我已经搜索过有关我的问题的类似帖子和信息,但无法找到任何有用的信息。我在网页上有一个表单,其中包含5个下拉菜单,每个菜单都有不同的选项,用户将从每个下拉菜单中选择一个选项,然后点击提交按钮。此时,我想在数据库上运行查询,以查找所有选择的选项的匹配条件"。现在我不需要匹配所有字段,因为我只是测试,所以我只想检查说一个字段。我正在使用的表格是这样的:
<div class="section-two">
<div class="row bound-box">
<div class="col-lg-8 col-md-8 col-sm-8 col-lg-offset-2 col-md-offset-2 col-sm-offset-2 main clearfix">
<form id="nl-form" class="nl-form" action="searchpubs.php" method="post">
I feel to visit
<select id="category">
<option value="anywhere" selected>anywhere</option>
<option value="pub">a pub</option>
<option value="nightclub">a nightclub</option>
<option value="brewery">a brewery</option>
<option value="stripclub">a gentleman's club</option>
</select>
<br/>that
<select id="foodDrink">
<option value="food" selected>serves food</option>
<option value="drinks">serves drinks only</option>
</select>
and has
<br/>
<select id="extra">
<option value="poolTable" selected>a pool table</option>
<option value="danceFloor">a dance floor</option>
<option value="tv">tv's</option>
<option value="everything">everything</option>
<option value="anything">anything</option>
</select>
. It's within<br>
<select id="distance">
<option value="anyDistance" selected>any distance</option>
<option value="5">5 km</option>
<option value="10">10 km</option>
<option value="15">15 km</option>
<option value="20">20 km</option>
</select>
from me<br> and is open
<select id="hours">
<option value="late" selected>past 12 a.m.</option>
<option value="allDay">all day</option>
<option value="weekdays">on weekdays</option>
<option value="sundays">on sundays</option>
<option value="anytime">anytime</option>
</select>
<div class="nl-submit-wrap">
<button class="nl-submit" type="submit">Find Your Pub</button>
</div>
<div class="nl-overlay"></div>
</form>
</div><!--column-->
</div><!-- row -->
</div><!--section-two-->
因此,例如,如果用户选择了选项&#34;提供食物&#34;在select id&#34; foodDrink&#34;下,我想在我们的数据库上运行一个查询来搜索标有&#34; food&#34;对于包含&#34;是&#34;的任何行在那一栏。然后在浏览器中显示所有匹配条件。现在它不需要格式化等,我只想在浏览器中看到它以确保查询工作。任何人都可以帮助我,并可能了解如何在准备好时添加其他查询。
我目前正在连接到我的数据库:
<?php
//DATABASE CONNECTION INFO BELOW:
$hostname="hostname";
$database="dbname";
$username="myusername";
$password="mypassword";
$link = mysql_connect($hostname, $username, $password);
if (!$link) {
die('Connection failed: ' . mysql_error());
}
$db_selected = mysql_select_db($database, $link);
if (!$db_selected) {
die ('Can\'t select database: ' . mysql_error());
}
mysql_close($link);
?>
答案 0 :(得分:1)
以下代表存根。我不会为您编写端到端查询。请注意,由于缺少名称=&#39; xxx&#39;,您的表单在$_POST中没有为PHP处理程序提供任何内容。在那5行左右的下降线。他们所有的一切都都是下降的。
此外,您需要使用mysql_ *函数以外的其他内容。那些旧的弃用功能很容易受到乱丢互联网的大部分源代码的SQL注入攻击。并且它们不会将查询与参数分开。没有准备好的语句绑定,没有异常处理(我曾经见过,有人纠正我)。所以这些有几个原因,我会在那里停下来。
所以我把它移向 mysqli 。如果你愿意,你也可以摇摆 PDO 。并且您需要使用预准备语句进行绑定以清理用户输入,以便在不进行清理的情况下不直接对其进行操作。绑定为你做到了。
但是以下内容会在输出中返回你的POST。继续相应。
<html>
<body>
<div class="section-two">
<div class="row bound-box">
<div class="col-lg-8 col-md-8 col-sm-8 col-lg-offset-2 col-md-offset-2 col-sm-offset-2 main clearfix">
<form id="nl-form" class="nl-form" action="searchpubs.php" method="post">
I feel to visit
<select id="category" name="category">
<option value="anywhere" selected>anywhere</option>
<option value="pub">a pub</option>
<option value="nightclub">a nightclub</option>
<option value="brewery">a brewery</option>
<option value="stripclub">a gentleman's club</option>
</select>
<br/>that
<select id="foodDrink" name="foodDrink">
<option value="food" selected>serves food</option>
<option value="drinks">serves drinks only</option>
</select>
and has
<br/>
<select id="extra" name="extra">
<option value="poolTable" selected>a pool table</option>
<option value="danceFloor">a dance floor</option>
<option value="tv">tv's</option>
<option value="everything">everything</option>
<option value="anything">anything</option>
</select>
. It's within<br>
<select id="distance" name="distance">
<option value="anyDistance" selected>any distance</option>
<option value="5">5 km</option>
<option value="10">10 km</option>
<option value="15">15 km</option>
<option value="20">20 km</option>
</select>
from me<br> and is open
<select id="hours" name="hours">
<option value="late" selected>past 12 a.m.</option>
<option value="allDay">all day</option>
<option value="weekdays">on weekdays</option>
<option value="sundays">on sundays</option>
<option value="anytime">anytime</option>
</select>
<div class="nl-submit-wrap">
<button class="nl-submit" type="submit">Find Your Pub</button>
</div>
<div class="nl-overlay"></div>
</form>
</div><!--column-->
</div><!-- row -->
</div><!--section-two-->
</body>
</html>
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
error_reporting(E_ALL);
ini_set("display_errors", 1);
// error reporting is now turned on
echo "start<br/>";
try {
$mysqli= new mysqli('hostname', 'username', 'password', 'dbname'); // change me please
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
echo "I am connected and feel happy.<br/>";
?>
<table>
<?php
//http://stackoverflow.com/a/9332766/
foreach ($_POST as $key => $value) {
echo "<tr>";
echo "<td>";
echo $key;
echo "</td>";
echo "<td>";
echo $value;
echo "</td>";
echo "</tr>";
}
?>
</table>
<?php
// make necessary mysqli queries by BINDING parameters with prepared statements
// because even though they are from a drop down box, they can be faked
// and sql injection can and will occur by some fool out there
//$stmt->close();
$mysqli->close();
} catch (mysqli_sql_exception $e) {
throw $e;
}
?>
start
I am connected and feel happy.
category anywhere
foodDrink drinks
extra poolTable
distance 10
hours late
以下是可能出现错误之一的输出:
致命错误:未捕获的异常&#39; mysqli_sql_exception&#39;消息&#39; A 连接尝试失败,因为连接方没有正确 一段时间后回复,或建立连接失败 因为连接的主机无法响应。 &#39;在 C:\ Apache24 \ htdocs \ searchpubs.php:9堆栈跟踪:#0 C:\ Apache24 \ htdocs \ searchpubs.php(9):mysqli-&gt; mysqli(&#39; ibm.com&#39;, &#39; LordBenson&#39;,&#39; billybob&#39;,&#39; db666&#39;)#1 {main}投入 第9行的C:\ Apache24 \ htdocs \ searchpubs.php
因此,请启用错误报告,尝试/捕获。它有你的背。试试吧。