我是PHP / MySQL的新手..所以请对我这么容易:)
我想过滤变量为'!empty'的'SELECT'函数。否则'SELECT * FROM'数据库。
这是我的代码..
<form id="search" method="post" action="search.php">
<fieldset>
<input type='hidden' name='submitted' value='yes'/>
<label id="label" for="type">Type</label>
<select name="type" id="type" size="1">
<option value="" selected>Any</option>
<option value="house">House</option>
<option value="flat">Flat</option>
<option value="apartment">Apartment</option>
<option value="other">Other</option>
</select>
<label id='label' for='area'>Area</label>
<select name="area" id="area" size="1">
<option value="" selected>Any</option>
<option value="mtpleasant">Mount Pleasant</option>
<option value="townhill">Townhill</option>
<option value="mayhill">Mayhill</option>
<option value="town">Town Centre</option>
<option value="maritime">Maritime Quarter</option>
<option value="brynmill">Brynmill</option>
<option value="sketty">Sketty</option>
<option value="uplands">Uplands</option>
<option value="other">Other</option>
</select>
<label id="label" for="rent">Max. Rent PCM</label>
<input type="text" name="rent" id="rent" value="">
<label id="label" for="deposit">Max. Deposit</label>
<input type="text" name="deposit" id="deposit" value="">
<div id='submit_container' height="90px" width="400px">
<button type='submit' class='search_submit' alt="Search"/> </button>
<a href="#" onclick="show('search_advanced');">Advanced Search »</a>
<div id="search_advanced">
<label id="label" for="tenancy">Tenancy Length</label>
<input type="checkbox" name="tenancy" value="1-5"><span>1 - 6 months</span><br />
<input type="checkbox" name="tenancy" value="6-12"><span>6 - 12 months</span><br />
<input type="checkbox" name="tenancy" value="12+"><span>12+ months</span><br />
<label id="label" for="bedrooms">Bedrooms</label>
<input type="checkbox" name="bedrooms" value="1-3"><span>1-3</span><br/>
<input type="checkbox" name="bedrooms" value="4-6"><span>4-6</span><br/>
<input type="checkbox" name="bedrooms" value="6+"><span>6+</span><br/>
<label id="label" for="bathrooms">Bathrooms</label>
<input type="checkbox" name="bathrooms" value="1"><span>1</span><br/>
<input type="checkbox" name="bathrooms" value="2+"><span>2+</span><br/>
<label id="label" for="communal">Communal</label>
<input type="checkbox" name="communal" value="1"><span>1</span><br/>
<input type="checkbox" name="communal" value="2+"><span>2+</span><br/>
<label id="label" for="parking">Parking</label>
<input type="checkbox" name="parking" value="Y"><span>Yes</span><br/>
<input type="checkbox" name="parking" value="N"><span>No</span><br/>
<label id="label" for="garden">Garden</label>
<input type="checkbox" name="garden" value="Y"><span>Yes</span><br/>
<input type="checkbox" name="garden" value="N"><span>No</span><br/>
<label id="label" for="broadband">Broadband</label>
<input type="checkbox" name="broadband" value="Y"><span>Yes</span><br/>
<input type="checkbox" name="broadband" value="N"><span>No</span><br/>
</div>
</fieldset>
</form>
<?php
$type = (isset($_POST['type']) && !empty($_POST['type']) ? mysql_real_escape_string($_POST['type']): false);
$area = (isset($_POST['type']) && !empty($_POST['area']) ? mysql_real_escape_string($_POST['area']): false);
$rent = (isset($_POST['type']) && !empty($_POST['rent']) ? mysql_real_escape_string($_POST['rent']): false);
$deposit = (isset($_POST['type']) && !empty($_POST['deposit']) ? mysql_real_escape_string($_POST['deposit']): false);
$tenancy = (isset($_POST['type']) && !empty($_POST['tenancy']) ? mysql_real_escape_string($_POST['tenancy']): false);
$bedrooms = (isset($_POST['type']) && !empty($_POST['bedrooms']) ? mysql_real_escape_string($_POST['bedrooms']): false);
$bathrooms = (isset($_POST['type']) && !empty($_POST['bathrooms']) ? mysql_real_escape_string($_POST['bathrooms']): false);
$communal = (isset($_POST['type']) && !empty($_POST['communal']) ? mysql_real_escape_string($_POST['communal']): false);
$parking = (isset($_POST['type']) && !empty($_POST['parking']) ? mysql_real_escape_string($_POST['parking']): false);
$garden = (isset($_POST['type']) && !empty($_POST['garden']) ? mysql_real_escape_string($_POST['garden']): false);
$broadband = (isset($_POST['type']) && !empty($_POST['broadband']) ? mysql_real_escape_string($_POST['broadband']): false);
$query = "SELECT * FROM 'properties' WHERE 1=1"; // no filtering
if ($type) { $query.=" AND 'type' = ".$type; } // type filter
if ($area) {$query.=" AND 'area' = ".$area;} // area filter
if ($rent) {$query.=" AND 'rent' < ".$rent;} // rent filter
if ($deposit) {$query.=" AND 'deposit' < ".$deposit;} // deposit filter
if ($tenancy) {$query.=" AND 'tenancy' = ".$tenancy;} // tenancy filter
if ($bedrooms) {$query.=" AND 'bedrooms' > ".$bedrooms;} // bedrooms filter
if ($bathrooms) {$query.=" AND 'bathrooms' > ".$bathrooms;} // bathrooms filter
if ($communal) {$query.=" AND 'communal' > ".$communal;} // communal filter
if ($parking) {$query.=" AND 'parking' = ".$parking);} // parking filter
if ($garden) {$query.=" AND 'garden' = ".$garden;} // garden filter
if ($broadband) {$query.=" AND 'broadband' = ".$broadband;} // broadband filter
$results = mysql_query($query);
echo '<table border=0 cellpadding=3>';
while ($info = mysql_fetch_array($results)) {
echo '<tr>';
echo '<th>Type:</th><td>'.$info['type'] . '</td> ';
echo '<th>Area:</th><td>'.$info['area'] . '</td> ';
echo '</tr>';
}
echo '</table>';
?>
我很确定我接近这个,不是吗?我收到以下错误。
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/a9137540/public_html/search.php on line 49
Line 49: while ($info = mysql_fetch_array($results)) {
请帮忙!提前致谢。
答案 0 :(得分:0)
请试试这个
isset($_POST['type'])
而不是
!empty($_POST['type'])
答案 1 :(得分:0)
每个if条件中结尾括号)目的是什么
试试这个
$query = "SELECT * FROM 'properties' WHERE 1=1";
if (isset($type)) { $query.=" AND `type` = '".$type."' "; } // type filter
if (isset($area)) {$query.=" AND `area` = '".$area."' "; } // area filter
if (isset($rent)) {$query.=" AND `rent` < '".$rent."' "; } // rent filter
if (isset($deposit)) {$query.=" AND `deposit` < '".$deposit."' "; } // deposit filter
if (isset($tenancy)) {$query.=" AND `tenancy` = '".$tenancy."' "; } // tenancy filter
if (isset($bedrooms)) {$query.=" AND `bedrooms` > '".$bedrooms."' "; } // bedrooms filter
if (isset($bathrooms)) {$query.=" AND `bathrooms` > '".$bathrooms."' "; } // bathrooms filter
if (isset($communal)) {$query.=" AND `communal` > '".$communal."' "; } // communal filter
if (isset($parking)) {$query.=" AND `parking` = '".$parking."' "; } // parking filter
if (isset($garden)) {$query.=" AND `garden` = '".$garden."' "; } // garden filter
if (isset($broadband)) {$query.=" AND `broadband` = '".$broadband."' "; } // broadband filter
要检查是否已分配任何变量,您必须使用isset
答案 2 :(得分:-1)
在你的条件中添加isset()函数:
(isset($_POST['type']) && !empty($_POST['type'])) ? mysql_real_escape_string($_POST['type']): false;
但您的查询对SQL注入攻击是开放的。确保首先清理$ _POST项目。
对于错误: 你很可能有查询错误。 而不是简单地做$ result = mysql_query($ query);并尝试使用$ result,确保查询成功执行。
if(!mysql_query($query)){
echo mysql_errno();
exit;
}
这至少可以帮助您识别错误。
其他信息。 尝试更改
if($ area){$ query。=“AND'area'=”。$ area;}`
到
if ($area) {$query.="' AND 'area' = '".$area;}
(我在$query.="之后和".$area之前添加'qoute'。
SQL需要用引号括起值(数字除外)。