代码:
<?php
if(isset($_POST['search']))
{
$college_id = $_POST['college_id'];
$field = $_POST['field'];
$city = $_POST['city'];
$college_name = $_POST['college_name'];
if($college_id == $_POST['college_id'])
{
$sql = "select * from all_colleges where college_id = '$college_id'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($field == $_POST['field'])
{
$sql = "select * from all_colleges where field = '$field'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($city == $_POST['city'])
{
$sql = "select * from all_colleges where city = '$city'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($college_name == $_POST['college_name'])
{
$sql = "select * from all_colleges where college_name = '$college_name'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
}
else
{
$per_page=100;
if (isset($_GET["page"]))
{
$page = $_GET["page"];
}
else {
$page=1;
}
$start_from = ($page-1) * $per_page;
$sql="select * from all_colleges LIMIT $start_from, $per_page";
$result = mysqli_query($link,$sql);
while ($row = mysqli_fetch_array($result))
{
echo "<tr>
<td>".$row['college_id']."</td>
<td>".$row['college_name']."</td>
<td>".$row['website']."</td>
<td>".$row['field']."</td>
<td>".$row['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$row['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$row['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$row['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
?>
html代码:
<form method="post">
<div class="row">
<label for="Producer_firstname">College Id</label>
<input type="text" name="college_id" id="college_id" size="25" />
</div>
<div class="row">
<label for="Producer_firstname">Field</label>
<select name="field" id="field">
<option value="">Select Field</option>
<option value='All'>All</option>
<option value='engineering'>Engineering</option>
<option value='law'>LAW</option>
<option value='medical'>Medical</option>
<option value='management'>Management</option>
<option value='pharmacy'>Pharmacy</option>
<option value='hotel management'>Hotel Management</option>
<option value='mass communication'>Mass Communication</option>
<option value='agriculture'>Agriculture</option>
<option value='architecture'>Architecture</option>
<option value='education'>Education</option>
<option value='paramedical'>Paramedical</option>
<option value='design'>Design</option>
<option value='commerce'>Commerce</option>
<option value='film/tv/media'>Film /TV/ Media</option>
<option value='General'>General</option>
</select>
</div>
<div class="row">
<label for="Producer_firstname">Location</label>
<input type="text" name="city" id="city" size="25" />
</div>
<div class="row">
<label for="Producer_firstname">College Name</label>
<input type="text" name="college_name" id="college_name" size="50" />
</div>
<div class="row buttons">
<button type="submit" name="search" id="search">Search</button>
</div>
</form>
在这段代码中我希望当我发布college_id时它会运行
select * from all_colleges where college_id = '$college_id'
当我发布字段时,它将运行
select * from all_colleges where field = '$field'
同样适用于city和college_name。但它只运行college_id查询或者我发布了college_id或者字段,它仍然运行相同的查询,即
select * from all_colleges where college_id = '$college_id'
我该如何解决这个问题请帮忙?
谢谢
答案 0 :(得分:0)
if($college_id == $_POST['college_id'])这将永远是真的
试试这个:
if(isset($_POST['college_id']) && !empty($_POST['college_id']))
答案 1 :(得分:0)
当您提交表单时,将设置所有字段,您需要检查其中的值并添加条件,例如,
if(isset($_POST['search'])) {
$where =[];
if($_POST['college_id']){
$where[] = ' college_id = "'.$_POST['college_id'].'"';
}
if($_POST['field']){
$where[] = ' field = "'.$_POST['field'].'"';
}
if($_POST['city']){
$where[] = ' city = "'.$_POST['city'].'"';
}
if($_POST['college_name']){
$where[] = ' college_name = "'.$_POST['college_name'].'"';
}
// you are searching so I prefer OR in implode
$where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
$sql = "select * from all_colleges ".$where;
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) {
....
} // end while
}// end if post search
已更新,根据@RiggsFolly评论,您需要使用prepare和bind_param(基于Gumbo's answer)阻止您的数据遭受SQL攻击,
if(isset($_POST['search'])) {
$where =[],$values=[];
if($_POST['college_id']){
$where[] = ' college_id = ? ';
$values['college_id']=$_POST['college_id'];
}
if($_POST['field']){
$where[] = ' field = ? ';
$values['field']=$_POST['field'];
}
if($_POST['city']){
$where[] = ' city = ? ';
$values['city']=$_POST['city'];
}
if($_POST['college_name']){
$where[] = ' college_name = ? ';
$values['college_name']=$_POST['college_name'];
}
// you are searching so I prefer OR in implode
$where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
$stmt = $mysqli->prepare($query);
$params = array_merge(array(str_repeat('s', count($values))), array_values($values));
call_user_func_array(array(&$stmt, 'bind_param'), $params);
/* fetch result data */
while ($stmt->fetch()) {
// your code here
}
} // end if