代码:
<?php
if(isset($_POST['search']))
{
$college_id = $_POST['college_id'];
$field = $_POST['field'];
$city = $_POST['city'];
$college_name = $_POST['college_name'];
if($college_id == $_POST['college_id'])
{
$sql = "select * from all_colleges where college_id = '$college_id'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($field == $_POST['field'])
{
$sql = "select * from all_colleges where field = '$field'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($city == $_POST['city'])
{
$sql = "select * from all_colleges where city = '$city'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
elseif($college_name == $_POST['college_name'])
{
$sql = "select * from all_colleges where college_name = '$college_name'";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH))
{
echo "<tr>
<td>".$fetch['college_id']."</td>
<td>".$fetch['college_name']."</td>
<td>".$fetch['website']."</td>
<td>".$fetch['field']."</td>
<td>".$fetch['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
}
else
{
$per_page=100;
if (isset($_GET["page"]))
{
$page = $_GET["page"];
}
else {
$page=1;
}
$start_from = ($page-1) * $per_page;
$sql="select * from all_colleges LIMIT $start_from, $per_page";
$result = mysqli_query($link,$sql);
while ($row = mysqli_fetch_array($result))
{
echo "<tr>
<td>".$row['college_id']."</td>
<td>".$row['college_name']."</td>
<td>".$row['website']."</td>
<td>".$row['field']."</td>
<td>".$row['city']."</td>
<td>
<a class='view' title='view' href='view.php?id=".$row['college_id']."'>
<img src='gridview/view.png' alt='view' />
</a>
<a class='update' title='Update' href='update.php?id=".$row['college_id']."'>
<img src='gridview/update.png' alt='Update' />
</a>
<a class='delete' title='delete' href='delete.php?ad_id=".$row['college_id']."'>
<img src='gridview/delete.png' alt='delete' />
</a>
</td>
</tr>";
}
}
?>
html代码:
<form method="post">
<div class="row">
<label for="Producer_firstname">College Id</label>
<input type="text" name="college_id" id="college_id" size="25" />
</div>
<div class="row">
<label for="Producer_firstname">Field</label>
<select name="field" id="field">
<option value="">Select Field</option>
<option value='All'>All</option>
<option value='engineering'>Engineering</option>
<option value='law'>LAW</option>
<option value='medical'>Medical</option>
<option value='management'>Management</option>
<option value='pharmacy'>Pharmacy</option>
<option value='hotel management'>Hotel Management</option>
<option value='mass communication'>Mass Communication</option>
<option value='agriculture'>Agriculture</option>
<option value='architecture'>Architecture</option>
<option value='education'>Education</option>
<option value='paramedical'>Paramedical</option>
<option value='design'>Design</option>
<option value='commerce'>Commerce</option>
<option value='film/tv/media'>Film /TV/ Media</option>
<option value='General'>General</option>
</select>
</div>
<div class="row">
<label for="Producer_firstname">Location</label>
<input type="text" name="city" id="city" size="25" />
</div>
<div class="row">
<label for="Producer_firstname">College Name</label>
<input type="text" name="college_name" id="college_name" size="50" />
</div>
<div class="row buttons">
<button type="submit" name="search" id="search">Search</button>
</div>
</form>
在此代码中,我希望当我发布College_id时,它将运行
select * from all_colleges where college_id = '$college_id'
,当我发布字段时,它将运行
select * from all_colleges where field = '$field'
类似于City和College_name。但是它只运行college_id询问我要么在college_id或字段上它仍然运行相同的查询,即
select * from all_colleges where college_id = '$college_id'
我该如何解决此问题请帮助?
谢谢
if($college_id == $_POST['college_id'])
这将永远是正确的改用此方法:
if(isset($_POST['college_id']) && !empty($_POST['college_id']))
提交表单时,所有字段都将设置为检查值,并添加条件,例如,
if(isset($_POST['search'])) {
$where =[];
if($_POST['college_id']){
$where[] = ' college_id = "'.$_POST['college_id'].'"';
}
if($_POST['field']){
$where[] = ' field = "'.$_POST['field'].'"';
}
if($_POST['city']){
$where[] = ' city = "'.$_POST['city'].'"';
}
if($_POST['college_name']){
$where[] = ' college_name = "'.$_POST['college_name'].'"';
}
// you are searching so I prefer OR in implode
$where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
$sql = "select * from all_colleges ".$where;
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) {
....
} // end while
}// end if post search
更新,根据@riggsfolly评论,您需要使用prepary and bind_param喜欢(基于gumbo的答案(,以防止数据从sql攻击中进行。
if(isset($_POST['search'])) {
$where =[],$values=[];
if($_POST['college_id']){
$where[] = ' college_id = ? ';
$values['college_id']=$_POST['college_id'];
}
if($_POST['field']){
$where[] = ' field = ? ';
$values['field']=$_POST['field'];
}
if($_POST['city']){
$where[] = ' city = ? ';
$values['city']=$_POST['city'];
}
if($_POST['college_name']){
$where[] = ' college_name = ? ';
$values['college_name']=$_POST['college_name'];
}
// you are searching so I prefer OR in implode
$where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
$stmt = $mysqli->prepare($query);
$params = array_merge(array(str_repeat('s', count($values))), array_values($values));
call_user_func_array(array(&$stmt, 'bind_param'), $params);
/* fetch result data */
while ($stmt->fetch()) {
// your code here
}
} // end if