我正在尝试使用上一页中发布的表单中的PHP会话搜索我的数据库,但搜索不会返回任何语法错误。
答案 0 :(得分:0)
试试这个:
$query= "SELECT * FROM students WHERE faculty ='" . $fa. "' AND
degree ='" . $de . "' AND course ='" . $co . "' ORDER BY name";
哦,请使用准备好的声明。这个解决方案非常不安全!!
您可以在下面详细了解准备好的声明:
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
答案 1 :(得分:0)
首先,免责声明:我不使用mysqli或PDO;我使用自己的数据库抽象。因此,您需要使用文档验证我的示例。
我首先尝试写一个答案,展示mysqli中参数的使用,但坦率地说,mysqli是...... 丑陋。非常丑陋而且相当笨拙。
如果您需要添加会话,则可以在基本原型工作后执行此操作。我没有处理会话,而是解决数据库访问的基础问题。请不要认为这是剪切和粘贴代码:它可能会也可能不会,因为我无法测试它。它旨在为您提供建议和起点。
<?php
//session_start(); // not needed for this example
function get_post($var_name) {
$out = '';
if(array_key_exists($var_name,$_POST)) {
$out = $_POST[$var_name];
}
return $out;
}
// whenever you have to do something over, break it out into a function
$faculty = get_post('fac');
$degree = get_post('degree');
$course = get_post('course');
// set up PDO connection
// this section credit to https://phpdelusions.net/pdo
$host = '127.0.0.1';
$db = 'students';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
// helpful initializations, such as default fetch is associative array
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $user, $pass, $opt);
// note that the first time the page is accessed,
// the POST variables will be saved as empty strings,
// so the query will execute fine, but won't find any results.
$query= 'SELECT name,faculty,degree,course,attend ' .
'FROM students ' .
'WHERE faculty=? AND degree=? AND course=? ' .
'ORDER BY name';
$pdo->prepare($query);
$result = $pdo->execute([$faculty, $degree, $course]); // don't miss the [] which is a shortcut for array()
// notice, try to keep PHP and HTML presentation separate,
// with PHP on top. (advanced: learn MVC)
// now that we have access to our data, present the html
// The HTML could be in another file and simply required() here.
?>
<html>
<head>
<title>Staff List</title>
</head>
<body>
<form action="" method="post">
<img src="login10.png" id="logos"/>
<h2 id="inf">Staff List </h2>
<ul>
<li>
<label for="fac">Faculty :</label>
<select id="fac" name="fac" required>
<option value="">Select course Faculty ..</option>
<option value="Business">Business</option>
<option value="Engineering">Engineering</option>
<option value="pharmaceutical">pharmaceutical</option>
<option value="Sport">Sport </option>
<option value="Science">Science </option>
</select>
</li>
<li>
<label for="degree">Degree :</label>
<select id="degree" name="degree" required>
<option value="">Select Course Degree..</option>
<option value="Associate degree">Associate degree</option>
<option value="Bachelor degree">Bachelor degree</option>
<option value="Master degree">Master degree </option>
<option value="Doctoral degree">Doctoral degree </option>
</select>
</li>
<li>
<label for="course">Required Course :</label>
<input type="text" name="course" id="course" class="text" placeholder="Enter Course Name" required>
</li>
<li>
<label for="submit"> </label>
<input type="submit" id="submit" value="Student List">
</li>
</ul>
</form>
<?php if($faculty && $degree && $course): ?>
<hr>
<h2>Results</h2>
<table>
<?php while ($row = $result->fetch()): ?>
<tr class="data"> <!-- can't use id="data" because id has to be unique -->
<td><?= $row['name'] ?></td>
<td><?= $row['faculty'] ?></td>
<td><?= $row['degree'] ?></td>
<td><?= $row['course'] ?></td>
<td class="colors"><?= $row['attend'] ?></td>
</tr>
<?php endwhile; ?>
</table>
<?php endif; ?>
</body>
</html>