在php中使用四个选择字段搜索数据库

时间:2014-09-30 12:53:55

标签: php mysql

我正在尝试在php中搜索一个mysql数据库:我的动机是搜索4个下拉菜单参数,即: 选项1 选项2 选项3 选项4。 全部从数据库中动态填充。

请参阅下面的图像搜索表单。

Search Form

问题在于我无法做到正确。我不确定发生了什么,但结果会返回

请输入搜索查询

请看下面的内容:

<?php
if(isset($_POST['submit'])){
    if(isset($_GET['go'])){
        if(preg_match("/^[  a-zA-Z]+/", $_POST['bloodgroup'])){
           $name=$_POST['bloodgroup'];
           //connect  to the database
           $db=mysql_connect  ("localhost", "username",  "password") or die ('I cannot connect to the database  because: ' . mysql_error());
           //-select  the database to use
           $mydb=mysql_select_db("databasename");
           //-query  the database table
           $sql="SELECT  fullname, bloodgroup, Phone FROM donors WHERE bloodgroup LIKE '%" . $bloodgroup .  "%' AND city LIKE '%" . $city ."%'";
           //-run  the query against the mysql query function
           $result=mysql_query($sql);
           //-create  while loop and loop through result set
           while($row=mysql_fetch_array($result)){
               $fullname  =$row['$bloodgroup'];
               $bloodgroup=$row['state'];
               $city=$row['city'];
               $city=$row['donortype'];
               //-display the result of the array
               echo "<ul>\n";
               echo "<li>" . "<a  href=\"search.php?id=$ID\">" .$fullname . " " . $bloodgroup .  " " . $Phone .  "</a></li>\n";
               echo "</ul>";
           }
        } else {
            echo  "<p>Please enter a search query</p>";
        }
    }
}
?>

请帮助。

2 个答案:

答案 0 :(得分:0)

这里有几件令我困惑的事情。首先,为什么正则表达你的血型值?当你已经检查POST提交时,为什么要检查GET超全局?这不是多余的(对提交的表格进行双重检查)吗?然后是Mysql()(Jay在他的评论中已经提到过)。事物的外观也是错误的 - 

$fullname  =$row['$bloodgroup'];
$bloodgroup=$row['state'];
$city=$row['city'];
$city=$row['donortype'];

您可能需要检查它,因为您要覆盖值,并为变量分配错误的值(而$row[$bloodgroup]应为$row[bloodgroup]。或$row[fullname]?最后,为什么使用like而不是=如果你在下拉菜单中提供数据库值?我可以在mysqli或PDO(最好)中重写它,如果你很乐意远离mysql()。

Bah,无论如何都做到了

function dbconnect() {
$db = new PDO('mysql:host=<server>; dbname=<database>', '<user>', '<pass>');
}

$db = dbconnect();

# Define a PDO connection class, see the PDO manual
if (isset($_POST['submit'])) {
$sql = "SELECT id, phone, fullname, bloodgroup, phone FROM donors "
     . "WHERE bloodgroup = :bloodgroup AND city = :city "
     . "ORDER BY fullname ASC";
$query = $db->prepare($sql);
$query->bindValue(':bloodgroup', $_POST['bloodgroup']);
$query->bindValue(':city', $_POST['city']);
$query->execute();
$result = $query->fetchAll(PDO::FETCH_OBJ);
foreach ($result as $donor) {
echo "<a href=\"search.php?id=$donor->id\">$donor->fullname $donor->bloodgroup 
$donor->Phone</a><br>";
}
} else {
# Display form?
}

答案 1 :(得分:0)

如其他用户所述,您应该使用预准备语句。这是未经测试的示例:

<?php

// Has the user posted the form?
if (isset($_POST['submit'])) {

    // Define a new mysqli instance
    $mysqli = new mysqli("localhost", "username", "password", "databasename");

    // Check the connection works
    if ($mysqli->connect_errno) {
        printf("Connect failed: %s\n", $mysqli->connect_error);
        exit();
    }

    // Define the post variables
    $bloodgroup = $_POST['bloodgroup'];
    $state      = $_POST['state'];
    $city       = $_POST['city'];
    $donortype  = $_POST['donortype'];

    // Prepare the SQL query
    if ($stmt = $mysqli->prepare("
        SELECT
            `id`,
            `fullname`,
            `phone`
        FROM
            `donors`
        WHERE
            `bloodgroup` = ?
            AND `state` = ?
            AND `city` = ?
            AND `donortype` = ?
        ;
    ")) {

        // Attach the parameters
        $stmt->bind_param("ssss", $bloodgroup, $state, $city, $donortype);

        // Execute the query
        $stmt->execute();

        // Shove everything into the $results variable
        $results = $stmt->fetchAll(PDO::FETCH_OBJ);

        echo '<ul><li>';

        // Go through each result
        foreach ($results as $result) {

            echo '<a href="search.php?id=<?php echo $result->id; ?>"><?php echo $result->donortype; ?> - <?php echo $result->bloodgroup; ?> - <?php echo $result->city; ?> - <?php echo $result->state; ?></a>';

        }

        echo '</li></ul>';

        $stmt->close();

    }

    $mysqli->close();

} else {

    echo  '<p>Please enter a search query</p>';

}

我没有看到您使用preg_match的原因,但理想情况下您希望post变量返回ID。这样你的数据库查询就能高效运行(记得改变MySQLi参数类型,从s - 表示字符串,再到i - 表示整数)。

相关问题
最新问题