Fatal编程技术网
  • php/
  • Mysql搜索表w/php和返回结果

Mysql搜索表w/php和返回结果

php mysql

Mysql搜索表w/php和返回结果,php,mysql,Php,Mysql,我试图在数据库中查找$searchtext,其中$selecteditem表示它正在搜索的列。我在代码的最后一部分遇到语法错误 我的表格- <form name="search" id="search" method="POST" action=""> <input type="text" name="searchterm" id="searchterm"> <select name="selectitem"> <opti

我试图在数据库中查找$searchtext,其中$selecteditem表示它正在搜索的列。我在代码的最后一部分遇到语法错误

我的表格-

<form name="search" id="search" method="POST" action="">
    <input type="text" name="searchterm" id="searchterm">
    <select name="selectitem">
        <option value="propertydescription">Property/Description</option>
        <option value="transactiontype">Transaction type</option>
        <option value="applicabledocument">Applicable document</option>
        <option value="recieved">recieved</option>
        <option value="paid">paid</option>
    </select>

</div></td>
<td>&nbsp;</td>
<td><input type="submit" name="search" value="search"></td>
使用此选项(删除第二个选项,其中):

请在SQL查询中将
和WHERE
替换为

  • 删除第二个
    位置
  • 删除从
    $columbname
    变量获取的列名周围的引号
    • 改变

    $query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'";

    另一方面:您的代码容易受到sql注入的攻击。切换到mysqli或PDO并使用准备好的语句。

    修复查询。使用以下命令:

    $query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND '$columbname' = '$searchterm'"
    而不是:

    $query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'"
    (您的WHERE太多了)

    更改查询:

    $query = "SELECT * FROM transactions 
          WHERE agentclient  = '$agentclient' 
          AND $columbname = '$searchterm'";
    您应该将
    和WHERE
    替换为
    中的
    ,在
    $columbname
    

    if (isset($_POST['search']))
{
 $columbname  = $_POST['selectitem'];
 $searchterm  = $_POST['searchterm'];
 $query       = "SELECT * FROM transactions WHERE (agentclient  = '$agentclient' AND $columbname = '$searchterm')";
 $result = mysql_query ($query) or die(mysql_error());
}

    
注意:不要使用扩展,因为它已被弃用。使用
或者相反
    

    我已经替换了你的
    PHP
    代码,现在它运行良好
    

    if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm  = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else

    

    您不需要
    ,如果
    ,您应该只使用
    您的php代码不完整。您还可以接受sql注入。阅读准备好的语句。不可避免的训诫:清理用户输入,不要在生产系统上使用die(mysql\u error())。不要使用mysql\u扩展。它已被弃用。改用mysqli或PDO。这样可以消除错误,但现在搜索不起作用:/

    $query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'"

    

    $query = "SELECT * FROM transactions 
          WHERE agentclient  = '$agentclient' 
          AND $columbname = '$searchterm'";

    

    if (isset($_POST['search']))
{
 $columbname  = $_POST['selectitem'];
 $searchterm  = $_POST['searchterm'];
 $query       = "SELECT * FROM transactions WHERE (agentclient  = '$agentclient' AND $columbname = '$searchterm')";
 $result = mysql_query ($query) or die(mysql_error());
}

    

    if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm  = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else