一个提交按钮中的多个搜索表单PHP/HTML_Php_Html

一个提交按钮中的多个搜索表单PHP/HTML

php html

一个提交按钮中的多个搜索表单PHP/HTML,php,html,Php,Html,我正在尝试创建一个搜索查询，用户可以在其中使用firstname或lastname搜索数据库，也可以同时使用两者。我能够做到这一点，只使用1种类型的搜索，但如果我都这样做，我不知道我如何才能做到这一点 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Search Contact

我正在尝试创建一个搜索查询，用户可以在其中使用firstname或lastname搜索数据库，也可以同时使用两者。我能够做到这一点，只使用1种类型的搜索，但如果我都这样做，我不知道我如何才能做到这一点

    <html>
  <head>
    <meta  http-equiv="Content-Type" content="text/html;  charset=iso-8859-1">
    <title>Search  Contacts</title>
    <link href="site.css" rel="stylesheet">
  </head>
  <body>

    <nav id="nav01"></nav>

    <div id="main">
    <h3>Search  Contact Details</h3>
    <form  method="post" action="#"  id="searchform">
      First Name:<br>
      <input  type="text" name="fname">
      <br>Last Name:<br>
      <input type="text" name="lname">
      <br>
      <input  type="submit" name="submit" value="Search">
    </form>

<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
// SQL query
if (!empty($myquery)) {

    $sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
           from Userlist where FirstName LIKE '%". $myquery  ."%' OR LastName LIKE '%".$myquery2."%'";

    //Get query on the database
    $result = mysqli_query($conn, $sql);

    //Check results
    if (mysqli_num_rows($result) > 0)
    {
    //Headers
     echo "<table>";
        echo "<tr>";
        echo "<th>Image ID</th>";
        echo "<th>Lastname</th>";
        echo "<th>Firstname</th>";
        echo "<th>Email</th>";
        echo "<th>PhoneNumber</th>";
        echo "</tr>";

  //output data of each row
      while($row = mysqli_fetch_assoc($result))
        {
                echo "<tr>";
                  echo "<td>".$row['ID']."</td>";
                  echo "<td>".$row['LastName']."</td>";
                  echo "<td>".$row['FirstName']."</td>";
                  echo "<td>".$row['Email']."</td>";
                  echo "<td>".$row['PhoneNumber']."</td>";
                echo "</tr>";
        }
              echo "</table>";
    } else {
        echo "0 results";
    }
}

        mysqli_close($conn);

?>
<footer id="foot01"></footer>
</div>

<script src="script.js"></script>
</body>


</html>


搜索联系人
搜寻联络资料
名字：


姓氏：

您只需在ID上使用OR和distinct，这样，如果用户同时搜索FirstName和LastName，您只会得到一个条目

$myquery = mysqli_real_escape_string($connection,$_POST["fname"]); //<<< change $connection to your connection variable
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);

$sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
           from Userlist where FirstName LIKE '%". $myquery  ."%' OR LastName LIKE '%".$myquery2."%'";

如上所述，或者您最好使用

编辑：

这：

$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);

需要在您建立连接后进行。当您使用$conn进行连接时，需要将其更改为

$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);

像这样：

<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";


// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);

您可以这样做：
<?php

      if(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])>0){
            $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%' AND LastName LIKE '%". $_POST["lname"])>."%'";
      }
      elseif(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])==0){
           $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%'";
      }
      elseif(strlen($_POST["lname"])>0 AND strlen($_POST["fname"])==0){
           $sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE LastName LIKE '%". $_POST["lname"])>."%'";
      }
      else{
          //No keywords specified
      }
?>

您的代码受到sql注入攻击，因此我已尝试通过更正使其更好。
<h3>Search  Contact Details</h3>
<form  method="post" action="#"  id="searchform">
  First Name:<br>
  <input  type="text" name="fname">
  <br>Last Name:<br>
  <input type="text" name="lname">
  <br>
  <input  type="submit" name="submit" value="Search">
</form>

<?php
/*USE PDO prepared statement to prevent mysql injection attacks*/
//PDo constructor instantiating instance of database object.
$pdo =  PDO('mysql:host=localhost;dbname=YourDatabaseName;charset=utf8', 'YourUserName', 'YourPassword');
//check if something is submitted
if(isset($_POST['submit']) ){

//remove tags from the user input
$fname  = strip_tags('%'.$_POST['fname'].'%');
$lname   = strip_tags('%'.$_POST['lname'] .'%');    

//you need to use the if- conditional to 
//check if one or both fields are set 

if  ( (isset($fname) && !empty($fname)) || (isset($lname) && !empty($lname)) ) {

    try{
        $sql = "SELECT distinct ID, FirstName, LastName, Email, PhoneNumber
                 FROM Userlist
                 WHERE `FirstName` LIKE :FirstName  OR `LastName` LIKE :LastName";

         //Prepare the statment
        $query = $pdo->prepare($sql);
        $query->bindParam(':FirstName', $fname, PDO::PARAM_STR);
        $query->bindParam(':LastName', $lname, PDO::PARAM_STR);
        $query->execute();

        $result = $query->fetchAll();


    } catch (Exception $e) {
        print "Database Problem: " . $e->getMessage();
    }


}
//you can use foreach to display the result. 
    foreach ($result as $res): 
            echo $rs['FirstName']; //and so on
    endforeach;

}
else{
    echo 'search for some thing';

}

?>

搜索联系人详细信息
名字：


姓氏：



当然，在查询中使用之前应该先转义这些值。我想OP真正想要的是搜索名字和姓氏的组合，如果两者都给定的话。e、 g.SQL和很好，对此不太确定，但我将更改OP在@kaihi评论上回答的内容，谢谢你，我似乎无法使用LastName进行搜索。你的LastName列在DB中的名称是什么？当在搜索中指定了这两个字段时，期望的行为是什么？它们都需要满足吗？不，它们不需要同时满足，但是，如果用户想更具体地说，他可以同时填写这两项，它会显示输入了他/她名字和姓氏的非常准确的行
<h3>Search  Contact Details</h3>
<form  method="post" action="#"  id="searchform">
  First Name:<br>
  <input  type="text" name="fname">
  <br>Last Name:<br>
  <input type="text" name="lname">
  <br>
  <input  type="submit" name="submit" value="Search">
</form>

<?php
/*USE PDO prepared statement to prevent mysql injection attacks*/
//PDo constructor instantiating instance of database object.
$pdo =  PDO('mysql:host=localhost;dbname=YourDatabaseName;charset=utf8', 'YourUserName', 'YourPassword');
//check if something is submitted
if(isset($_POST['submit']) ){

//remove tags from the user input
$fname  = strip_tags('%'.$_POST['fname'].'%');
$lname   = strip_tags('%'.$_POST['lname'] .'%');    

//you need to use the if- conditional to 
//check if one or both fields are set 

if  ( (isset($fname) && !empty($fname)) || (isset($lname) && !empty($lname)) ) {

    try{
        $sql = "SELECT distinct ID, FirstName, LastName, Email, PhoneNumber
                 FROM Userlist
                 WHERE `FirstName` LIKE :FirstName  OR `LastName` LIKE :LastName";

         //Prepare the statment
        $query = $pdo->prepare($sql);
        $query->bindParam(':FirstName', $fname, PDO::PARAM_STR);
        $query->bindParam(':LastName', $lname, PDO::PARAM_STR);
        $query->execute();

        $result = $query->fetchAll();


    } catch (Exception $e) {
        print "Database Problem: " . $e->getMessage();
    }


}
//you can use foreach to display the result. 
    foreach ($result as $res): 
            echo $rs['FirstName']; //and so on
    endforeach;

}
else{
    echo 'search for some thing';

}

?>