我正在构建一个包含多个字段的搜索表单。根据您在每个字段中搜索的内容,数据位于2个不同的表中。
我有一个在每个表中具有相同名称的列。因此,它显然给了我sql错误:Column' state' in where子句不明确
如果表单字段不在循环中,那将不会有问题。我是php新手,这是在尝试我。
我曾尝试在SELECT for mysql中使用别名,但现在我无法将它们作为目标,因为它没有正确通过。
以下是我的表格:
<form method="post" action="index.php">
<tr>
<td>Name:</td>
<td>
<input type="text" name="display_name" id="display_name" class="display_name tt-query" autocomplete="off" spellcheck="false" placeholder="Type name of person"></td>
</tr>
<tr>
<td>Service Type:</td>
<td><select name="service_name">
<option>
<?php
$query1 = "SELECT service_type FROM nfw_service_type ORDER BY id_num";
$result1 = mysqli_query($conn, $query1); @$num_results1 = mysqli_num_rows($result1);
?>
<?php /*Loop through each row and display records */
for($i=0; $i<$num_results1; $i++) { $row1 = mysqli_fetch_assoc($result1);
?>
<?php // echo 'Name' .$row['ssfullname'] . 'email' . $row['ssemail'] . "\n"; ?>
<option value="<?php print $row1['service_type']; ?>"><?php print $row1['service_type']; ?></option>
<?php // end loop
} ?>
</select></td>
</tr>
<tr>
<td>Suburb:</td>
<input type="text" name="suburb" id="suburb" class="suburb tt-query" autocomplete="off" spellcheck="false" placeholder="Type name of person"></td>
</tr>
<tr>
<td>State:</td>
<td>
<select name="usersstate2">
<option>
<option value="qld">QLD</option>
<option value="sa">SA</option>
<option value="nt">NT</option>
<option value="wa">WA</option>
<option value="vic">VIC</option>
<option value="tas">TAS</option>
<option value="act">ACT</option>
</select>
</td>
</tr>
<tr>
<td>Type:</td>
<td>
<select name="user_type">
<option>
<option value="franchise">Franchisee</option>
<option value="regional">Regional</option>
<option value="state">State</option>
<option value="national">National</option>
<option value="office">Headoffice Staff</option>
</select>
</td>
</tr>
<tr>
<td>Active:</td>
<td>
<select name="active1">
<option></option>
<option value="1">Active</option>
<option value="0">Not Active</option>
</select>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Search" /></td>
</tr>
</form>
以下是表单提交后的代码:
<?php
// SEARCH
if(isset($_POST['submit'])) {
// define the list of fields
$fields = array('display_name', 'service_name', 'suburb', 'nfw_users.usersstate2', 'user_type', 'nfw_users.active1');
$conditions = array();
// loop through the defined fields
foreach($fields as $field){
// if the field is set and not empty
if(isset($_POST[$field]) && $_POST[$field] != '') {
$example = $_POST[$field];
// create a new condition while escaping the value inputed by the user (SQL Injection)
$conditions[] = "`$field` LIKE '%{$example}%'";
}
// builds the query
$query = "SELECT
nfw_users.id_num,
nfw_users.display_name,
nfw_users.first,
nfw_users.last,
nfw_users.email,
nfw_users.mobile,
nfw_users.landline,
nfw_users.user_type,
nfw_users.suburb,
nfw_users.active AS active1,
nfw_users.state AS usersstate2,
nfw_services.state AS servicesstate3
FROM
nfw_users
left JOIN nfw_services ON nfw_services.user_id = nfw_users.id_num
LEFT JOIN nfw_service_areas ON nfw_service_areas.service_id = nfw_services.id_num ";
if(count($conditions) > 0) {
// append the conditions
$query .= "WHERE " . implode (' AND ', $conditions) ." GROUP BY nfw_users.id_num ORDER BY nfw_users.display_name"; // you can change to 'OR', but I suggest to apply the filters cumulative
}
}}
$result = mysql_query($query);
var_dump($query);
if (mysql_num_rows($result) > 0) {
while ($score = mysql_fetch_assoc($result)) {
$active1 = $score['active1'];
if ($active1=='1') {
$activeother = "<i class='fa fa-check' style='color:green;'></i>";
}
else {
$activeother = "<i class='fa fa-times' style='color:red;'></i>";
}
$content = "<tr><td>" . $score['display_name'] . "</td><td>" . $score['first'] . "</td><td>" . $score['last'] . " </td><td>" . $score['email'] . " </td><td> " . $score['mobile'] . " </td><td> " . $score['landline'] . "</td><td>$activeother</td><td> " . $score['user_type'] . "</td><td> " . date('d-m-Y', strtotime($score['date_join'])) . "</td><td class='invoicing-columns'><a class='btn btn-yellow' href='view-invoices.php?id=" . $score['id_num'] . "'><i class='fa fa-eye'></i></a></td><td class='invoicing-columns'><a class='btn btn-red' href='del-customers.php?id=" . $score['id_num'] . "' onclick='return check();' class='delete'><i class='fa fa-minus-circle'></i></a></td></tr>";
echo $content;
}
}
?>
是的,我知道有一部分不使用sqli,我将解决这个问题。 :)
答案 0 :(得分:1)
你走在正确的轨道上,但你的别名的实现有点偏。要分配别名,请使用格式sometable as somealiasname。使用与表名不同的别名(t1,t2,t4等是常见的)。
试试这个:
//as long as you only use each attribute name once, you could do it like this:
$fields=array();
$fields['t1'] = array('display_name', 'service_name', 'suburb', 'state', 'user_type', 'active');
$fields['t2'] = array('some_other_field_in_t2','yet_another_field_in_t2');
$fields['t3'] = array('some_other_field_in_t3','yet_another_field_in_t3');
foreach($fields as $table=>$these_fields){
foreach($these_fields as $field){
if(isset($_POST[$field]) && $_POST[$field] != '') {
$example = $_POST[$field];
// TODO: don't forget to sanitize inputs
$conditions[] = "`$table`.`$field` LIKE '%{$example}%'";
}
}
}
$conditions[] = "t1.`$field` LIKE '%{$example}%'"; //for values are coming from t1 (nfw_users)
$conditions[] = "t2.`$field` LIKE '%{$example}%'"; //as long as all values are coming from t1 (nfw_users)
或者,如果要从具有相同列名的不同表中的列中提取数据,可以尝试使用此方法将唯一键映射到特定位置:
$fields=array();
$fields['display_name']=array('table'=>'t1','attribute'=>'display_name');
$fields['service_name']=array('table'=>'t1','attribute'=>'service_name');
$fields['suburb']=array('table'=>'t1','attribute'=>'suburb');
$fields['state']=array('table'=>'t1','attribute'=>'state');
$fields['user_type']=array('table'=>'t1','attribute'=>'user_type');
$fields['active']=array('table'=>'t1','attribute'=>'active');
$fields['some_other_field_in_t2']=array('table'=>'t2','attribute'=>'some_other_field');
$fields['yet_another_field_in_t2']=array('table'=>'t2','attribute'=>'yet_another_field');
$fields['some_other_field_in_t3']=array('table'=>'t3','attribute'=>'some_other_field');
$fields['yet_another_field_in_t3']=array('table'=>'t3','attribute'=>'yet_another_field');
foreach($fields as $field=>$field_data){
if(isset($_POST[$field]) && $_POST[$field] != '') {
$example = $_POST[$field];
// TODO: don't forget to sanitize inputs
$conditions[] = "`$field_data['table']`.`$field_data['attribute']` LIKE '%{$example}%'";
}
}
无论哪种方式......
$query = "SELECT
t1.id_num,
t1.display_name,
t1.first,
t1.last,
t1.email,
t1.mobile,
t1.landline,
t1.user_type,
t1.suburb,
t1.active AS active1,
t1.state AS usersstate2,
t2.state AS servicesstate3
FROM
nfw_users as t1
LEFT JOIN nfw_services as t2 ON t2.user_id = t1.id_num
LEFT JOIN nfw_service_areas as t3 ON t2.service_id = t1.id_num";
$query .= "WHERE " . implode (' AND ', $conditions) ." GROUP BY t1.id_num ORDER BY t1.display_name";
如果您想了解更多示例,本页讨论了别名: http://www.w3schools.com/sql/sql_alias.asp