连接WHERE子句以链接

时间:2013-02-25 23:16:37

标签: php mysql hyperlink where where-clause

我需要将WHERE子句连接到链接。这是我的代码:

<body>
<?php

function toiletPaper($input) {
    // Clean input
    return $input;
}


$username="USERNAME";
$password="PASSWORD";
$database="DATABASE";

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM searchacts";
$result=mysql_query($query);

// process form when posted 
$query = "SELECT * FROM searchacts";
$options['PriceLow'] = array("desc" => "Price (Low to High)","query" => " ORDER BY price ASC");
$options['PriceHigh'] = array("desc" => "Price (High to Low)","query" => " ORDER BY price DESC");
$options['NameAZ'] = array("desc" => "Name (A-Z)","query" => " ORDER BY name ASC");
$options['NameZA'] = array("desc" => "Name (Z-A)","query" => " ORDER BY name DESC");

$query = "SELECT * FROM searchacts";
$filter['partybands'] = array("desc" => "Party Bands","query" => " WHERE category='Party Bands'");


// Important: function name is made up
$cleanValue = toiletPaper($_REQUEST['value']);
if (array_key_exists($cleanValue, $options)) {
    $query .= $query.$options[$cleanValue];
}
$result = mysql_query($query);
$num = mysql_num_rows($result);
echo "<a href='".$_SERVER['PHP_SELF']."'>All</a>";
foreach ($options as $key => $value) {
    echo "<a href='".$_SERVER['PHP_SELF']."?value=".$key."'>".$value['desc']."</a>";

}   


?>

<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='form_filter' >  
    <select name="value">  
        <option value="all">All</option>  
        <option value="PriceLow">Price (Low to High)</option>  
        <option value="PriceHigh">Price (High to Low)</option>  
        <option value="NameAZ">Name (A-Z)</option>  
        <option value="NameZA">Name (Z-A)</option>  
    </select>  
    <br />  
    <input type='submit' value = 'Re-Order'>  
</form>

<?php
$i=0;
while ($i < $num) {

$image=mysql_result($result,$i,"image");
$name=mysql_result($result,$i,"name");
$category=mysql_result($result,$i,"category");
$description=mysql_result($result,$i,"description");
$stamps=mysql_result($result,$i,"stamps");
$stickmen=mysql_result($result,$i,"stickmen");
$price=mysql_result($result,$i,"price");
$view=mysql_result($result,$i,"view");
$actpagelink=mysql_result($result,$i,"actpagelink");


?>


<a href="<?php echo $actpagelink; ?>" class="searchitem">
<div class="searchimage"><img src="<?php echo $image; ?>"/></div>
<div class="searchtext">
  <div class="searchname"><?php echo $name; ?></div>
  <div class="searchcategory"><?php echo $category; ?></div>
  <div class="searchdescription"><?php echo $description; ?></div>
</div>
<div class="searchstamps"><img src="<?php echo $stamps; ?>" /></div>
<div class="searchstickmen"><img src="<?php echo $stickmen; ?>" /></div>
<div class="searchprice"><span class="pricefrom">from</span>&pound;<?php echo $price; ?></div>

<div class="searchview"><img src="<?php echo $view; ?>" /></div>


</a>

<?php
$i++;
}


mysql_close();
?>


</body>

所以我有我的条款:

elseif($_POST['value'] == 'partybands') {   

            $query = "SELECT * FROM searchacts
    WHERE category='Party Bands'";   
        }

我需要连接到链接,例如。 <a href="">Party Bands</a>

我怎么能这样做,因为我将有很多where子句来过滤数据。

由于

2 个答案:

答案 0 :(得分:0)

我建议使用关联arrayin_array进行验证。

还要确保在使用之前清理输入。

EDIT2:

<body>
<?php
function toiletPaper($input) {
    // Clean input
    return $input;
}

$username="USERNAME";
$password="PASSWORD";
$database="DATABASE";

mysqli_connect("localhost",$username,$password);
@mysqli_select_db($database) or die( "Unable to select database");

// process form when posted
$query = "SELECT * FROM searchacts";
$options['partybands'] = array("desc" => "Party Bands","query" => " WHERE category='Party Bands'");
$options['PriceLow'] = array("desc" => "Price (Low to High)","query" => " ORDER BY price ASC");
$options['PriceHigh'] = array("desc" => "Price (High to Low)","query" => " ORDER BY price DESC");
$options['NameAZ'] = array("desc" => "Name (A-Z)","query" => " ORDER BY name ASC");
$options['NameZA'] = array("desc" => "Name (Z-A)","query" => " ORDER BY name DESC");

// Important: function name is made up
$cleanValue = toiletPaper($_REQUEST['value']);
if (array_key_exists($cleanValue, $options)) {
    $query .= $query.$options[$cleanValue];
}
$result = mysqli_query($query);
$num = mysqli_num_rows($result);
echo "<a href='".$_SERVER['PHP_SELF']."'>All</a>";
foreach ($options as $key => $value) {
    echo "<a href='".$_SERVER['PHP_SELF']."?value=".$key."'>".$value['desc']."</a>";
}
?>
<br />
<?php
$i=0;
while ($i < $num) {
    $image = mysqli_result($result,$i,"image");
    $name = mysqli_result($result,$i,"name");
    $category = mysqli_result($result,$i,"category");
    $description = mysqli_result($result,$i,"description");
    $stamps = mysqli_result($result,$i,"stamps");
    $stickmen = mysqli_result($result,$i,"stickmen");
    $price = mysqli_result($result,$i,"price");
    $view = mysqli_result($result,$i,"view");
    $actpagelink = mysqli_result($result,$i,"actpagelink");
?>

<a href="<?php echo $actpagelink; ?>" class="searchitem">
    <div class="searchimage"><img src="<?php echo $image; ?>"/></div>
    <div class="searchtext">
        <div class="searchname"><?php echo $name; ?></div>
        <div class="searchcategory"><?php echo $category; ?></div>
        <div class="searchdescription"><?php echo $description; ?></div>
    </div>
    <div class="searchstamps"><img src="<?php echo $stamps; ?>" /></div>
    <div class="searchstickmen"><img src="<?php echo $stickmen; ?>" /></div>
    <div class="searchprice"><span class="pricefrom">from</span>&pound;<?php echo $price; ?></div>
    <div class="searchview"><img src="<?php echo $view; ?>" /></div>
</a>

<?php
 $i++;
}
mysql_close();
?>

答案 1 :(得分:0)

我猜你在尝试:

http://example.com/yourscript.php?value=partybands

但发现这不起作用......

这是因为您正在寻找value数组中的变量$_POST

$_POST['value'] == 'partybands'

如果您希望能够从POST或GET中获取值,可以使用$ _REQUEST 

$_REQUEST['value'] == 'partybands'

您还需要修改最顶层的条件isset()

但请认真对待其他人在此处就安全性和前向兼容性所提出的警告。

不要信任用户数据。必须消毒。最好的方法可能是通过PDO。

相关问题
最新问题