我建立汽车经销商门户网站,我的搜索表单中有多个下拉列表,我面临的问题是,一旦用户执行搜索而不是显示用户搜索的内容,所有内容都将从数据库中显示。
我真的不能指出我错了。我真的很感激,如果有人不能看到它并帮助我。
表单页面如下。
<script>
function populate(s1,s2){
var s1 = document.getElementById(s1);
var s2 = document.getElementById(s2);
s2.innerHTML = "";
if(s1.value == "Honda"){
var optionArray = ["accord|Accord","pilot|Pilot","crv|CRV"];
} else if(s1.value == "Toyota"){
var optionArray = ["corolla|Corolla","camry|Camry","highlander|Highlander"];
} else if(s1.value == "Peugeot"){
var optionArray = ["206|206","307|307"];
}
for(var option in optionArray){
var pair = optionArray[option].split("|");
var newOption = document.createElement("option");
newOption.value = pair[0];
newOption.innerHTML = pair[1];
s2.options.add(newOption);
}
}
</script>
<form action="test2.php" method="get" name="search">
<select name="bodytype">
<option value="Saloon">Saloon</option>
<option value="SUV">SUV</option>
</select>
<select name="make" id="make" onchange="populate(this.id, 'model')">
<option selected>Any</option>
<option value="Toyota">Toyota</option>
<option value="Honda">Honda</option>
<option value="BMW">BMW</option>
</select>
<select name="model" id="model">
</select>
<select name="cost1">
<option selected>Any</option>
<option>10000</option>
<option>20000</option>
<option>30000</option>
<option>40000</option>
<option>50000</option>
<option>60000</option>
<option>70000</option>
<option>80000</option>
<option>90000</option>
<option>100000</option>
</select>
<select name="cost2">
<option selected>Any</option>
<option>10000</option>
<option>20000</option>
<option>30000</option>
<option>40000</option>
<option>50000</option>
<option>60000</option>
<option>70000</option>
<option>80000</option>
<option>90000</option>
<option>100000</option>
</select>
<select name="transmission">
<option selected>Any</option>
<option>Auto</option>
<option>Manual</option>
</select>
<input name="submit" type="submit">
</form>
这是表单处理页面
include('functions/config.php');
if(isset($_GET['submit'])){
$query = "SELECT * FROM details WHERE 1=1"; // Grab All Records
if ( isset($_GET["bodytype"]) )
$query = $query . " AND bodytype = '%".$_GET["bodytype"]."%'"; // Filter on Body Type
if ( isset($_GET["make"]) )
$query = $query . " AND make = '%".$_GET["make"]."%'"; // Filter on Make
if ( isset($_GET["model"]) )
$query = $query . " AND model = '%".$_GET["model"]."%'"; // Filter Model
if ( isset($_GET["transmission"]) )
$query = $query . " AND transmission = '%".$_GET["transmission"]."%'"; // Filter on Transmission
$search_query = mysqli_query($connection, $query);
if(!$search_query){
die("QUERY FAILED" .mysqli_error($connection));
}
$count = mysqli_num_rows($search_query);
if($count == 0){
echo "no result";
}else{
while($row = mysqli_fetch_assoc($search_query)){
echo $row["bodytype"]."</br>";
echo $row["make"]."</br>";
echo $row["model"]."</br>";
/*echo $row["MinPrice"]."</br>";
echo $row["MaxPrice"]."</br>";*/
echo $row["transmission"]."</br>";
}
}
}
?>
答案 0 :(得分:0)
如果其中一个get []是空白参数,那么对于该字段,它将返回true,假设该字段不为空,因为类似于&#39; %%&#39;将是真的。
您只想对包含数据的get parms执行类似的声明。
这将是最一致的语法,但我也推荐未列出的SQL注入更新。
请注意,我将过滤器从OR更改为And
$query = "SELECT * FROM details WHERE 1=1"; // Grab All Records
if ( isset($_GET["bodytype"]) )
$query = $query . " AND bodytype = '%".$_GET["bodytype"]."%'"; // Filter on Body Type
if ( isset($_GET["make"]) )
$query = $query . " AND make = '%".$_GET["make"]."%'"; // Filter on Make
...