Fatal编程技术网
  • php/
  • Php 输入文本框、下拉列表和实时搜索按钮

Php 输入文本框、下拉列表和实时搜索按钮

php mysql

Php 输入文本框、下拉列表和实时搜索按钮,php,mysql,mysqli,Php,Mysql,Mysqli,我有一个问题,在实时搜索我的网站项目。它看起来像我的>>表格。您需要将*添加到其他select语句或要选择的列名中。如果您对SQL注入开放,请参数化您的查询。如果允许,您可以为$\u POST[“search\u by”]使用一个白名单,然后只进行一次查询mysqli\u prepare($con,“从客户机记录中选择“$check\u search\u by\u variable` LIKE?”)没有白名单时不要这样做。@Kevin P哦,我忘了添加*,但仍然不起作用。我要试试--chris8

我有一个问题,在实时搜索我的网站项目。它看起来像我的>>表格。您需要将
*
添加到其他select语句或要选择的列名中。如果您对SQL注入开放,请参数化您的查询。如果允许,您可以为
$\u POST[“search\u by”]
使用一个白名单,然后只进行一次查询
mysqli\u prepare($con,“从客户机记录中选择“$check\u search\u by\u variable` LIKE?”)
没有白名单时不要这样做。@Kevin P哦,我忘了添加*,但仍然不起作用。我要试试--chris85解决方案,谢谢大家! 
 "SELECT * FROM client_record WHERE reference_id LIKE '% ". $_POST['keyword'] ." %'"

    <form action="another_sample.php" method="POST">
    <div class="left-side">
    <table>
        <tr>
            <td>
                &nbsp
            </td>
            <td>
                <b>Basic Details</b>
            </td>
        </tr>   
        <tr>
            <td>
                Reference Id
            </td>
            <td>
                <input type="text" id="reference_id" name="reference_id" readonly>
            </td>
        </tr>   
        <tr>
            <td>
                Lastname
            </td>
            <td>
                <input type="text" id="lastname" name="lastname">
            </td>
        </tr>                               
        <tr>
            <td>
                Firstname
            </td>
            <td>
                <input type="text" id="firstname" name="firstname">
            </td>
        </tr>
        <tr>
            <td>
                Middlename
            </td>
            <td>
                <input type="text" id="middlename" name="middlename">
            </td>
        </tr>

    </table>
    </div>
    <!--div for the database table-->
    <div>
    <br> <br> <br><br> <br> 

    <table>
    <tr>
        <td>
            Search by: &nbsp
        </td>
        <td>
            <select name="search_by" class="length">
                <option></option>
                <option value="Reference_ID">Reference ID</option>
                <option value="Lastname">Lastname</option>
                <option value="Firstname">Firstname</option>
                <option value="Settlement">Settlement</option>
                <option value="Payment_Status">Payment Status</option>
                <option value="Reservation_Status">Reservation Status</option>
            </select>
        </td>
        <td>
            &nbsp&nbsp
        </td>
        <td>
            <input type="text" name="keyword" placeholder="Enter Keyword" class="length">
        </td>
        <td>
            &nbsp &nbsp
        </td>
        <td>
            <input type="submit" name="submit_search" value="Search Client" class="length">
        </td>
    </tr>
    </table>
    </form>

   <?php


     if (isset($_POST["submit_search"])) {

        if (!empty($_POST["keyword"])) {

            if ($_POST["search_by"] == "Reference_ID") {
                mysqli_query($con, "SELECT * FROM client_record WHERE reference_id LIKE '% ". $_POST['keyword'] ." %'");
            }


            if ($_POST["search_by"] == "Lastname") {
                mysqli_query($con, "SELECT * FROM client_record WHERE lastname LIKE '% " . $_POST['keyword'] . " %'");
            }

            if ($_POST["search_by"] == "Firstname") {
                mysqli_query($con, "SELECT * FROM client_record WHERE firstname LIKE '% " . $_POST['keyword'] . " %'");
            }

            if ($_POST["search_by"] == "Settlement") {
                mysqli_query($con, "SELECT * FROM client_record WHERE payment_way LIKE '% " . $_POST['keyword'] . " %'");
            }

            if ($_POST["search_by"] == "Payment_Status") {
                mysqli_query($con, "SELECT * FROM client_record WHERE payment_status LIKE '% " . $_POST['keyword'] . " %'");
            }

            if ($_POST["search_by"] == "Reservation_Status") {
                mysqli_query($con, "SELECT * FROM client_record WHERE reservation_status LIKE '% " . $_POST['keyword'] . " %'");
            }

        }
     }

            $query = mysqli_query($con, "SELECT * FROM client_record");

            echo "<table id='table'>";
            echo "<th class='length'>Reference ID</th>";
            echo "<th class='length'> Lastname </th>";
            echo "<th> Firstname </th>";
            echo "<th> Middlename </th>";
            echo "<th> Street </th>";
            echo "<th> Barangay </th>";
            echo "<th> Town/City </th>";
            echo "<th> Province</th>";
            echo "<th> Mobile Number </th>";
            echo "<th> Email Address </th>";
            echo "<th> Event</th>";
            echo "<th> Date </th>";
            echo "<th> Time </th>";
            echo "<th> Event Street</th>";
            echo "<th> Event Barangay </th>";
            echo "<th> Event Town/City</th>";
            echo "<th> Event Province</th>";
            echo "<th> Number of <br> Attendees</th>";
            echo "<th> Price </th>";
            echo "<th> Settlement</th>";
            echo "<th> Payment Status</th>";
            echo "<th> Reservation Status </th>";
            echo "<th> PDF File </th>";


        while ($row=mysqli_fetch_array($query)) {
            echo "<tr>";
            echo "<td>". $row["reference_id"] . "</td>";
            echo "<td>". $row["lastname"] . "</td>";
            echo "<td>". $row["firstname"] . "</td>";
            echo "<td>". $row["middlename"] . "</td>";
            echo "<td>". $row["street"] . "</td>";
            echo "<td>". $row["brgy"] . "</td>";
            echo "<td>". $row["town_city"] . "</td>";
            echo "<td>". $row["province"] . "</td>";
            echo "<td>". $row["mobile_number"] . "</td>";
            echo "<td>". $row["email_address"] . "</td>";
            echo "<td>". $row["event"] . "</td>";
            echo "<td>". $row["event_date"]. "</td>";
            echo "<td>". $row["event_time"]. "</td>";
            echo "<td>". $row["event_street"] . "</td>";
            echo "<td>". $row["event_brgy"] . "</td>";
            echo "<td>". $row["event_town_city"] . "</td>";
            echo "<td>". $row["event_province"] . "</td>";
            echo "<td>". $row["event_number"] . "</td>";
            echo "<td>". $row["payment_price"] . "</td>";
            echo "<td>". $row["payment_way"] . "</td>";
            echo "<td>". $row["payment_status"] . "</td>";
            echo "<td>". $row["reservation_status"] . "</td>";
            echo "<td>". $row["pdf_file"] . "</td>";
            echo "</tr>";  

            }
            echo "</table>"; 
    ?>