【问题标题】:display data from database of an HTML form从 HTML 表单的数据库中显示数据
【发布时间】:2017-04-07 14:46:58
【问题描述】:

我正在尝试使用 PHP 通过 HTML 表单从我的数据库中显示结果。用户单击提交按钮后,根据他们在每个字段中输入的内容,应相应地显示结果。

例如如果我点击下拉菜单中的“房间”,当我在价格文本字段和其余字段中指定某个价格时,应该显示与我搜索的内容相关的任何内容。

我能够为下拉菜单执行此操作,但我不知道如何输入多个值,当我单击提交时,它会相应地生成数据。

这是我到目前为止所做的:

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title></title>
</head>
<body>
    <form action="dropdown2.php" method="POST">
        <select name="testing" type="text">
            <option value="Choose">Choose type of stay</option>
            <option value="Flat">Flat</option>
            <option value="Room">Room</option>
            <option value="Apartment">Apartment</option>
            <option value="Villa">Villa</option>
        </select>
        <p></p>
        <table>
        <tr>
            <td width="14%" class="label">Minimum Price MYR</td>
            <td width="42%"><input type="text" name="textfield4" id="textfield4" class="text" /></td>
            <td class="label">Maximum Price MYR</td>
            <td><input type="text" name="textfield2" id="textfield2" class="text" /></td>
        </tr>
        <tr>
            <td class="label">Bed Rooms</td>
            <td>
                <label>
                <input type="text" name="search" id="textfield5" class="text smalltextarea" />
                </label>
            </td>
            <td class="label">Bathrooms</td>
            <td><input type="text" name="textfield3" id="textfield3" class="text" /></td>
        </tr>
        </table>
        <p></p>
        <input type="submit" value="Submit" name="submit">
    </form>
    <?php
    mysql_connect("localhost", "root", "") or die("Error connecting to database: ".mysql_error());

    mysql_select_db("test") or die(mysql_error());
    if(isset($_POST['testing'])){
    $query = $_POST['testing']; 

    $min_length = 3;

    if(strlen($query) >= $min_length){ 
        $query = htmlspecialchars($query);          
        $query = mysql_real_escape_string($query);

        $raw_results = mysql_query("SELECT * FROM rooms
            WHERE (`name` LIKE '%".$query."%') OR (`price` LIKE '%".$query."%') OR (`description` LIKE '%".$query."%')") or die(mysql_error());
        if(mysql_num_rows($raw_results) > 0){ 

        while($results = mysql_fetch_array($raw_results)){
            echo "<p><h3>".$results['name']."</h3>"."RM " .$results['price']."</p>"."<p>".$results['description']."</p>";
        }

    }
    else{ 
        echo "No results";
    }
        }
        else{ 
            echo "Minimum length is ".$min_length;
        }
    }
    ?>
</body>
</html>

我是 PHP 和 MySQL 的新手...感谢任何帮助!

【问题讨论】:

  • mysql_* 函数自 PHP v5.5 起已弃用,自 v7.0 起已被删除。它们不应用于新代码,应尽快替换为 mysqliPDO 等效项。
  • &lt;select name="testing" type="text"&gt; - 失败.
  • ...&lt;select&gt; 没有类型。
  • 您需要动态生成查询。您应该升级驱动程序并使用参数化查询。存储数据时你使用htmlspecialchars吗?
  • 您也没有使用任何(其他)$_POST 进行选择/输入。正如我已经说过的那样,&lt;select&gt; 中的那种类型在这里失败了。

标签: php html mysql forms


【解决方案1】:

第一个 id 说把名字改成更容易调和的名字 您还缺少名称或描述字段,不确定是哪一个(因为名称与数据库字段不相似)

用 pdo 或 mysqli 替换 mysql 我在这个例子中使用了 pdo 因为如果你升级到 php 7 mysql 函数会被删除(就像上面 cmets 中建议的那样)

您可以使用准备好的语句来代替 mysql 真正的转义等

您在查询中还缺少其他帖子字段,例如 cmets 中建议的其他帖子字段,例如有多少浴室、最低价格、最高价格等(这些字段由用户发布但未在查询中使用) 您在查询中为所有这些值使用了相同的 postfield

现在根据您的字段,我假设例如,如果有人填写 minprice = 12 和 descr = flat,则结果都必须具有最低价格 12 和类似 flat 的描述,因此您需要更改您使用的 OR在您的查询中根据填写的字段来查询 AND

这里有一个关于如何去做的例子:

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title></title>
</head>
<body>
    <form action="" method="POST">
        <select name="description" type="text">
            <option value="Choose">Choose type of stay</option>
            <option value="Flat">Flat</option>
            <option value="Room">Room</option>
            <option value="Apartment">Apartment</option>
            <option value="Villa">Villa</option>
        </select>
        <p></p>
        <table>
        <tr>
            <td width="14%" class="label">Minimum Price MYR</td>
            <td width="42%"><input type="text" name="minprice" id="textfield4" class="text" /></td>
            <td class="label">Maximum Price MYR</td>
            <td><input type="text" name="maxprice" id="textfield2" class="text" /></td>
        </tr>
        <tr>
            <td class="label">Bed Rooms</td>
            <td>
                <label>
                <input type="text" name="bedrooms" id="textfield5" class="text smalltextarea" />
                </label>
            </td>
            <td class="label">Bathrooms</td>
            <td><input type="text" name="bathrooms" id="textfield3" class="text" /></td>
        </tr>
        </table>
        <p></p>
        <input type="submit" value="Submit" name="submit">
    </form>
    <?php

        $minDescriptionLength = 3;
        if(isset($_POST['description'])) {
            $descr = $_POST['description'];

            if(strlen($descr) >= $minDescriptionLength) {
                $connectionConfigArr = array('host' => 'localhost', 'dbname' => 'test', 'user' => 'root', 'password' => '');
                // here we are making the database connection, 
                // first param = connection string, second param = user, third param = password
                $dbh = new PDO(
                    'mysql:host=' . $connectionConfigArr['host'] . ';dbname=' . $connectionConfigArr['dbname'], 
                    $connectionConfigArr['user'], 
                    $connectionConfigArr['password']
                );


                $bindParamArr = array();

                //since we check this one in the start i assumed it's required so we can use it in the base for the query
                $query = 'SELECT * FROM rooms WHERE `description` LIKE :descr ';

                //here for each extra field that is filled in we basicaly are going to add it to the query string
                //and we push the value to the bindParamArray which will after we added the query add the values safely to the query
                if(isset($_POST['minprice']) && $_POST['minprice']) {
                    $query .= 'AND `price` > :minprice ';
                    array_push($bindParamArr, array('field' => ':minprice', 'value' => $_POST['minprice'], 'type' => PDO::PARAM_INT));
                }
                if(isset($_POST['maxprice']) && $_POST['maxprice']) {
                    $query .= 'AND `price` < :maxprice ';
                    array_push($bindParamArr, array('field' => ':maxprice', 'value' => $_POST['maxprice'], 'type' => PDO::PARAM_INT));
                }
                if(isset($_POST['bathrooms']) && $_POST['bathrooms']) {
                    $query .= 'AND `bathrooms` = :bathrooms ';
                    array_push($bindParamArr, array('field' => ':bathrooms', 'value' => $_POST['bathrooms'], 'type' => PDO::PARAM_INT));
                }
                if(isset($_POST['bedrooms']) && $_POST['bedrooms']) {
                    $query .= 'AND `bedrooms` = :bedrooms ';
                    array_push($bindParamArr, array('field' => ':bedrooms', 'value' => $_POST['bedrooms'], 'type' => PDO::PARAM_INT));
                }

                //we still need to push the description to the array
                array_push($bindParamArr, array('field' => ':descr', 'value' => '%' . $descr . '%', 'type' => PDO::PARAM_STR));


                //here we prepare the query
                $stmt = $dbh->prepare($query);

                //here we bind the params safely
                foreach($bindParamArr as $bParam) {
                    $stmt->bindParam($bParam['field'], $bParam['value'], $bParam['type']);
                }

                $stmt->execute();

                //use this to get the amount of rows the query returned
                $rowCount = $stmt->rowCount();

                if($rowCount > 0) {
                    //we loop through the stmt fetch function which will iterate through the resultset
                    while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                        echo "<p><h3>".$row['name']."</h3>"."RM " .$row['price']."</p>"."<p>".$row['description']."</p>";
                    }
                }
                else { 
                    echo "No results";
                }
            }
            else { 
                echo "Minimum length is ".$minDescriptionLength;
            }
        }
    ?>
</body>
</html>

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2014-01-15
    • 1970-01-01
    • 2016-07-23
    • 1970-01-01
    • 2019-09-05
    • 1970-01-01
    • 2018-04-25
    相关资源
    最近更新 更多