我想使用下拉列表来排序查询结果。无论在下拉列表中选择何种选项,查询都将按所选选项的升序排序。我的查询工作正常,我只需要包含ORDER BY子句。请仔细查看表格,请帮我解决这个问题。
以下是代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Exam Interface</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form action="exam_interface.php" method="post" name="sessionform"> <!-- This will post the form to its own page"-->
<p>Session ID: <input type="text" name="sessionid" /></p> <!-- Enter Session Id here-->
<p>Module Number: <input type="text" name="moduleid" /></p> <!-- Enter Module Id here-->
<p>Teacher Username: <input type="text" name="teacherid" /></p> <!-- Enter Teacher here-->
<p>Student Username: <input type="text" name="studentid" /></p> <!-- Enter User Id here-->
<p>Grade: <input type="text" name="grade" /></p> <!-- Enter Grade here-->
<p>Order Results By: <select name="order">
<option name="noorder">Don't Order Results</option>
<option name="ordersessionid">Session ID</option>
<option name="ordermoduleid">Module Number</option>
<option name="orderteacherid">Teacher Username</option>
<option name="orderstudentid">Student Username</option>
<option name="ordergrade">Grade</option>
</select>
<p><input type="submit" value="Submit" /></p>
</form>
<?php
$username="xxx";
$password="xxx";
$database="mobile_app";
mysql_connect('localhost',$username,$password);
@mysql_select_db($database) or die("Unable to select database");
$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];
$result = mysql_query("SELECT * FROM Module m INNER JOIN Session s ON m.ModuleId = s.ModuleId JOIN Grade_Report gr ON s.SessionId = gr.SessionId JOIN Student st ON gr.StudentId = st.StudentId WHERE ('$sessionid' = '' OR gr.SessionId = '$sessionid') AND ('$moduleid' = '' OR m.ModuleId = '$moduleid') AND ('$teacherid' = '' OR s.TeacherId = '$teacherid') AND ('$studentid' = '' OR gr.StudentId = '$studentid') AND ('$grade' = '' OR gr.Grade = '$grade')");
$num=mysql_numrows($result);
echo "<table border='1'>
<tr>
<th>Student Id</th>
<th>Forename</th>
<th>Session Id</th>
<th>Grade</th>
<th>Mark</th>
<th>Module</th>
<th>Teacher</th>
</tr>";
while ($row = mysql_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['StudentId'] . "</td>";
echo "<td>" . $row['Forename'] . "</td>";
echo "<td>" . $row['SessionId'] . "</td>";
echo "<td>" . $row['Grade'] . "</td>";
echo "<td>" . $row['Mark'] . "</td>";
echo "<td>" . $row['ModuleName'] . "</td>";
echo "<td>" . $row['TeacherId'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close();
?>
</body>
</html>
答案 0 :(得分:1)
嗯,ORDER BY子句在WHERE子句之后,所以你只需要在那里添加它,对吧?我建议在给出当前代码的情况下,最简单的方法是使用switch来设置变量的值$orderbyclause,然后将该变量附加到查询的末尾。 (default的{{1}}案例应将switch设置为空字符串。)
另外,请阅读有关SQL注入的信息并了解如何防范它。您发布的代码存在很大的安全漏洞。
答案 1 :(得分:0)
switch ($_POST['order') {
case 'ordersessionid': $order_field = 'gr.SessionID'; break;
case 'ordermoduleid': $order_field = 'whatever'; break;
...
default: $order_field = 'default_field'; break;
}
$sql = "SELECT .... ORDER BY {$order_field} ASC";
您可能想尝试直接将$_POST['order']插入到查询中,表单中包含适当的name=""值,但是......请勿。 Little Bobby Tables将停止访问并永不离开。