使用SELECT下拉asc desc连接到数据库

时间:2017-06-18 06:32:30

标签: php html mysql database mysqli

我正在尝试创建一个下拉列表,以显示来自我的数据库的Web浏览器上“特殊”的车辆。我希望他们按照asc到desc的价格顺序显示。我有列表的编码但由于某种原因,当您单击显示结果时,它不起作用。我错过了什么?

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
<select name="sort">
<option value="ASC">Ascending</option>
<option value="DESC">Descending</option>
</select>
<input type="submit" name="update" value= "Display results">
	</form>

<?php
// set initial value for variables to avoid errors the first time the page runs
$sort_name = "ASC";
$price="price";
// check to see if the form value has been set and if so return the value
if(isset($_POST['sort'])) {
// set the variable to the value selected from the dropdown - either ASC or DESC
$sort_name = $_POST['sort'];
}

// create the query inserting the value for the sort order with the variable $sort_name
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";	
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";	
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
?>

我之前在编码中连接了我的数据库

任何想法都会很棒

1 个答案:

答案 0 :(得分:0)

sql语句当前正在排序ASC并且是严格键入的,请尝试使用表单提交发送的值

$sql="SELECT * FROM vehicle WHERE special='yes'ORDER BY {$price} {$_POST['sort']}";

但是代码容易受到sql注入的影响,因此您最好使用预处理语句

您发布的代码有一些错误 - 需要引用html输出中的每个字段,否则PHP将假定您使用constants并将抛出错误。图像未正确使用单引号和双引号。

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
    <select name="sort">
        <option value="ASC">Ascending</option>
        <option value="DESC">Descending</option>
    </select>
    <input type="submit" name="update" value= "Display results">
</form>


<?php
    if( $_SERVER['REQUEST_METHOD']=='POST' ){

        $sort_name = isset( $_POST['sort'] ) && in_array( strtolower( $_POST['sort'] ), array( 'asc','desc' ) ) ? $_POST['sort'] : 'ASC';
        $price="price";

        $query = "SELECT * FROM vehicle WHERE special='yes' ORDER BY {$price} {$sort_name}";
        $results = mysqli_query($conn, $query );
        if( !$results ) {
            echo ("Query error: ");
        } else {
            /*
                The fields must be quoted otherwise they will be treated as constants, most likely undefined
            */
            while ($row = mysqli_fetch_array($results)) {
                echo "
                <p>VIN_#: {$row['vin']}</p>
                <p>Stock Number: {$row['stockno']}</p>
                <p>Manufacturer Number: {$row['man_num']}</p>
                <p>Model: {$row['model']}</p>
                <p>Colour: {$row['col_id']}</p>
                <p>Year: {$row['year']}</p>
                <p>Price: {$row['price']}</p>
                <p>Kilometres: {$row['kms']}</p>
                <p>Registration: {$row['rego']}</p>
                <p>Cylinders: {$row['cylinders']}</p>
                <p>Fuel: {$row['fuel']}</p>
                <p>Transmission: {$row['transmission']}</p>
                <p>Category Id: {$row['cat_id']}</p>
                <p>Vehicle on Special (yes/no): {$row['special']}</p>
                <p>Standard Used Vehicle: {$row['standardusedvehicle']}</p>
                <img src='{$row['vehicle_image']}' />";/* The image was not correctly set using single quotes */
            }
        }
    }
?>

如果您要使用PHP_SELF作为表单操作(或者在代码中使用),那么您真的应该尝试使其免受XSS攻击 - 或者使用$_SERVER['SCRIPT_NAME']代替。也就是说,尝试使用:

<?php
    $action = htmlspecialchars( $_SERVER['PHP_SELF'], ENT_QUOTES, 'utf-8');
?>

<form method="post" action='<?php echo action; ?>' >
相关问题
最新问题