【发布时间】:2019-11-16 08:40:51
【问题描述】:
这是我的数据库表的图片 -> MySQL-Table
我正在尝试创建一个带有下拉选择器的搜索页面,以过滤最后 8 列中的每一列。 我希望下拉选择器能够选择多个条目(我已经有这个工作了) 我还希望他们从已经输入到我的表列中的数据中预加载值。 (我也在教程的帮助下完成了这个工作......虽然我承认我不完全理解这部分是如何工作的)
使用这些教程,我创建了一个 php 页面,其中包含 8 个下拉选择器,它们会自动从各自的列中提取值。我希望能够使用所有(或部分)这些列过滤器从我的表中过滤结果。 例如...假设我想显示属于 Genre=Metal、AND KeySig=E minor、AND Tempo=Fast 的所有条目... 我可能会使用 mysql 命令,例如 mysql> SELECT id, NameUrl, Genre, KeySig, TimeSig, Tempo, Tuning, EntType, Recording, RecYear FROM test_table WHERE Genre = 'Metal' AND KeySig = 'E minor' AND Tempo = 'Fast';
基本上我正在尝试通过 php 网页做同样的事情。 使用我现在拥有的代码,只有我的第一个下拉选择器“流派”实际上可以过滤任何内容。其余的过滤器就在那里.. 他们还没有设置做任何事情。我需要帮助从剩余的下拉菜单中提取 $_POST 请求,并提出代码,该代码将通过 AND 运算符使用多个变量过滤我的列。
我希望这是有道理的...我不太喜欢电脑...更多的是音乐家。将此构建为帮助我完成写作工作流程的工具。 希望有人可以提供帮助 - 谢谢
DBController.php
<?php
class DBController {
private $host = "localhost";
private $user = "root";
private $password = "password";
private $database = "test";
private $conn;
function __construct() {
$this->conn = $this->connectDB();
}
function connectDB() {
$conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
return $conn;
}
function runQuery($query) {
$result = mysqli_query($this->conn,$query);
while($row=mysqli_fetch_assoc($result)) {
$resultset[] = $row;
}
if(!empty($resultset))
return $resultset;
}
}
?>
testsearch.php
<?php
include 'DBController.php';
$db_handle = new DBController();
$GenreResult = $db_handle->runQuery("SELECT DISTINCT Genre FROM test_table ORDER BY Genre ASC");
$TempoResult = $db_handle->runQuery("SELECT DISTINCT Tempo FROM test_table ORDER BY Tempo ASC");
$KeySigResult = $db_handle->runQuery("SELECT DISTINCT KeySig FROM test_table ORDER BY KeySig ASC");
$TimeSigResult = $db_handle->runQuery("SELECT DISTINCT TimeSig FROM test_table ORDER BY TimeSig ASC");
$TuningResult = $db_handle->runQuery("SELECT DISTINCT Tuning FROM test_table ORDER BY Tuning ASC");
$EntTypeResult = $db_handle->runQuery("SELECT DISTINCT EntType FROM test_table ORDER BY EntType ASC");
$RecordingResult = $db_handle->runQuery("SELECT DISTINCT Recording FROM test_table ORDER BY Recording ASC");
$RecYearResult = $db_handle->runQuery("SELECT DISTINCT RecYear FROM test_table ORDER BY RecYear ASC");
?>
<html>
<head>
<link href="style.css" type="text/css" rel="stylesheet" />
<title>Riff Bank - Search & Upload</title>
</head>
<body>
<h2>Riff Bank - Search & Upload</h2>
<form method="POST" name="Genre" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="Genre[]" multiple="multiple">
<option value="0" selected="selected">Select Genre</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($GenreResult)) {
foreach ($GenreResult as $key => $value) {
echo '<option value="' . $GenreResult[$key]['Genre'] . '">' . $GenreResult[$key]['Genre'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="KeySig[]" multiple="multiple">
<option value="0" selected="selected">Select Key</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($KeySigResult)) {
foreach ($KeySigResult as $key => $value) {
echo '<option value="' . $KeySigResult[$key]['Tempo'] . '">' . $KeySigResult[$key]['KeySig'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="TimeSig[]" multiple="multiple">
<option value="0" selected="selected">Select TIme Signature</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($TimeSigResult)) {
foreach ($TimeSigResult as $key => $value) {
echo '<option value="' . $TimeSigResult[$key]['TimeSig'] . '">' . $TimeSigResult[$key]['TimeSig'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="index.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="Tempo[]" multiple="multiple">
<option value="0" selected="selected">Select Tempo</option>
<form method="POST" name="search" action="index.php">
<?php
if (! empty($TempoResult)) {
foreach ($TempoResult as $key => $value) {
echo '<option value="' . $TempoResult[$key]['Tempo'] . '">' . $TempoResult[$key]['Tempo'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="Tuning[]" multiple="multiple">
<option value="0" selected="selected">Select Tuning</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($TuningResult)) {
foreach ($TuningResult as $key => $value) {
echo '<option value="' . $TuningResult[$key]['Tuning'] . '">' . $TuningResult[$key]['Tuning'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="EntType[]" multiple="multiple">
<option value="0" selected="selected">Select Entry Type</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($EntTypeResult)) {
foreach ($EntTypeResult as $key => $value) {
echo '<option value="' . $EntTypeResult[$key]['EntType'] . '">' . $EntTypeResult[$key]['EntType'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="testsearch.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="Recording[]" multiple="multiple">
<option value="0" selected="selected">Select Recording Type</option>
<form method="POST" name="search" action="testsearch.php">
<?php
if (! empty($RecordingResult)) {
foreach ($RecordingResult as $key => $value) {
echo '<option value="' . $RecordingResult[$key]['Recording'] . '">' . $RecordingResult[$key]['Recording'] . '</option>';
}
}
?>
</select><br> <br>
<form method="POST" name="search" action="index.php">
<div id="demo-grid">
<div class="search-box">
<select id="Place" name="RecYear[]" multiple="multiple">
<option value="0" selected="selected">Select Year</option>
<form method="POST" name="search" action="index.php">
<?php
if (! empty($RecYearResult)) {
foreach ($RecYearResult as $key => $value) {
echo '<option value="' . $RecYearResult[$key]['RecYear'] . '">' . $RecYearResult[$key]['RecYear'] . '</option>';
}
}
?>
</select><br> <br>
<button id="Filter">Search</button>
</div>
<?php
if (! empty($_POST['Genre'])) {
?>
<table cellpadding="10" cellspacing="1">
<thead>
<tr>
<th><strong>id</strong></th>
<th><strong>Name</strong></th>
<th><strong>Genre</strong></th>
<th><strong>Key</strong></th>
<th><strong>Time Sig</strong></th>
<th><strong>Tempo</strong></th>
<th><strong>Tuning</strong></th>
<th><strong>Type</strong></th>
<th><strong>Recording</strong></th>
<th><strong>Year</strong></th>
</tr>
</thead>
<tbody>
<?php
$query = "SELECT * from test_table";
$i = 0;
$selectedOptionCount = count($_POST['Genre']);
$selectedOption = "";
while ($i < $selectedOptionCount) {
$selectedOption = $selectedOption . "'" . $_POST['Genre'][$i] . "'";
if ($i < $selectedOptionCount - 1) {
$selectedOption = $selectedOption . ", ";
}
$i ++;
}
$query = $query . " WHERE Genre in (" . $selectedOption . ")";
$result = $db_handle->runQuery($query);
}
if (! empty($result)) {
foreach ($result as $key => $value) {
?>
<tr>
<td><div class="col" id="user_data_1"><?php echo $result[$key]['id']; ?></div></td>
<td><div class="col" id="user_data_2"><?php echo $result[$key]['NameUrl']; ?> </div></td>
<td><div class="col" id="user_data_3"><?php echo $result[$key]['Genre']; ?> </div></td>
<td><div class="col" id="user_data_4"><?php echo $result[$key]['KeySig']; ?> </div></td>
<td><div class="col" id="user_data_5"><?php echo $result[$key]['TimeSig']; ?> </div></td>
<td><div class="col" id="user_data_6"><?php echo $result[$key]['Tempo']; ?> </div></td>
<td><div class="col" id="user_data_7"><?php echo $result[$key]['Tuning']; ?> </div></td>
<td><div class="col" id="user_data_8"><?php echo $result[$key]['EntType']; ?> </div></td>
<td><div class="col" id="user_data_9"><?php echo $result[$key]['Recording']; ?> </div></td>
<td><div class="col" id="user_data_10"><?php echo $result[$key]['RecYear']; ?> </div></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php
}
?>
</div>
</form>
</body>
</html>
</div>
</form>
</body>
</html>
ADAM 更新:DBController.php ... 像这样??
<?php
class DBController {
public $host = "localhost";
public $user = "root";
public $password = "password";
public $database = "test";
public $conn;
function __construct() {
$this->conn = $this->connectDB();
}
function connectDB() {
$conn = mysqli_connect($this->host,$this->user,$this-
>password,$this->database);
return $conn;
$stmt = $db_handle->conn->prepare($query);
}
function runQuery($query) {
$result = mysqli_query($this->conn,$query);
while($row=mysqli_fetch_assoc($result)) {
$resultset[] = $row;
}
if(!empty($resultset))
return $resultset;
}
}
?>
【问题讨论】:
-
您的代码易受 SQL 注入攻击。您应该使用准备好的语句。