带有变量的PHP ORDER BY

时间:2014-02-12 20:55:11

标签: php html mysql

我是php的初学者,我在使用变量更改ORDER BY时遇到了一些麻烦。我试图研究并弄明白,但没有运气。我希望表单名称“filter”将选项名称传递给php变量“filter”,然后通过mysql select查询中的“filter”变量进行排序。我在这里错过了什么?

以下是代码:

根据建议我编辑了代码并发布了编辑内容。

    <center><h2> Saved Weapons List</h2>

<form name="filter" action="" method="post">
    <select name="filter">
        <option value="weaponType"> Weapon Type</option>
        <option value="weaponCategory"> Weapon Category</option>
    </select>
    <input type="submit">
</form>
</center>

<?php
$con=mysqli_connect("localhost","username","pass","db_name");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$filter = $_POST['filter'];

$result = mysqli_query($con,"SELECT * FROM weapons ORDER BY '{$filter}' desc");



while($row = mysqli_fetch_array($result))
  {
$row['masterwork'] = ( intval( $row['masterwork']) == 1) ? "Yes" : "No";
  echo "<center>";
  echo "<table border='1' class='display'>";
  echo "<tr>";
  echo "<td>Weapon Name: </td>";
  echo "<td>" . $row['weaponName'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Creator: </td>";
  echo "<td>" . $row['creator'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Weapon Category: </td>";
  echo "<td>" . $row['weaponCategory'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Weapon Sub-Category: </td>";
  echo "<td>" . $row['weaponSubCategory'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Cost: </td>";
  echo "<td>" . $row['costAmount'] . " " . $row['costType'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Damage(S): </td>";
  echo "<td>" . $row['damageS'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Damage(M): </td>";
  echo "<td>" . $row['damageM'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Critical: </td>";
  echo "<td>" . $row['critical'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Range Increment: </td>";
  echo "<td>" . $row['rangeIncrement'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Weight: </td>";
  echo "<td>" . $row['weight'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Weapon Type: </td>";
  echo "<td>" . $row['weaponType'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Masterwork: </td>";
  echo "<td>" . $row['masterwork'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Attributes: </td>";
  echo "<td>" . $row['attributes'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Special Abilities: </td>";
  echo "<td>" . $row['specialAbilities'] . "</td>";
  echo "</tr>";
  echo "<tr>";
  echo "<td>Additional Info: </td>";
  echo "<td>" . $row['additionalInfo'] . "</td>";
  echo "</tr>";
  }
echo "</table>";
echo "</center>";

mysqli_close($con);
?>

2 个答案:

答案 0 :(得分:1)

您需要按列的名称进行过滤,而不是按变量的值进行过滤。

尝试:

$filter = $_POST['filter'];

$result = mysqli_query($con,"SELECT * FROM weapons ORDER BY `{$filter}` desc");

答案 1 :(得分:1)

多次更新(主要是出于安全原因。正如@Wrikken在评论中所写 - 您的代码要求注射)。

首先。将选项值更改为某些内容(数字可能是),然后在PHP中进行检查。

    <option value="filter1"> Weapon Type</option>
    <option value="filter2"> Weapon Category</option>

然后在PHP中过滤它

$filter = 'weaponType';

switch($_POST["filter"]) {
case 'filter2': $filter = 'weaponCategory'; break;
}

二。 if $filter设置 - 运行查询... 

if (isset($filter)) {
    $result = mysqli_query($con,"SELECT * FROM weapons ORDER BY " . $filter . " desc");
    while($row = mysqli_fetch_array($result))
    {
    /* output */
    }
}
相关问题
最新问题