用php和javascript下拉菜单查询mysql

bnl4lu3b  于 2021-06-24  发布在  Mysql
关注(0)|答案(2)|浏览(317)

我已经找了好几天了,但还没有找到解决问题的办法。我正在编写一些php来查询我在wamp服务器上设置的mysql数据库。我也在学习php和htmljavascript,所以这两种语言的语法对我来说还是有点陌生。
我的目标是用java编写一个下拉选择框,允许用户选择要应用于选择查询的过滤器,如下所示:

SELECT * from exampletable WHERE header = "selected_option"

其中,“exampletable”是sql数据库中现有的表,“header”是该表中的一列,“selected option”是用户从下拉列表中的选择。
我尝试过使用调用包含sql查询的php文件的操作编写各种html表单 $_POST 超全球化,但似乎什么都不管用。任何解决方案的建议和例子都将是惊人的。
谢谢!
index.php(index.php是用户界面的前端)

<!DOCTYPE HTML>
<html>
<form action="search.php" method="post">
    <select name="family">
            <option value="" selected="selected">Any family</option>
                <option value="capacitory">capacitor</option>
                <option value="resistor">resistor</option>
                <option value="ferrite bead">ferrite bead</option>
    </select>
    <input name="search" type="submit" value="Search>
</form>
</html>

search.php(search.php接收所选选项值并将其传递到mysql查询)

<!DOCTYPE HTML>
<html>
<head>
<style>
table {
    width: 100%;
    border-collapse: collapse;
}

table, td, th {
    border: 1px solid black;
    padding: 5px;
}

th {text-align: left;}
</style>
</head>

<body>
<?php

$con = mysqli_connect('localhost','root','kelly188','mysql');
mysqli_select_db($con,"testv2");

$varfam = $_POST['family'];

$query = "SELECT * FROM testv2 WHERE (family = $varfam)";

$result = mysqli_query($query);

if($result)
{
while ($row=mysql_fetch_array($result)){
echo "<tr>";
echo "<td>".$row['family']."</td>";
}
} else {
die(mysqli_error());
}
?>
</body>
</html>

a64a0gku

a64a0gku1#

索引.php

<form action="search.php" method="post">
<select name="family">
            <option value="" selected="selected">Any family</option>
            <option value="capacitory">capacitor</option>
            <option value="resistor">resistor</option>
            <option value="ferrite bead">ferrite bead</option>
</select>
<input name="search" type="submit" value="Search"/>
</form>

搜索.php

<?php
//////////////////////////////////
// Connect to database using PDO
$servername = "localhost"; 
$username = "test";
$password = "";
$dbname = "test_db";
$db_conn = new PDO("mysql:host=$servername;dbname=$dbname", $username,$password);
// End of database connection
////////////////////////////////////

if(isset($_POST['search']))
{
$family = $_POST['family'];
if(empty($_POST['family']))
{
$stmt = $db_conn->prepare("SELECT * FROM testv2");
$stmt->execute();
//we get the data
while($data = $stmt->fetch(PDO::FETCH_ASSOC))
{
echo $data['family'];
echo "<hr>";    
}   
}
else
{   
$stmt = $db_conn->prepare("SELECT * FROM testv2 WHERE family = :family");
$stmt ->bindParam(':family', $family);
$stmt->execute();
//we get the data
while($data = $stmt->fetch(PDO::FETCH_ASSOC))
{
echo $data['family'];
echo "<hr>";    
}
}
}
?>
fdx2calv

fdx2calv2#

应该使用准备好的语句来防止sql注入。mysql\u fetch\u array函数已从最新版本的php中删除。更像下面这样的东西会更理想。

if ($stmt = $con->prepare("SELECT * FROM testv2 WHERE (family = ?)")) {

    $stmt->bind_param("s",  $_POST['family']);
    $stmt->execute();

    $result = $stmt->get_result();

    while ($row = $result->fetch_assoc()) {

        echo "<tr>";
        echo "<td>".htmlentities($row['family'])."</td>";
        echo "</tr>";

    }   

    $stmt->close();
}

请参阅php文档:http://php.net/manual/en/mysqli.prepare.php

相关问题