将表单中的数据添加到查询中

时间:2014-02-07 11:21:41

标签: php mysql forms

我正在建立一个非常基本的html网站,用于智能手机,看起来像这样

<body>
Some Text
<form name="input" action="query.php" method="get">
Search: <input type="text" name="search">
<input type="submit" value="Submit">
</form> 
</body>

然后在query.php中我有了这个

select ProductName, PalletSpace, Quantity, TransactionDate from Table1
having Table1.PalletSpace='B005E';

如何将两者联系起来,以便将输入搜索框的文本插入到查询中(B005E的位置?)?

编辑: query.php现在包含:

<?
$username="xxx";
$password="xxx";
$database="xxx";



$con = mysqli_connect("xxx", "xxx", "xxx", "xxx");

$result = mysqli_query($con, "SELECT ProductName, PalletSpace, Quantity, TransactionDate FROM ProductTrans
WHERE ProductName = ($_REQUEST["search"])");

echo "<table border='1'>
<tr>
<th>Product Code</th>
<th>Pallet Space</th>
<th>Quantity</th>
<th>Date</th>
</tr>";

while($row = mysqli_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['ProductName'] . "</td>";
  echo "<td>" . $row['PalletSpace'] . "</td>";
  echo "<td>" . $row['Quantity'] . "</td>";
  echo "<td>" . $row['TransactionDate'] . "</td>";
  echo "</tr>";
  }
echo "</table>";
?>

query.php和html文件(仍然相同)位于同一目录中。但是,当我尝试搜索时,它会给我这个错误

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/u921305435/public_html/query.php on line 11

2 个答案:

答案 0 :(得分:0)

在您的PHP代码中,您可以使用$_REQUEST["search"]获取用户在文本框中输入的内容。

答案 1 :(得分:0)

不确定我是否应该这样做,但万一有人被困在同一件事上

search.html就像这样结束了

<html>
<body>
Some Text
<form name="input" action="query.php" method="GET">
Search: <input type="text" name="search">
<br /><input type="submit" value="Submit">
</form> 
</body>
</html>
像这样的

query.php

<?php
    mysql_connect("host", "username", "password") or die("Error connecting to database: ".mysql_error());

mysql_select_db("database") or die(mysql_error());
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search results</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
<?php
$query = $_GET['search'];

$min_length = 0;

if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then

    $query = htmlspecialchars($query); 

    $query = mysql_real_escape_string($query);

    $raw_results = mysql_query("SELECT * FROM ProductTrans
        WHERE (`ProductName` LIKE '%".$query."%') OR (`PalletSpace` LIKE '%".$query."%')") or die(mysql_error());

    if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following

        echo "<table border='1'>
    <tr>
    <th>Product Code</th>
    <th>Pallet Space</th>
    <th>Quantity</th>
    <th>Date</th>
    </tr>";

    while($row = mysql_fetch_array($raw_results))
    {
    echo "<tr>";
    echo "<td>" . $row['ProductName'] . "</td>";
    echo "<td>" . $row['PalletSpace'] . "</td>";
    echo "<td>" . $row['Quantity'] . "</td>";
    echo "<td>" . $row['TransactionDate'] . "</td>";
    echo "</tr>";
    }
    echo "</table>";

    }
    else{ // if there is no matching rows do following
        echo "No results";
    }

}
else{ // if query length is less than minimum
    echo "Minimum length is ".$min_length;
}
?>
</body>
</html>