如何使用html格式的一个文本字段来搜索数据库表中的任何列

时间:2013-11-06 18:00:38

标签: javascript php forms radio-button recordset

我正在尝试找出如何在表单中使用一个文本字段来搜索数据库表中的任何列。

现在它只是在名为stock的数据库表中搜索sn列。 我需要它来搜索列名称sn或用户或状态。

因此,如果您输入序列号并发布表单,它将搜索我的数据库并带回结果,没有任何问题。但我希望能够键入用户的名称或状态,并以这种方式搜索我的数据库。所以我想到了一些如何动态改变 输入名称=“”可能有单选按钮将值更改为输入名称=“sn”或输入名称=“用户”或输入名称=“状态”但我不知道如何做到这一点。我一直在读其他人用Javascript或JQuery说。我真的很感激任何帮助。谢谢!

我的记录集只能查询sn列。我确定我也需要改变它,但我不确定如何。

表格

<form id="form1" name="form1" method="get" action="search.php">
<label>
<input type="radio" name="RadioGroup1" value="sn" id="RadioGroup1_0" />
sn</label><br />
<label>
<input type="radio" name="RadioGroup1" value="user" id="RadioGroup1_1" />
User</label>
<br />
<label>
<input type="radio" name="RadioGroup1" value="status" id="RadioGroup1_2" />
Staus</label>
<br />
</p>
<label for="sn"> Search :</label>
<input name="sn" type="text" id="sn" size="25" />
<input name="submit" type="submit" value="submit" />
</form>

SQL 

SELECT *
    FROM stock
    WHERE sn = colname
    ORDER BY `datetime` DES

Php 

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",             $theNotDefinedValue = "") 
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string    ($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;    
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$maxRows_Recordset567 = 10;
$pageNum_Recordset567 = 0;
if (isset($_GET['pageNum_Recordset567'])) {
$pageNum_Recordset567 = $_GET['pageNum_Recordset567'];
}
$startRow_Recordset567 = $pageNum_Recordset567 * $maxRows_Recordset567;

$colname_Recordset567 = "-1";
if (isset($_GET['sn'])) {
$colname_Recordset567 = $_GET['sn'];
}
mysql_select_db($database_stock, $stock);
$query_Recordset567 = sprintf("SELECT * FROM stock WHERE sn = %s ORDER BY  `datetime`  DESC", GetSQLValueString($colname_Recordset567, "text"));
$query_limit_Recordset567 = sprintf("%s LIMIT %d, %d", $query_Recordset567,    $startRow_Recordset567, $maxRows_Recordset567);
$Recordset567 = mysql_query($query_limit_Recordset567, $stock) or die(mysql_error());
$row_Recordset567 = mysql_fetch_assoc($Recordset567);

if (isset($_GET['totalRows_Recordset567'])) {
$totalRows_Recordset567 = $_GET['totalRows_Recordset567'];
} else {
$all_Recordset567 = mysql_query($query_Recordset567);
$totalRows_Recordset567 = mysql_num_rows($all_Recordset567);
}
$totalPages_Recordset567 = ceil($totalRows_Recordset567/$maxRows_Recordset567)-1;
?>

2 个答案:

答案 0 :(得分:1)

radiobuttons是个好主意......确保它们都具有相同的名称。然后使用php来识别哪个值属于哪个动作。确保您保护输入中的所有数据。 您还可以使用mysql术语OR一次搜索不同的列。 这是你的php:

$radioVal = $_POST['radiobtnVal'];
switch $radioVal{
    case 1 :
        $col = "sn";    //don't directly write to the variable here, since that would make a security risk
        break;
    case 2 :
        $col = "user";
        break;
    case 3 :
        $col = "status";
        break;
}

//now make connection to your database
$search = mysqli_real_escape_string($db,$_POST['searchString']);    //This will secure your input from mysql injections
//$db is the variable you made during connection with your database
$result = mysqli_query($db,"SELECT * FROM `Stock` WHERE `" . $col . "`='" . $search . "'");

//or use the mentioned OR term
$result = mysqli_query($db,"SELECT * FROM `Stock` WHERE `sn`='" . $search . "' OR `user`='" . $search . "' OR `status`='" . $search . "'");
//Note that if some search strings are in multiple columns all these rows will be selected

我希望这会有所帮助

答案 1 :(得分:0)

这是实现这一目标的基本方式,也是一种良好的用户体验。 试试这个解决方案。

FORM 

<Form action="search.php" method="post">
    <label>Serial</label>
    <input name='search' type='text' size='25'/>
    <button type='submit'>Search</button>
</form>

PHP 

<?php
$search = $_POST['search'];
$searchColumns = array();
//Will add Serial Number if # was found on search
if(!(strpos("#",$search)===FALSE)){
    $searchColumns[] = "sn = '{$search}'";
}
//Will add Status to select if there is no spaces in search.
if(count(explode(" ",$search))==1){
    $searchColumns[] = "status = '{$search}'";
}
//Will add user to select if its not a Serial search
//And if its has more than 5 chars (change it to your min char username)
if(strpos("#",$search)===FALSE && strlen($search) > 5){
    $searchColumns[] = "user = '{$search}'";
}

$sql = "
SELECT *
  FROM stock
 WHERE ".(implode(" AND ",$searchColumns))."
 ORDER BY datetime DES";

?>
相关问题
最新问题