Php 按下拉列表筛选SQL查询
我想过滤我的SQL。我为此做了一个函数,过滤器只有下拉菜单 但是这个功能不是很好 这是我在Php 按下拉列表筛选SQL查询,php,sql,Php,Sql,我想过滤我的SQL。我为此做了一个函数,过滤器只有下拉菜单 但是这个功能不是很好 这是我在List.php上调用的函数: function getFilterList ($Category, $Price, $Language) { $servername = "localhost"; $username_connect = "root"; $password_connect = ""; $dbname = "Product"; $link = mysql
List.phpfunction getFilterList ($Category, $Price, $Language) {
$servername = "localhost";
$username_connect = "root";
$password_connect = "";
$dbname = "Product";
$link = mysqli_connect($servername, $username_connect, $password_connect, $dbname);
if (!$link) {
die('Verbindung nicht möglich : ' . mysqli_error($link) );
}
if($Category=="0") {
$filtercategory= "Hardware' OR Category='Software' OR Category='Games' OR Category='Sport' OR Category='Other";
} else if($Category=="1") {
$filtercategory="Hardware";
} else if($Category=="2") {
$filtercategory="Software";
} else if($Category=="3") {
$filtercategory="Games";
} else if($Category=="4") {
$filtercategory="Sport";
} else if($Category=="5") {
$filtercategory="Other";
}
if($Price=="0"){
$filterprice= "0' OR Price='5' OR Price='10' OR Price='15' OR Game='20' OR Price='30";
} else if($Price=="1") {
$filterprice="5";
} else if($Price=="2") {
$filterprice="10";
} else if($Price=="3") {
$filterprice="15";
} else if($Price=="4") {
$filterprice="20";
} else if($Price=="5") {
$filterprice="30";
}
if ($Language=="0") {
$filterlanguage= "German' OR Language='Englisch' OR Language='France' OR Language='Spanish";
} else if ($Language=="1") {
$filterlanguage="German";
} else if ($Language=="2") {
$filterlanguage="Englisch";
} else if ($Language=="3") {
$filterlanguage="France";
} else if ($Language=="4") {
$filterlanguage="Spanish";
}
$link = mysqli_connect($servername, $username_connect, $password_connect, $dbname);
if (!$link) {
die('Verbindung nicht möglich : ' . mysqli_error($link) );
}
$get_product = "SELECT * FROM products WHERE (ShortDescription!='' AND Category='$filtercategory' AND Price='$filterprice' AND Language='$filterlanguage') order by ID DESC";
$run_product = mysqli_query($link, $get_product);
while($row_product = mysqli_fetch_array($run_product)) {
$product_id = $row_product["ID"];
$ProuductShortDescription = $row_product["ShortDescription"];
echo "
<div id='Single_Product'>
<a href='details.php?ID=$product_id' class='ui-btn' id='ProductButton'>$ProductShortDescription</a>
</div>";
}
}
<form action="List.php" method="post">
<fieldset data-role="controlgroup" data-mini="true">
<select name="FilterselectCategory" id="FilterselectCategory">
<option value="0">Category</option>
<option value="1">Hardware</option>
<option value="2">Software</option>
<option value="3">Games</option>
<option value="3">Sport</option>
<option value="4">Other</option>
</select>
<select name="FilterselectPrice" id="FilterselectPrice">
<option value="0">Price</option>
<option value="1">0</option>
<option value="2">5</option>
<option value="3">10</option>
<option value="4">15</option>
<option value="5">20</option>
<option value="6">30</option>
</select>
<select name="FilterselectLanguage" id="FilterselectLanguage">
<option value="0">Language</option>
<option value="1">Englisch</option>
<option value="2">German</option>
<option value="3">France</option>
<option value="4">Spanish</option>
</select>
</fieldset>
<input type="submit" id="FilterButton" name="FilterButton" value="Filter">
</form>
到底是什么不起作用?你很信任我。我听说最常见的网站黑客是MYSQL注入攻击。你需要看看mysqli\u