Mysql搜索表w/php和返回结果
我试图在数据库中查找$searchtext,其中$selecteditem表示它正在搜索的列。我在代码的最后一部分遇到语法错误 我的表格-Mysql搜索表w/php和返回结果,php,mysql,Php,Mysql,我试图在数据库中查找$searchtext,其中$selecteditem表示它正在搜索的列。我在代码的最后一部分遇到语法错误 我的表格- <form name="search" id="search" method="POST" action=""> <input type="text" name="searchterm" id="searchterm"> <select name="selectitem"> <opti
<form name="search" id="search" method="POST" action="">
<input type="text" name="searchterm" id="searchterm">
<select name="selectitem">
<option value="propertydescription">Property/Description</option>
<option value="transactiontype">Transaction type</option>
<option value="applicabledocument">Applicable document</option>
<option value="recieved">recieved</option>
<option value="paid">paid</option>
</select>
</div></td>
<td> </td>
<td><input type="submit" name="search" value="search"></td>
使用此选项(删除第二个选项,其中):
请在SQL查询中将
和WHERE
替换为和
位置
$columbname
变量获取的列名周围的引号$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND WHERE '$columbname' = '$searchterm'";
到
另一方面:您的代码容易受到sql注入的攻击。切换到mysqli或PDO并使用准备好的语句。修复查询。使用以下命令:
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND '$columbname' = '$searchterm'"
而不是:
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND WHERE '$columbname' = '$searchterm'"
(您的WHERE太多了)更改查询:
$query = "SELECT * FROM transactions
WHERE agentclient = '$agentclient'
AND $columbname = '$searchterm'";
您应该将
和WHERE
替换为和中的和,在$columbname
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query = "SELECT * FROM transactions WHERE (agentclient = '$agentclient' AND $columbname = '$searchterm')";
$result = mysql_query ($query) or die(mysql_error());
}
注意:不要使用扩展,因为它已被弃用。使用
或者相反
我已经替换了你的PHP
代码,现在它运行良好
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else
您不需要,如果,您应该只使用,
您的php代码不完整。您还可以接受sql注入。阅读准备好的语句。不可避免的训诫:清理用户输入,不要在生产系统上使用die(mysql\u error())。不要使用mysql\u扩展。它已被弃用。改用mysqli或PDO。这样可以消除错误,但现在搜索不起作用:/
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND WHERE '$columbname' = '$searchterm'"
$query = "SELECT * FROM transactions
WHERE agentclient = '$agentclient'
AND $columbname = '$searchterm'";
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query = "SELECT * FROM transactions WHERE (agentclient = '$agentclient' AND $columbname = '$searchterm')";
$result = mysql_query ($query) or die(mysql_error());
}
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else