我只想简化我之前正在做的事情,为要列出的所有数据提供多个php文件。 这是我的html表单:
<table border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#D3D3D3">
<tr>
<form name="formcheck" method="post" action="list.php" onsubmit="return formCheck(this);">
<td>
<table border="0" cellpadding="3" cellspacing="1" bgcolor="">
<tr>
<td colspan="16" height="25" style="background:#5C915C; color:white; border:white 1px solid; text-align: left"><strong><font size="3">List Students</td>
</tr>
<tr>
<td width="30" height="35"><font size="3">*List:</td>
<td width="30"><input name="specific" type="text" id="specific" maxlength="25" value="">
</td>
<td><font size="3">*By:</td>
<td>
<select name="general" id="general">
<font size="3">
<option>Year</option>
<option>Address</option>
</select></td></td>
</tr>
<tr>
<td width="10"><input align="right" type="submit" name="Submit" value="Submit" > </td>
</tr>
</form>
</table>
这是表单行动:
<?php
$con = mysql_connect("localhost","root","nitoryolai123$%^");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("school", $con);
$gyear= $_POST['general'];
if ("YEAR"==$_POST['general']) {
$result = mysql_query("SELECT * FROM student WHERE YEAR='{$_POST["specific"]}'");
echo "<table border='1'>
<tr>
<th>IDNO</th>
<th>YEAR</th>
<th>LASTNAME</th>
<th>FIRSTNAME</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['IDNO'] . "</td>";
echo "<td>" . $row['YEAR'] . "</td>";
echo "<td>" . $row['LASTNAME'] . "</td>";
echo "<td>" . $row['FIRSTNAME'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
mysql_close($con);
?>
请帮忙,我如何将YEAR(mysql数据库中的列)和选项框(常规)等同起来。
if ("YEAR"==$_POST['general'])
答案 0 :(得分:1)
<option>Year</option>
你只需将其更改为
<option value="YEAR">Year</option>
也绝对读过这个页面:http://en.wikipedia.org/wiki/SQL_injection因为否则你的代码会对讨厌的攻击持开放态度。
[编辑:还要留意原始问题的评论,在网站上发布真实的root用户名/密码不是一个好主意。]
答案 1 :(得分:-1)
if ("YEAR"==$_POST['general']) {
$result = mysql_query("SELECT * FROM student WHERE date_format(YEAR, '%Y')='{$_POST["specific"]}'");