Question

我正在试图弄清楚如何制作一个更改Query的表单示例（HTML）

<form action="change.php" method="POST" name="Update">
<table>
  <tr>
    <td>
      <input type="text" value="Enter New Criteria" name="where" >
      <input type="text" value="Enter New Criteria" name="where2" >
    </td>
  </tr>
  <tr>
    <td align="center" style="font-family:Calibri">
    <input type="submit"  value="Search"/>
  </tr>
</table>

SQL查询

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE **'%CHANGE VALUE HERE%'**
          OR order_number LIKE **'%CHANGE VALUE HERE%'**

我将如何做到这一点，我是一个完整的新秀，但我正在努力。我尝试过搜索，但也许我没有使用正确的关键词。

Answer 1

使用$_POST['where']和$_POST['where2']代替%CHANGE VALUE HERE%。更多信息：http://php.net/manual/en/reserved.variables.post.php

例如：

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '$_POST[where]'
          OR order_number LIKE '$_POST[where2]')";

当你使用它时，请阅读有关SQL注入的内容：http://php.net/manual/en/security.database.sql-injection.php

Answer 2

尝试：

$where = $_POST['where'];
$where2 = $_POST['where2'];

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '%whereParameter%'
          OR order_number LIKE '%where2Partameter%'"

$Query = str_replace("whereParameter", $where, $QueryTemplate);
$Query = str_replace("where2Parameter", $where2, $QueryTemplate);

从表单输出新查询

2 个答案: