我有一个简单的形式,是使用下拉列表选择团队成员的位置从phpmyadmin数据库和使用php在index.php文件
这会完美地返回行并且工作得很好,但是,我还想以相同的形式选择从该表中选择所有记录的选项,无论
这是html表单
<form id="main_select" action="view_members.php" method="POST">
<select name='main_select' required>
<option value="" disabled selected>Select staff position</option>
<option value="all">View All Members</option>
<option value="Professor">Professor</option>
<option value="Senior Lecturer">Senior Lecturer</option>
<option value="Reader">Reader</option>
<option value="Lecturer">Lecturer</option>
</select>
<input type="submit" value="View Selected Staff Members">
</form>
这里是view_members。php当教授选项被选中时效果很好
<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
$result = mysqli_query($conn, $statement);
}
?>
<?php
echo '<table align="center" border="0" cellspacing="35" cellpadding="2" width="100%">';
echo "<thead><tr><th>ID</th><th>Name</th><th>Email</th><th>Position</th><th>Update</th>
<th>Action</th></tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>{$row['name']}</td>";
echo "<td>{$row['email']}</td>";
echo "<td>{$row['position']}</td>";
echo "<td><a href='edit_member.php?id={$row['id']}'>Edit</a></td>";
echo "<td><a href='delete_member.php?id={$row['id']}'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
echo '<p><a href="index.php">Back</a></p>';
?>
然后尝试添加else语句来查找"all"然后选择所有的记录但是没有返回任何东西如果我再次选择教授它可以工作吗?我能做到吗?
下面是我用
尝试的if else代码<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
$result = mysqli_query($conn, $statement);
} else {
if (isset($_POST['main_select' == 'all'])) {
$statement = "SELECT * FROM staff_members";
$result = mysqli_query($conn, $statement);
}
}
任何帮助都将非常感激。
感谢大卫。
所以感谢你的输入伙计,这是我放在一起假设这仍然是开放的SQL注入?
<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
if ($position == "all") {
$statement = "SELECT * FROM staff_members";
} else {
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
}
$result = mysqli_query($conn, $statement);
}
echo '<table align="center" border="0" cellspacing="35" cellpadding="2" width="100%">';
echo "<thead><tr><th>ID</th><th>Name</th><th>Email</th><th>Position</th><th>Update</th><th>Action</th></tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>{$row['name']}</td>";
echo "<td>{$row['email']}</td>";
echo "<td>{$row['position']}</td>";
echo "<td><a href='edit_member.php?id={$row['id']}'>Edit</a></td>";
echo "<td><a href='delete_member.php?id={$row['id']}'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
echo '<p><a href="index.php">Back</a></p>';
?>
但是,当"all"时,它可以工作并提取所有记录。选择