真的希望有人可以帮我这个。我正在构建一个PHP / MySQL搜索表单,希望用户可以搜索我们的葡萄酒数据库并根据通过下拉菜单选择的一系列价格过滤结果。
该表单可以很好地搜索并返回一个很好的精确结果列表。但它不会对结果进行过滤。
经过几天的搜索和实验,我已经将各种代码片段混合在一起以实现这一目标,但总的来说,PHP对我来说仍然是个谜。
这是我努力的正确编码和语法。
我如何编写此处发布的PHP代码以正确集成价格范围过滤器?我怀疑我在sql查询中包含的“pricerange”是偏离基础的。
非常感谢任何帮助。请检查下面的代码块。
非常感谢!
<form method="post" action="winesearch.php?go" id="searchform">
<input type="text" size="35" name="user-entry"/>
<select name="pricerange" size="1" id="pricerange">
<option value="">Price Range </option>
<option value="1">$ 10 - $20</option>
<option value="2">$ 21 - $30</option>
<option value="3">$ 31 - $50</option>
<option value="4">$ 51 - $75</option>
<option value="5">$ 76 - $100</option>
<option value="6">$101 - $200</option>
<option value="7">$201 - Plus</option>
</select>
<input type="submit" name="submit" value="Wine Search"/>
</form>
<?php
if(isset($_POST['submit'])){
if(isset($_GET['go'])){
if(preg_match("/^[a-zA-Z0-9]+/", $_POST['user-entry'])){
$cob=$_POST['user-entry'];
$pricerange=$_POST['pricerange'];
//connect to the database
$db=mysql_connect ("server", "user", "pass") or die (mysql_error());
//-select the database to use
$mydb=mysql_select_db("db_name");
if($pricerange == 0) $pricerange = 1;
switch ($pricerange) {
case 1 : $pricerange = " where Price BETWEEN 10.00 AND 20.00 "; break;
case 2 : $pricerange = " where Price BETWEEN 21.00 AND 30.00 "; break;
case 3 : $pricerange = " where Price BETWEEN 31.00 AND 50.00 "; break;
case 4 : $pricerange = " where Price BETWEEN 51.00 AND 75.00 "; break;
case 5 : $pricerange = " where Price BETWEEN 76.00 AND 100.00 "; break;
case 6 : $pricerange = " where Price BETWEEN 101.00 AND 200.00 "; break;
case 7 : $pricerange = " where Price > 200.00 "; break;
}
//-query the database table
$sql="
SELECT ID,
CSPC,
Country,
Producer,
Wine,
Year,
Price
FROM winecellar WHERE
CSPC LIKE '%" . $cob . "%'
OR
Country LIKE '%" . $cob ."%'
OR
Producer LIKE '%" . $cob ."%'
OR
Wine LIKE '%" . $cob ."%'
OR
Year LIKE '%" . $cob ."%'
OR
Price LIKE '%" . $pricerange ."%'
";
//-run the query against the mysql query function
$result=mysql_query($sql);
//-create while loop and loop through result set
while($row=mysql_fetch_array($result)){
$CSPC=$row['CSPC'];
$Country=$row['Country'];
$Producer=$row['Producer'];
$Wine=$row['Wine'];
$Year=$row['Year'];
$Price=$row['Price'];
$ID=$row['ID'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . $CSPC . "</li>\n";
echo "<li>" . $Country . "</li>\n";
echo "<li>" . $Producer . "</li>\n";
echo "<li>" . $Wine . "</li>\n";
echo "<li>" . $Year . "</li>\n";
echo "<li>" . "<a href=" . $Price . ">" . "$" . $Price . "</a></li>\n";
echo "</ul>";
}
}
else{
echo "<p>Please enter a search query</p>";
}
}
}
?>
答案 0 :(得分:1)
在将查询放在一起之前,你已经掌握了它。您不需要下面的语句中的“where”,因为您已在下面的查询中使用了它。
switch ($pricerange) {
case 1 : $pricerange = " Price BETWEEN 10.00 AND 20.00 "; break;
case 2 : $pricerange = " Price BETWEEN 21.00 AND 30.00 "; break;
case 3 : $pricerange = " Price BETWEEN 31.00 AND 50.00 "; break;
case 4 : $pricerange = " Price BETWEEN 51.00 AND 75.00 "; break;
case 5 : $pricerange = " Price BETWEEN 76.00 AND 100.00 "; break;
case 6 : $pricerange = " Price BETWEEN 101.00 AND 200.00 "; break;
case 6 : $pricerange = " Price > 200.00 "; break;
}
OR
Price LIKE '%" . $pricerange ."%'
应该是
OR ". $pricerange ."
因为您已经在构建之间的语句。
答案 1 :(得分:0)
<?php
if(isset($_POST['submit'])){
if(isset($_GET['go'])){
// improved the filter to support space and -
// Also closed critical security breache (SQL-injection)
if(preg_match("/^[a-zA-Z0-9 -]+$/", $_POST['user-entry'])){
$cob=$_POST['user-entry'];
$pricerange=$_POST['pricerange'];
//connect to the database
$db=mysql_connect ("server", "user", "pass") or die (mysql_error());
//-select the database to use
$mydb=mysql_select_db("db_name");
switch ($pricerange) {
case 2 : $pricerange = " AND Price BETWEEN 21.00 AND 30.00 "; break;
case 3 : $pricerange = " AND Price BETWEEN 31.00 AND 50.00 "; break;
case 4 : $pricerange = " AND Price BETWEEN 51.00 AND 75.00 "; break;
case 5 : $pricerange = " AND Price BETWEEN 76.00 AND 100.00 "; break;
case 6 : $pricerange = " AND Price BETWEEN 101.00 AND 200.00 "; break;
case 7 : $pricerange = " AND Price > 200.00 "; break;
default : $pricerange = " AND Price BETWEEN 10.00 AND 20.00 "; // covers all other cases
}
//-query the database table
$sql="
SELECT ID,
CSPC,
Country,
Producer,
Wine,
Year,
Price
FROM winecellar WHERE
(CSPC LIKE '%" . $cob . "%'
OR
Country LIKE '%" . $cob ."%'
OR
Producer LIKE '%" . $cob ."%'
OR
Wine LIKE '%" . $cob ."%'
OR
Year LIKE '%" . $cob ."%')
" . $pricerange;
//-run the query against the mysql query function
$result=mysql_query($sql);
//-create while loop and loop through result set
while($row=mysql_fetch_array($result)){
$CSPC=$row['CSPC'];
$Country=$row['Country'];
$Producer=$row['Producer'];
$Wine=$row['Wine'];
$Year=$row['Year'];
$Price=$row['Price'];
$ID=$row['ID'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . $CSPC . "</li>\n";
echo "<li>" . $Country . "</li>\n";
echo "<li>" . $Producer . "</li>\n";
echo "<li>" . $Wine . "</li>\n";
echo "<li>" . $Year . "</li>\n";
echo "<li>" . "<a href=" . $Price . ">" . "$" . $Price . "</a></li>\n";
echo "</ul>";
}
}
else{
echo "<p>Please enter a search query</p>";
}
}
}
?>
答案 2 :(得分:0)
我会在运行之前回显你的sql查询,这样你就可以看到它的样子了。但似乎SQL部分对于pricerange部分是错误的。现在它看起来像这样:
OR Price LIKE '% where price BETWEEN 10.00 AND 20.00 %'
我认为你会希望它看起来像:
OR PRICE BETWEEN 10.00 AND 20.00
你想要那个是'或'或'和'?