选择ALL时如何显示所有记录

时间:2013-10-01 00:52:10

标签: javascript php jquery mysql mysqli

当我在select onchange事件中选择ALL时,while循环没有执行。

dropdown.php

        <script>
        function showUser(str)
        {
        if (str=="")
          {
          document.getElementById("txtHint").innerHTML="";
          return;
          }
        if (window.XMLHttpRequest)
          {// code for IE7+, Firefox, Chrome, Opera, Safari
          xmlhttp=new XMLHttpRequest();
          }
        else
          {// code for IE6, IE5
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
          }
        xmlhttp.onreadystatechange=function()
          {
          if (xmlhttp.readyState==4 && xmlhttp.status==200)
            {
            document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
            }
          }
        xmlhttp.open("GET","getuser.php?q="+str,true);
        xmlhttp.send();
        }
        </script>

    <?php
    $mysqli = new mysqli("localhost", "root", "", "app");
    $result = $mysqli->query("SELECT rfq FROM procurement GROUP BY rfq ORDER BY rfq");

    $option = '';
    while($row = $result->fetch_assoc())
    {
      $option .= '<option value = "'.$row['rfq'].'">'.$row['rfq'].'</option>';
    }
    ?>

    <select name="users" onchange="showUser(this.value)">
            <option value="ALL" selected='ALL'>ALL</option>
            <?php echo $option; ?>
    </select>

    <br>
    <div id="txtHint"></div>

getuser.php 

 <?php
    $mysqli = new mysqli("localhost", "root", "", "app");
    $q=$_GET["q"];

    $result1 = $mysqli->query("SELECT *,SUM(unit_cost*quantity) AS total_amount FROM procurement WHERE rfq='".$q."' GROUP BY counter ORDER BY rfq");

    echo'<table id="tfhover" cellspacing="0" class="tablesorter">
            <thead>
            <tr>
                <th id="none" class="none" title="RFQ"></th>
                <th title="RFQ">RFQ #</th>
                <th title="Item Name">Item Name</th>
                <th title="Item Description">Description</th>
                <th title="Example : Pc, Pcs, Box and Etc.">Unit</th>
                <th title="Item Price">Unit Cost</th>
                <th title="Total Item Quantity">QTY</th>
                <th title="Total Price">Total Amount</th>
            </tr>
            </thead>';
            echo'<tbody>';
    while($row = $result1->fetch_assoc()){
     echo'<tr>
                <td align="center"><a href="comments.php?pn='.$row["rfq"].'"><img src="images/remarks.png" border="0" width="10" height="10" title="Remarks and Notes"></a></td>
                <td>'.$row['rfq'].'</td>
                <td>'.$row['item_name'].'</td>
                <td>'.$row['item_description'].'</td>
                <td>'.$row['unit'].'</td>
                <td>'.number_format($row['unit_cost'], 2, '.', ',').'</td>
                <td>'.$row['quantity'].'</td>
                <td>'.number_format($row['total_amount'], 2, '.', ',').'</td>
           </tr>';
            }
        echo "</tbody></table>";


    echo $q;
    if (!$mysqli) {
        die('Connect Error: ' . mysqli_connect_error());
    }
    mysqli_close($mysqli);
        ?>

enter image description here

我将body设置为showuser(str =“ALL”),但就像我选择ALL时的图片一样,while循环没有执行。有什么问题?

1 个答案:

答案 0 :(得分:1)

getuser.php必须通过有条件地提供where子句来反映“ALL”的含义。

$q = $_GET["q"];
$where = '';
if ( $q != 'ALL' ) {
    $where = " WHERE rfq='$q' ";
}
$result1 = $mysqli->query("
    SELECT *,SUM(unit_cost*quantity) AS total_amount 
    FROM procurement 
    $where 
    GROUP BY counter ORDER BY rfq
");

请注意,$_GET["q"]的值未经过清理,因此在SQL查询中直接使用它可能会导致SQL Injection

相关问题
最新问题