']);
$sql = "SELECT * FROM ANIMAIS WHERE '%".$drop."%' LIKE '%".$term."%'";
$r_query = mysql_query($sql);
while ($row = mysql_fetch_array($r_query)){
echo '<br />code: ' .$row['CODE'];
echo '<br />Name: ' .$row['SCINAME'];
echo '<br /> Colector: '.$row['COLLECTOR'];
echo '<br /> Local: '.$row['LOCAL'];
echo '<br /> Data: '.$row['DATA'];
echo '<br /> Descr: '.$row['DESCRIPTION'];
echo '<br />';
}
}
?>
到
它确实有效,但在SCINAME列上搜索时,我不想做的是允许下拉列表选择要查询的SQL列,但实际的解决方案效果不太好
提前感谢您的帮助。不需要
'%%'
来获取列名。应该是——
$sql = "SELECT * FROM ANIMAIS WHERE ".$drop." LIKE '%".$term."%'";
语句和查询中的拼写错误
<select id=""drop"" name="drop"">
^^ ^^ ^^
您的
选择id
上有四个“
字符是有原因的吗?永远不要将来自用户的数据连接到SQL查询。请使用参数。同意并使用PDO
$sql = "SELECT * FROM ANIMAIS WHERE ".$drop." LIKE '%".$term."%'";
<select id=""drop"" name="drop"">
^^ ^^ ^^
<select id="drop" name="drop">
"SELECT * FROM ANIMAIS WHERE ".$drop." LIKE '%".$term."%'";