使用多个PHP下拉列表来过滤MySQL表数据

时间:2014-10-15 00:37:16

标签: php mysql

我目前正在构建一个页面,该页面使用五个单独的下拉菜单(静态内容),当选择时,所选内容的组合将过滤我的mysql查询并使用这些参数显示正确的结果。

我是php的新手,我不知道如何去做它

这是index.php

的html代码
<form action="search.php" method="post">
<p>Body Type</p>
                <select class="form-control" name="bodytype">
                    <option value="" selected="selected">Any body type</option>
                     <option value="saloon">Saloons</option>
                    <option value="hatchback">Hatchbacks</option>
                    <option value="4 wheel drive">4 wheel drives</option>
                <option value="station wagon">Station wagon</option>
                <option value="pickup">Pickups</option>
                    <option value="motor bike">Motor bikes</option>
                <option value="convertible">Convertibles</option>
                <option value="bus">Buses, Danfos & Vans</option>
                <option value="truck">Trucks</option>
                </select>


<p>Condition</p>
                <select class="form-control" name="condition">
                    <option value="" selected="selected">Any condition</option>
                     <option value="brand new">Brand new</option>
                    <option value="foreign used">Foreign used (Tokunbo)</option>
                    <option value="nigerian used">Nigerian used (Registered)</option>
                 </select>



<p>Fuel type</p>
                <select class="form-control" name="fueltype">
                    <option value="" selected="selected">Any fuel type</option>
                     <option value="petrol">Petrol</option>
                    <option value="diesel">Diesel</option>
                    <option value="hybrid">Hybrid</option>   
                 </select>


<p>Transmission</p>
                <select class="form-control" name="transmission">
                    <option value="" selected="selected">Any transmission</option>
                     <option value="automatic">Automatic</option>
                    <option value="manual">Manual</option>
                 </select>


<p>Drive type</p>
                <select class="form-control" name="drivetype">
                    <option value="" selected="selected">Any drive type</option>
                     <option value="2 wheel drive">2 wheel drive</option>
                    <option value="4 wheel drive">4 wheel drive</option>
                 </select>

<input name="search" type="submit" value="Search">
</form>`

这是search.php

<body>

<?php
$selected_btype = $_POST['bodytype'];  // Storing Selected Value In Variable
$selected_condition = $_POST['condition'];
$selected_fueltype = $_POST['fueltype'];
$selected_makemodel = $_POST['makemodel'];
$selected_transmission = $_POST['transmission'];
$selected_location = $_POST['location'];
$selected_dtype = $_POST['drivetype'];
$selected_year= $_POST['year'];
$selected_dsetup= $_POST['drivesetup'];


$query="SELECT * FROM vehicle WHERE(body_type=$selected_btype) OR
(condition='$selected_condition') OR (fuel_type='$selected_fueltype') OR
(make_model='$selected_makemodel') OR (transmission='$selected_transmission') OR
(location='$selected_location') OR (drive_type='$selected_dtype') OR
(year='$selected_year') OR (drive_setup='$selected_dsetup')";


$result=mysql_query($query);
if($result)
{
while ($row=mysql_fetch_array($result)){
echo "<tr>";
echo "<td>".$row['sn']."</td>"; 
echo "<td>".$row['body_type']."</td>";  
echo "<td>".$row['make_model']."</td>"; 
echo "<td>".$row['location']."</td></tr>"; 
echo "<td>".$row['year']."</td>"; 
echo "<td>".$row['condition']."</td>"; 
echo "<td>".$row['transmission']."</td>"; 
echo "<td>".$row['description']."</td></tr>"; 
echo "<td>".$row['images']."</td></tr>"; 
}
}else{
die(mysql_error());
}
?>

search.php的输出:

  

您的SQL语法有错误;查看与您的MySQL服务器版本相对应的手册,使用正确的语法,使用&n;条件=&#39; nigerian使用&#39;)OR(fuel_type =&#39;&#39;)OR(make_model = &#39; peugeot&#39;在第1行

2 个答案:

答案 0 :(得分:0)

在您的查询中,正文类型选择封装在引号中,就像其他人一样,但它是一个字符串,所以它需要像这样

$query="SELECT * FROM vehicle WHERE(body_type=<b>'</b>$selected_btype<b>'</b>) OR......

答案 1 :(得分:0)

您的代码存在一些问题:

首先,condition是一个MySQL保留字,需要用反引号包装。

将其包裹在反引号中或将其重命名为另一个单词。

$query="SELECT * FROM vehicle WHERE(body_type=$selected_btype) OR
(`condition`='$selected_condition')

注意错误指向的位置:

for the right syntax to use near 'condition='nigerian used')  
                                 ^

然后有WHERE(body_type=$selected_btype)

$selected_btype变量需要用引号括起来,因为涉及字符串值。

WHERE(body_type='$selected_btype')

<强> 脚注:

您应该考虑使用mysqli with prepared statementsPDO with prepared statements他们更安全,因为您的现有代码对SQL injection开放。