大家好(很抱歉我的懒英语^^)!我想要一个SELECT搜索表单搜索(示例)与邮政编码1234的约翰doe。但是当我用1234搜索无名氏时,结果也是一个客户id为1234的客户。这不是很好,但我认为,我在正确的道路上。我怎样才能修好它?好了,这是我的初学者代码,我希望你能笑一笑,你可以帮助我的代码,这是我想要的。非常感谢,伙计们!!
<table class="table table-striped" >
<p>
<tr>
<th>Kundennummer</th>
<th>Reklamationsnummer</th>
<th>Firma</th>
<th>Nachname</th>
<th>Vorname</th>
<th>Straße</th>
<th>Nr</th>
<th>Plz</th>
<th>Ort</th>
<th>Telefon</th>
<th>Mail</th>
<tr>
<?php
error_reporting(-1);
ini_set('display_errors', true);
include "config.php";
$kdnr = mysqli_real_escape_string($mysqli, $_GET['kdnr']);
$reklamationsnummer = mysqli_real_escape_string($mysqli, $_GET['reklamationsnummer']);
$firma = mysqli_real_escape_string($mysqli, $_GET['firma']);
$nachname = mysqli_real_escape_string($mysqli, $_GET['nachname']);
$vorname = mysqli_real_escape_string($mysqli, $_GET['vorname']);
$street = mysqli_real_escape_string($mysqli, $_GET['street']);
$hausnummer = mysqli_real_escape_string($mysqli, $_GET['hausnummer']);
$postleitzahl = mysqli_real_escape_string($mysqli, $_GET['postleitzahl']);
$ort = mysqli_real_escape_string($mysqli, $_GET['ort']);
$telefon = mysqli_real_escape_string($mysqli, $_GET['telefon']);
$mail = mysqli_real_escape_string($mysqli, $_GET['mail']);
$result = $mysqli->query("SELECT kdnr, reklamationsnummer, firma, nachname, vorname, street, hausnummer, postleitzahl, ort, telefon , mail
FROM kundentest
WHERE
kdnr = '".$kdnr."' XOR
reklamationsnummer = '".$reklamationsnummer."' XOR
firma = '".$firma."' XOR
nachname = '".$nachname."' XOR
vorname = '".$vorname."' XOR
street = '".$street."' XOR
hausnummer = '".$hausnummer."' XOR
postleitzahl = '".$postleitzahl."' XOR
ort = '".$ort."' XOR
telefon = '".$telefon."' XOR
mail = '".$mail."' ");
while ($row = $result->fetch_assoc()):
?>
<tr>
<td><?php echo $row['kdnr']; ?></td>
<td><?php echo $row['reklamationsnummer']; ?></td>
<td><?php echo $row['firma']; ?></td>
<td><?php echo $row['nachname']; ?></td>
<td><?php echo $row['vorname']; ?></td>
<td><?php echo $row['street']; ?></td>
<td><?php echo $row['hausnummer']; ?></td>
<td><?php echo $row['postleitzahl']; ?></td>
<td><?php echo $row['ort']; ?></td>
<td><?php echo $row['telefon']; ?></td>
<td><?php echo $row['mail']; ?></td>
</tr>
<?php
endwhile;
?>
</table>
<table>
<tr>
<th><a class="btn btn-info" href="index.php" role="button">zurück zur Suche</a></th>
</tr>
</table>
我猜您需要某种动态查询字符串生成。尝试将从include "config.php";
开始的片段替换为:
include "config.php";
$query = "SELECT kdnr, reklamationsnummer, firma, nachname, vorname, street, hausnummer, postleitzahl, ort, telefon , mail
FROM kundentest ";
$search_fields = array('kdnr',
'reklamationsnummer',
'firma',
'nachname',
'vorname',
'street',
'hausnummer',
'postleitzahl',
'ort',
'telefon',
'mail'
);
$first = true;
$params = array();
foreach ($search_fields as $column) {
if(isset($_GET[$column])) {
if ($first) {
$query.='WHERE ';
$first = false;
} else {
$query.=' AND ';
}
$query.= $column.' = ? ';
$params[]=$_GET[$column];
}
}
if ($stmt = $mysqli->prepare($query)) {
$i=0;
foreach($params as $param) {
${'param'.++$i} = $param;
$stmt->bind_param('s', ${'param'.$i});
}
$stmt->execute();
/* bind result variables */
$stmt->bind_result($kdnr, $reklamationsnummer, $firma, $nachname, $vorname, $street, $hausnummer, $postleitzahl, $ort, $telefon , $mail);
while ($stmt->fetch()) { ?>
<tr>
<td><?= $kdnr ?></td>
<td><?= $reklamationsnummer ?></td>
<td><?= $firma ?></td>
<td><?= $nachname ?></td>
<td><?= $vorname ?></td>
<td><?= $street ?></td>
<td><?= $hausnummer ?></td>
<td><?= $postleitzahl ?></td>
<td><?= $ort ?></td>
<td><?= $telefon ?></td>
<td><?= $mail ?></td>
</tr>
<?php }
}
如果有任何问题,欢迎提问。
我想我不明白你的疑问,但也许是更好的,如果你创建一个存储过程来控制这一点。如果有邮政编码为1234的客户,返回并不搜索customerid
或
修改查询,不查找customerid
英语也不好意思=)