我不知道如何在这个脚本年龄范围内搜索数据库用户有名称“年龄”的tabla和年龄显示为数字我需要制作表格,搜索用户的年龄从年龄到年龄?
这是代码请帮帮我:)。
<form id="form1" name="form1" method="post" action="index.php">
<label>City</label>
<select name="city">
<option value="">--</option>
<?php
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." GROUP BY city ORDER BY city";
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
while ($row = mysql_fetch_assoc($sql_result)) {
echo "<option value='".$row["city"]."'".($row["city"]==$_REQUEST["city"] ? " selected" : "").">".$row["city"]."</option>";
}
?>
</select>
<input type="submit" name="button" id="button" value="Filter" />
</label>
<a href="index.php">reset</a>
</form>
<br /><br />
<table width="700" border="1" cellspacing="0" cellpadding="4">
<tr>
<td width="90" bgcolor="#CCCCCC"><strong>username</strong></td>
<td width="95" bgcolor="#CCCCCC"><strong>e-mail</strong></td>
<td width="159" bgcolor="#CCCCCC"><strong>city</strong></td>
</tr>
<?php
if ($_REQUEST["string"]<>'') {
$search_string = " AND (full_name LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR email LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%')";
}
if ($_REQUEST["city"]<>'') {
$search_city = " AND city='".mysql_real_escape_string($_REQUEST["city"])."'";
}
if ($_REQUEST["from"]<>'' and $_REQUEST["to"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."' AND to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city;
} else if ($_REQUEST["from"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."'".$search_string.$search_city;
} else if ($_REQUEST["to"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city;
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_string.$search_city;
}
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
<tr>
<td><?php echo $row["username"]; ?></td>
<td><?php echo $row["email"]; ?></td>
<td><?php echo $row["city"]; ?></td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="5">No results found.</td>
<?php
}
?>
</table>
答案 0 :(得分:1)
您不应该使用mysql方法,因为它已被弃用,并且将来会被删除。
我使用PDO发布代码。
您可以在此处查看PDO的文档php.net
您可以查询为:
try{
$conn = new PDO('mysql:dbname=db_name', 'username', 'password');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$range = $_POST['age_range'];
$query = $conn->prepare("SELECT * FROM table_name WHERE age <= $range");
$query->exec();
}
catch(Exception $e){
echo "Exception: " . $e->getMessage();
// you might not use the above code in your production code
// as might want not to show the errors and redirect to another custom error page
}
在上面的代码中,我们使用pdo和set属性建立了与db的连接,以启动错误报告系统和 变量范围获取用户提供的已过帐年龄字段值的值并存储它。在查询字符串中,它获取所有具有age列值小于用户给定年龄的条目。
答案 1 :(得分:0)
首先,请不要使用mysql_*函数,因为这些函数已被弃用。使用mysqli扩展名或首选PDO。
使用此扩展,您可以创建一个预防语句,以防止SQL注入。
以下是代码示例:
<?php
$db = new PDO('mysql://host=localhost;dbname=test_db', 'myuser', 'password');
$stmt = $db->prepare('SELECT * FROM table WHERE age < ?');
$stmt->execute([$age]);
$rows = $stmt->fetchAll();