Question

我在过滤数据库时遇到问题，我有这个代码，但在点击提交按钮搜索后它没有显示已过滤的数据库。

<form method="POST" action="client.php">
<div id="Search"  style="display:none">
     <h4>Search Client</h4>
        <table>
            <tr>
                <td>
                    <input type="text" name="text" placeholder="Keyword" />
                </td>
                <td>
                    &nbsp &nbsp
                </td>
                <td>
                    <select id="search_by" name="search_by">
                    <option value="Reference">Reference</option>
                    <option value="Lastname">Lastname</option>
                    <option value="Firstname">Firstname</option>
                    <option value="Province">Province</option>
                    <option value="Request">Request</option>
                    <option value="Status">Status</option>
                    </select>
                </td> 
                 <td>
                    &nbsp &nbsp
                </td>  
                <td>
                    <input type="submit" name="btn_search" value="Search">
                </td>
            </tr>
        </table>
        <br>
        <?php
        $res=mysqli_query($con,"SELECT*FROM client_info");
        echo "<table style='font-size:12px;border-spacing:5px; background-color:white; width:100%;'>";  
        echo "<tr>";
        echo "<th> Reference No </th>";
        echo "<th> Lastname </th>";
        echo "<th> Firstname </th>";
        echo "<th> Middlename </th>";
        echo "<th> Street </th>";
        echo "<th> Brgy </th>";
        echo "<th> Town </th>";
        echo "<th> Prov </th>";
        echo "<th> Mobile </th>";
        echo "<th> Email </th>";
        echo "<th> Event </th>";
        echo "<th> Venue </th>";
        echo "<th> No. of Attendants </th>";
        echo "<th> Request </th>";
        echo "<th> Payment Ammount </th>";
        echo "<th> Payment Status </th>";
        echo "</tr>";
        while ($row=mysqli_fetch_array($res)) {
            echo "<tr>";
            echo "<td>". $row["ref_no"] . "</td>";
            echo "<td>". $row["last_name"] . "</td>";
            echo "<td>". $row["first_name"] . "</td>";
            echo "<td>". $row["middle_name"] . "</td>";
            echo "<td><center>". $row["street"] . "</center></td>";
            echo "<td><center>". $row["brgy"] . "</center></td>";
            echo "<td><center>". $row["town"] . "</center></td>";
            echo "<td><center>". $row["prov"] . "</center></td>";
            echo "<td><center>". $row["mobile"] . "</center></td>";
            echo "<td><center>". $row["email_add"] . "</center></td>";
            echo "<td><center>". $row["event"] . "</center></td>";
            echo "<td><center>". $row["venue"] . "</center></td>";
            echo "<td><center>". $row["number_attendants"] . "</center></td>";
            echo "<td><center>". $row["request_res"] . "</center></td>";
            echo "<td><center>". $row["payment_amount"] . "</center></td>";
            echo "<td><center>". $row["payment_res"] . "</center></td>";
            echo "</tr>";
        }
        echo "</table>"; 
        ?>
    </form>
    <?php
    if (isset($_POST['btn_search'])) {
        if ($_POST['search_by'] == 'Reference') {
           $res=mysqli_query($con,"SELECT*FROM client_info WHERE ref_no LIKE '%".$_POST['text']."%'");
            echo "<table style='font-size:12px;border-spacing:5px; background-color:white; width:100%;'>";  
            echo "<tr>";
            echo "<th> Reference No </th>";
            echo "<th> Lastname </th>";
            echo "<th> Firstname </th>";
            echo "<th> Middlename </th>";
            echo "<th> Street </th>";
            echo "<th> Brgy </th>";
            echo "<th> Town </th>";
            echo "<th> Prov </th>";
            echo "<th> Mobile </th>";
            echo "<th> Email </th>";
            echo "<th> Event </th>";
            echo "<th> Venue </th>";
            echo "<th> No. of Attendants </th>";
            echo "<th> Request </th>";
            echo "<th> Payment Ammount </th>";
            echo "<th> Payment Status </th>";
            echo "</tr>";
        while ($row=mysqli_fetch_array($res)) {
            echo "<tr>";
            echo "<td>". $row["ref_no"] . "</td>";
            echo "<td>". $row["last_name"] . "</td>";
            echo "<td>". $row["first_name"] . "</td>";
            echo "<td>". $row["middle_name"] . "</td>";
            echo "<td><center>". $row["street"] . "</center></td>";
            echo "<td><center>". $row["brgy"] . "</center></td>";
            echo "<td><center>". $row["town"] . "</center></td>";
            echo "<td><center>". $row["prov"] . "</center></td>";
            echo "<td><center>". $row["mobile"] . "</center></td>";
            echo "<td><center>". $row["email_add"] . "</center></td>";
            echo "<td><center>". $row["event"] . "</center></td>";
            echo "<td><center>". $row["venue"] . "</center></td>";
            echo "<td><center>". $row["number_attendants"] . "</center></td>";
            echo "<td><center>". $row["request_res"] . "</center></td>";
            echo "<td><center>". $row["payment_amount"] . "</center></td>";
            echo "<td><center>". $row["payment_res"] . "</center></td>";
            echo "</tr>";
        }
        echo "</table>"; 
        }  
    }
    ?>
</div>

Answer 1

我认为显示已过滤的结果。它看起来似乎并不是因为您每次都输出未过滤的结果，然后在提交了搜索表单时输出过滤后的结果。您只需要根据是否提交了搜索表单来运行不同的查询。这样的事情。

// search form

if (isset($_POST['btn_search'])) {
    if ($_POST['search_by'] == 'Reference') {
       $res = mysqli_query($con, "SELECT * FROM client_info WHERE ref_no LIKE '%".$_POST['text']."%'");
    }
} else {
    $res = mysqli_query($con, "SELECT * FROM client_info");
}

// display your query results

此外，您的查询容易受到SQL注入攻击。除了这里的问题之外，你应该考虑使用预准备语句，而不是将post值连接到SQL中。

使用文本框和下拉列表搜索表以过滤数据库（实时搜索）

1 个答案: