一个提交按钮中的多个搜索表单PHP/HTML
我正在尝试创建一个搜索查询,用户可以在其中使用firstname或lastname搜索数据库,也可以同时使用两者。我能够做到这一点,只使用1种类型的搜索,但如果我都这样做,我不知道我如何才能做到这一点一个提交按钮中的多个搜索表单PHP/HTML,php,html,Php,Html,我正在尝试创建一个搜索查询,用户可以在其中使用firstname或lastname搜索数据库,也可以同时使用两者。我能够做到这一点,只使用1种类型的搜索,但如果我都这样做,我不知道我如何才能做到这一点 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Search Contact
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Search Contacts</title>
<link href="site.css" rel="stylesheet">
</head>
<body>
<nav id="nav01"></nav>
<div id="main">
<h3>Search Contact Details</h3>
<form method="post" action="#" id="searchform">
First Name:<br>
<input type="text" name="fname">
<br>Last Name:<br>
<input type="text" name="lname">
<br>
<input type="submit" name="submit" value="Search">
</form>
<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// SQL query
if (!empty($myquery)) {
$sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
from Userlist where FirstName LIKE '%". $myquery ."%' OR LastName LIKE '%".$myquery2."%'";
//Get query on the database
$result = mysqli_query($conn, $sql);
//Check results
if (mysqli_num_rows($result) > 0)
{
//Headers
echo "<table>";
echo "<tr>";
echo "<th>Image ID</th>";
echo "<th>Lastname</th>";
echo "<th>Firstname</th>";
echo "<th>Email</th>";
echo "<th>PhoneNumber</th>";
echo "</tr>";
//output data of each row
while($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>".$row['ID']."</td>";
echo "<td>".$row['LastName']."</td>";
echo "<td>".$row['FirstName']."</td>";
echo "<td>".$row['Email']."</td>";
echo "<td>".$row['PhoneNumber']."</td>";
echo "</tr>";
}
echo "</table>";
} else {
echo "0 results";
}
}
mysqli_close($conn);
?>
<footer id="foot01"></footer>
</div>
<script src="script.js"></script>
</body>
</html>
搜索联系人
搜寻联络资料
名字:
姓氏:
您只需在ID上使用OR和distinct,这样,如果用户同时搜索FirstName和LastName,您只会得到一个条目
$myquery = mysqli_real_escape_string($connection,$_POST["fname"]); //<<< change $connection to your connection variable
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);
$sql = "select distinct ID, FirstName, LastName, Email, PhoneNumber
from Userlist where FirstName LIKE '%". $myquery ."%' OR LastName LIKE '%".$myquery2."%'";
如上所述,或者您最好使用
编辑:
这:
$myquery = mysqli_real_escape_string($connection,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($connection,$_POST['lname']);
需要在您建立连接后进行。当您使用$conn进行连接时,需要将其更改为
$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);
像这样:
<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
$myquery = mysqli_real_escape_string($conn,$_POST["fname"]);
$myquery2 = mysqli_real_escape_string($conn,$_POST['lname']);
您可以这样做:
<?php
if(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])>0){
$sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%' AND LastName LIKE '%". $_POST["lname"])>."%'";
}
elseif(strlen($_POST["fname"])>0 AND strlen($_POST["lname"])==0){
$sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE FirstName LIKE '%". $_POST["fname"])>."%'";
}
elseif(strlen($_POST["lname"])>0 AND strlen($_POST["fname"])==0){
$sql = "SELECT ID, FirstName, LastName, Email, PhoneNumber FROM Userlist WHERE LastName LIKE '%". $_POST["lname"])>."%'";
}
else{
//No keywords specified
}
?>
您的代码受到sql注入攻击,因此我已尝试通过更正使其更好。
<h3>Search Contact Details</h3>
<form method="post" action="#" id="searchform">
First Name:<br>
<input type="text" name="fname">
<br>Last Name:<br>
<input type="text" name="lname">
<br>
<input type="submit" name="submit" value="Search">
</form>
<?php
/*USE PDO prepared statement to prevent mysql injection attacks*/
//PDo constructor instantiating instance of database object.
$pdo = PDO('mysql:host=localhost;dbname=YourDatabaseName;charset=utf8', 'YourUserName', 'YourPassword');
//check if something is submitted
if(isset($_POST['submit']) ){
//remove tags from the user input
$fname = strip_tags('%'.$_POST['fname'].'%');
$lname = strip_tags('%'.$_POST['lname'] .'%');
//you need to use the if- conditional to
//check if one or both fields are set
if ( (isset($fname) && !empty($fname)) || (isset($lname) && !empty($lname)) ) {
try{
$sql = "SELECT distinct ID, FirstName, LastName, Email, PhoneNumber
FROM Userlist
WHERE `FirstName` LIKE :FirstName OR `LastName` LIKE :LastName";
//Prepare the statment
$query = $pdo->prepare($sql);
$query->bindParam(':FirstName', $fname, PDO::PARAM_STR);
$query->bindParam(':LastName', $lname, PDO::PARAM_STR);
$query->execute();
$result = $query->fetchAll();
} catch (Exception $e) {
print "Database Problem: " . $e->getMessage();
}
}
//you can use foreach to display the result.
foreach ($result as $res):
echo $rs['FirstName']; //and so on
endforeach;
}
else{
echo 'search for some thing';
}
?>
搜索联系人详细信息
名字:
姓氏:
当然,在查询中使用之前应该先转义这些值。我想OP真正想要的是搜索名字和姓氏的组合,如果两者都给定的话。e、 g.SQL和
很好,对此不太确定,但我将更改OP在@kaihi评论上回答的内容,谢谢你,我似乎无法使用LastName进行搜索。你的LastName列在DB中的名称是什么?当在搜索中指定了这两个字段时,期望的行为是什么?它们都需要满足吗?不,它们不需要同时满足,但是,如果用户想更具体地说,他可以同时填写这两项,它会显示输入了他/她名字和姓氏的非常准确的行
<h3>Search Contact Details</h3>
<form method="post" action="#" id="searchform">
First Name:<br>
<input type="text" name="fname">
<br>Last Name:<br>
<input type="text" name="lname">
<br>
<input type="submit" name="submit" value="Search">
</form>
<?php
/*USE PDO prepared statement to prevent mysql injection attacks*/
//PDo constructor instantiating instance of database object.
$pdo = PDO('mysql:host=localhost;dbname=YourDatabaseName;charset=utf8', 'YourUserName', 'YourPassword');
//check if something is submitted
if(isset($_POST['submit']) ){
//remove tags from the user input
$fname = strip_tags('%'.$_POST['fname'].'%');
$lname = strip_tags('%'.$_POST['lname'] .'%');
//you need to use the if- conditional to
//check if one or both fields are set
if ( (isset($fname) && !empty($fname)) || (isset($lname) && !empty($lname)) ) {
try{
$sql = "SELECT distinct ID, FirstName, LastName, Email, PhoneNumber
FROM Userlist
WHERE `FirstName` LIKE :FirstName OR `LastName` LIKE :LastName";
//Prepare the statment
$query = $pdo->prepare($sql);
$query->bindParam(':FirstName', $fname, PDO::PARAM_STR);
$query->bindParam(':LastName', $lname, PDO::PARAM_STR);
$query->execute();
$result = $query->fetchAll();
} catch (Exception $e) {
print "Database Problem: " . $e->getMessage();
}
}
//you can use foreach to display the result.
foreach ($result as $res):
echo $rs['FirstName']; //and so on
endforeach;
}
else{
echo 'search for some thing';
}
?>