PHP多输入搜索

时间:2015-11-25 13:26:25

标签: php html mysql mysqli syntax-error

我目前正在研究一些PHP,我有3个文本输入。在MySQL数据库中搜索这些值,并返回与输入的条件相对应的任何数量的结果。

这是搜索表单:

<form id='SearchPersonal' method='post' action='businessUsersSearch.php' accept-charset='UTF-8'>
<fieldset >
<legend>Search</legend>

<div class='container'>
<label for='C_Name' >Business Name: </label><br/>
<input type='text' name='C_Name' id='C_Name' maxlength="50" /><br/>
<label for='C_County' >City: </label><br/>
<input type='text' name='C_County' id='C_County' maxlength="50" /><br/>
<label for='Job_Type' >Job Type: </label><br/>
<input type='text' name='Job_Type' id='Job_Type' maxlength="50" /><br/>
</div>

<div class='container'>
<input type='submit' name='Submit' value='Search' />
</div>
</fieldset>
</form>

以下是它在动作中链接的PHP脚本:

<?php

     $mysqli_link = mysqli_connect("server", "database", "pass", "user");
    // Check connection
    if (mysqli_connect_errno()) {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    if(isset($_POST['submit'])) {
    // define the list of fields
     $fields = array('C_Name', 'C_County', 'Job_Type');
    $conditions = array();


// loop through the defined fields
foreach($fields as $field){
    // if the field is set and not empty
    if(isset($_POST[$field]) && $_POST[$field] != '') {
        // create a new condition while escaping the value inputed by the user (SQL Injection)
        $conditions[] = "'$field' LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";
}
}

// builds the query
$query = "SELECT C_Name, C_StreetNumber, C_StreetName, C_Postcode, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Jobs.Job_Type, Jobs.Job_Price FROM Company INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID";
// if there are conditions defined
if(count($conditions) > 0) {
    // append the conditions
    $query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative
}

$result = mysqli_query($mysqli_link, $query) or die(mysql_error());

mysqli_close($mysqli_link);


    if(isset($_POST['submit'])) {
        while($row = mysqli_fetch_assoc($result)) {
        $C_Name = $row['C_Name'];
        $C_StreetNumber = $row['C_StreetNumber'];
        $C_StreetName = $row['C_StreetName'];
        $C_Postcode = $row['C_Postcode'];
        $C_County = $row['C_County'];
        $C_Tele = $row['C_Tele'];
        $C_Website = $row['C_Website'];
        $Contact_Forename = $row['Contact_Forename'];
        $Contact_Surname = $row['Contact_Surname'];
        $Contact_Email = $row['Contact_Email'];
        $Job_Type = $row['Job_Type'];
        $Job_Price = $row['Job_Price'];

echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>Postcode: $C_Postcode<br>County: $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email: $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<hr><br>";
        }
    }   
}

?>

由于某种原因它返回的是“

  

意外的文件结尾

“但是我已经检查了代码并且所有代码都正确关闭(从我看到的内容)当我添加另一个'}'时,脚本根本没有返回任何内容。任何人都知道为什么这会发生什么?

来源: Search MySQL Database with Multiple Fields in a Form

2 个答案:

答案 0 :(得分:1)

因为你忘了关闭

if(isset($_POST['submit'])) {// you not close the condition

在档案的最后

只需在文件末尾添加}

即可

答案 1 :(得分:0)

修正:

if(isset($_POST['submit'])) {
// define the list of fields
    $fields = array('C_Name', 'C_City', 'Job_Type', 'Review_Rate');
    $conditions = array();
    }

// builds the query
$query = "SELECT Company.C_Name, Company.C_StreetNumber, C_StreetName, C_Postcode, C_City, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Job_Type, Job_Price, Review_Rate, Review_Comment
FROM Company
INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID
INNER JOIN Review ON Jobs.Job_ID = Review.Job_ID";


// loop through the defined fields
foreach($fields as $field){
    // if the field is set and not empty
    if(isset($_POST[$field]) && !empty($_POST[$field])) {
        // create a new condition while escaping the value inputed by the user (SQL Injection)
        $conditions[] = "$field LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";
        }
    }


// if there are conditions defined
if(count($conditions) > 0) {
    // append the conditions
    $query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative
}

echo "$query";

$result = mysqli_query($mysqli_link, $query);


mysqli_close($mysqli_link);

    if(isset($_POST['submit'])) {
        while($row = mysqli_fetch_array($result)) {
        $C_Name = $row['C_Name'];
        $C_StreetNumber = $row['C_StreetNumber'];
        $C_StreetName = $row['C_StreetName'];
        $C_Postcode = $row['C_Postcode'];
    $C_City = $row['C_City'];
        $C_County = $row['C_County'];
        $C_Tele = $row['C_Tele'];
        $C_Website = $row['C_Website'];
        $Contact_Forename = $row['Contact_Forename'];
        $Contact_Surname = $row['Contact_Surname'];
        $Contact_Email = $row['Contact_Email'];
        $Job_Type = $row['Job_Type'];
        $Job_Price = $row['Job_Price'];
    $Rating = $row['Review_Rate'];
    $Comment = $row['Review_Comment'];

echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>City: $C_City<br>Postcode: $C_Postcode<br>County:     $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email:    $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<br>Rating: $Rating<br>Comment: $Comment<hr><br>";
        }
    }   



?>
相关问题
最新问题