Php 输入文本框、下拉列表和实时搜索按钮
我有一个问题,在实时搜索我的网站项目。它看起来像我的>>表格。您需要将Php 输入文本框、下拉列表和实时搜索按钮,php,mysql,mysqli,Php,Mysql,Mysqli,我有一个问题,在实时搜索我的网站项目。它看起来像我的>>表格。您需要将*添加到其他select语句或要选择的列名中。如果您对SQL注入开放,请参数化您的查询。如果允许,您可以为$\u POST[“search\u by”]使用一个白名单,然后只进行一次查询mysqli\u prepare($con,“从客户机记录中选择“$check\u search\u by\u variable` LIKE?”)没有白名单时不要这样做。@Kevin P哦,我忘了添加*,但仍然不起作用。我要试试--chris8
*
添加到其他select语句或要选择的列名中。如果您对SQL注入开放,请参数化您的查询。如果允许,您可以为$\u POST[“search\u by”]
使用一个白名单,然后只进行一次查询mysqli\u prepare($con,“从客户机记录中选择“$check\u search\u by\u variable` LIKE?”)
没有白名单时不要这样做。@Kevin P哦,我忘了添加*,但仍然不起作用。我要试试--chris85解决方案,谢谢大家!
"SELECT * FROM client_record WHERE reference_id LIKE '% ". $_POST['keyword'] ." %'"
<form action="another_sample.php" method="POST">
<div class="left-side">
<table>
<tr>
<td>
 
</td>
<td>
<b>Basic Details</b>
</td>
</tr>
<tr>
<td>
Reference Id
</td>
<td>
<input type="text" id="reference_id" name="reference_id" readonly>
</td>
</tr>
<tr>
<td>
Lastname
</td>
<td>
<input type="text" id="lastname" name="lastname">
</td>
</tr>
<tr>
<td>
Firstname
</td>
<td>
<input type="text" id="firstname" name="firstname">
</td>
</tr>
<tr>
<td>
Middlename
</td>
<td>
<input type="text" id="middlename" name="middlename">
</td>
</tr>
</table>
</div>
<!--div for the database table-->
<div>
<br> <br> <br><br> <br>
<table>
<tr>
<td>
Search by:  
</td>
<td>
<select name="search_by" class="length">
<option></option>
<option value="Reference_ID">Reference ID</option>
<option value="Lastname">Lastname</option>
<option value="Firstname">Firstname</option>
<option value="Settlement">Settlement</option>
<option value="Payment_Status">Payment Status</option>
<option value="Reservation_Status">Reservation Status</option>
</select>
</td>
<td>
  
</td>
<td>
<input type="text" name="keyword" placeholder="Enter Keyword" class="length">
</td>
<td>
   
</td>
<td>
<input type="submit" name="submit_search" value="Search Client" class="length">
</td>
</tr>
</table>
</form>
<?php
if (isset($_POST["submit_search"])) {
if (!empty($_POST["keyword"])) {
if ($_POST["search_by"] == "Reference_ID") {
mysqli_query($con, "SELECT * FROM client_record WHERE reference_id LIKE '% ". $_POST['keyword'] ." %'");
}
if ($_POST["search_by"] == "Lastname") {
mysqli_query($con, "SELECT * FROM client_record WHERE lastname LIKE '% " . $_POST['keyword'] . " %'");
}
if ($_POST["search_by"] == "Firstname") {
mysqli_query($con, "SELECT * FROM client_record WHERE firstname LIKE '% " . $_POST['keyword'] . " %'");
}
if ($_POST["search_by"] == "Settlement") {
mysqli_query($con, "SELECT * FROM client_record WHERE payment_way LIKE '% " . $_POST['keyword'] . " %'");
}
if ($_POST["search_by"] == "Payment_Status") {
mysqli_query($con, "SELECT * FROM client_record WHERE payment_status LIKE '% " . $_POST['keyword'] . " %'");
}
if ($_POST["search_by"] == "Reservation_Status") {
mysqli_query($con, "SELECT * FROM client_record WHERE reservation_status LIKE '% " . $_POST['keyword'] . " %'");
}
}
}
$query = mysqli_query($con, "SELECT * FROM client_record");
echo "<table id='table'>";
echo "<th class='length'>Reference ID</th>";
echo "<th class='length'> Lastname </th>";
echo "<th> Firstname </th>";
echo "<th> Middlename </th>";
echo "<th> Street </th>";
echo "<th> Barangay </th>";
echo "<th> Town/City </th>";
echo "<th> Province</th>";
echo "<th> Mobile Number </th>";
echo "<th> Email Address </th>";
echo "<th> Event</th>";
echo "<th> Date </th>";
echo "<th> Time </th>";
echo "<th> Event Street</th>";
echo "<th> Event Barangay </th>";
echo "<th> Event Town/City</th>";
echo "<th> Event Province</th>";
echo "<th> Number of <br> Attendees</th>";
echo "<th> Price </th>";
echo "<th> Settlement</th>";
echo "<th> Payment Status</th>";
echo "<th> Reservation Status </th>";
echo "<th> PDF File </th>";
while ($row=mysqli_fetch_array($query)) {
echo "<tr>";
echo "<td>". $row["reference_id"] . "</td>";
echo "<td>". $row["lastname"] . "</td>";
echo "<td>". $row["firstname"] . "</td>";
echo "<td>". $row["middlename"] . "</td>";
echo "<td>". $row["street"] . "</td>";
echo "<td>". $row["brgy"] . "</td>";
echo "<td>". $row["town_city"] . "</td>";
echo "<td>". $row["province"] . "</td>";
echo "<td>". $row["mobile_number"] . "</td>";
echo "<td>". $row["email_address"] . "</td>";
echo "<td>". $row["event"] . "</td>";
echo "<td>". $row["event_date"]. "</td>";
echo "<td>". $row["event_time"]. "</td>";
echo "<td>". $row["event_street"] . "</td>";
echo "<td>". $row["event_brgy"] . "</td>";
echo "<td>". $row["event_town_city"] . "</td>";
echo "<td>". $row["event_province"] . "</td>";
echo "<td>". $row["event_number"] . "</td>";
echo "<td>". $row["payment_price"] . "</td>";
echo "<td>". $row["payment_way"] . "</td>";
echo "<td>". $row["payment_status"] . "</td>";
echo "<td>". $row["reservation_status"] . "</td>";
echo "<td>". $row["pdf_file"] . "</td>";
echo "</tr>";
}
echo "</table>";
?>