Question

我试图根据一个州的条目或一个来自POST的州和城市条目来拉取结果，这让我疯狂......

提前致谢！

$totnum=mysql_query("SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'");
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);

预期结果：

州=佛罗里达州

OR

州=佛罗里达城=代托纳海滩

Answer 1

首先，您可以显示SQL吗？

$sql = "SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'";
echo $sql; //Let's see

$totnum=mysql_query($sql);
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);

然后......尝试在“phpMyAdmin”上运行它进行测试...

2 - 您的SQL非常危险尝试阅读"SQL Injection"并将您的查询更改为准备好的语句

Answer 2

这就是我必须要做的事情，花了几个小时来弄明白，但现在我得到了正确的结果......感谢每个人的投入。原谅我是个业余爱好者。

if($_POST['state'] AND $_POST['city']=="Select City"){

        $search_fields[]=" state='$st'";
        $showsearch[]=" $st ";
    } else {
if($_POST['state'] AND $_POST['city']){

        $search_fields[]=" state='$st' AND city1='$_POST[city]'";
        $showsearch[]=" $st - $_POST[city]";
    }
}

$search_fields = implode(' AND ',$search_fields);
$showsearch = implode(" AND ",$showsearch);

$sql = "SELECT item_id from items WHERE $search_fields AND active='1'";

$totnum=mysql_query($sql);
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);

查询的问题是否声明了2个不同的变量？

2 个答案: