PHP 多输入搜索

Posted 2023-03-05

【中文标题】PHP 多输入搜索

【英文标题】：PHP Multiple input search

【发布时间】：2016-02-28 07:30:17

【问题描述】：

我目前正在研究一些 php，并且我有 3 个文本输入。在 mysql 数据库中搜索这些值，并应返回与输入条件相对应的任何数量的结果。

这里是搜索表单：

<form id='SearchPersonal' method='post' action='businessUsersSearch.php' accept-charset='UTF-8'>
<fieldset >
<legend>Search</legend>

<div class='container'>
<label for='C_Name' >Business Name: </label><br/>
<input type='text' name='C_Name' id='C_Name' maxlength="50" /><br/>
<label for='C_County' >City: </label><br/>
<input type='text' name='C_County' id='C_County' maxlength="50" /><br/>
<label for='Job_Type' >Job Type: </label><br/>
<input type='text' name='Job_Type' id='Job_Type' maxlength="50" /><br/>
</div>

<div class='container'>
<input type='submit' name='Submit' value='Search' />
</div>
</fieldset>
</form>

这是它在操作中也链接的 PHP 脚本：

<?php

     $mysqli_link = mysqli_connect("server", "database", "pass", "user");
    // Check connection
    if (mysqli_connect_errno()) 
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
    

    if(isset($_POST['submit'])) 
    // define the list of fields
     $fields = array('C_Name', 'C_County', 'Job_Type');
    $conditions = array();


// loop through the defined fields
foreach($fields as $field)
    // if the field is set and not empty
    if(isset($_POST[$field]) && $_POST[$field] != '') 
        // create a new condition while escaping the value inputed by the user (SQL Injection)
        $conditions[] = "'$field' LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";



// builds the query
$query = "SELECT C_Name, C_StreetNumber, C_StreetName, C_Postcode, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Jobs.Job_Type, Jobs.Job_Price FROM Company INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID";
// if there are conditions defined
if(count($conditions) > 0) 
    // append the conditions
    $query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative


$result = mysqli_query($mysqli_link, $query) or die(mysql_error());

mysqli_close($mysqli_link);


    if(isset($_POST['submit'])) 
        while($row = mysqli_fetch_assoc($result)) 
        $C_Name = $row['C_Name'];
        $C_StreetNumber = $row['C_StreetNumber'];
        $C_StreetName = $row['C_StreetName'];
        $C_Postcode = $row['C_Postcode'];
        $C_County = $row['C_County'];
        $C_Tele = $row['C_Tele'];
        $C_Website = $row['C_Website'];
        $Contact_Forename = $row['Contact_Forename'];
        $Contact_Surname = $row['Contact_Surname'];
        $Contact_Email = $row['Contact_Email'];
        $Job_Type = $row['Job_Type'];
        $Job_Price = $row['Job_Price'];

echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>Postcode: $C_Postcode<br>County: $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email: $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<hr><br>";
        
       


?>

由于某种原因，它返回有“

文件意外结束

" 但是，当我在最后添加另一个“”时，我检查了代码并且所有代码都正确关闭（据我所知），脚本根本不返回任何内容。任何人都知道为什么这会发生吗？

来源： Search MySQL Database with Multiple Fields in a Form

【参考方案1】：

因为你忘记关闭

if(isset($_POST['submit'])) // you not close the condition

在文件末尾

只需在文件末尾添加

【讨论】：

没有发现，不知道为什么。但是现在当它运行时，它会产生将在查询中列出的所有结果，而不是我希望它显示的特定结果.. 有什么想法吗？

【参考方案2】：

固定：

if(isset($_POST['submit'])) 
// define the list of fields
    $fields = array('C_Name', 'C_City', 'Job_Type', 'Review_Rate');
    $conditions = array();
    

// builds the query
$query = "SELECT Company.C_Name, Company.C_StreetNumber, C_StreetName, C_Postcode, C_City, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Job_Type, Job_Price, Review_Rate, Review_Comment
FROM Company
INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID
INNER JOIN Review ON Jobs.Job_ID = Review.Job_ID";


// loop through the defined fields
foreach($fields as $field)
    // if the field is set and not empty
    if(isset($_POST[$field]) && !empty($_POST[$field])) 
        // create a new condition while escaping the value inputed by the user (SQL Injection)
        $conditions[] = "$field LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";
        
    


// if there are conditions defined
if(count($conditions) > 0) 
    // append the conditions
    $query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative


echo "$query";

$result = mysqli_query($mysqli_link, $query);


mysqli_close($mysqli_link);

    if(isset($_POST['submit'])) 
        while($row = mysqli_fetch_array($result)) 
        $C_Name = $row['C_Name'];
        $C_StreetNumber = $row['C_StreetNumber'];
        $C_StreetName = $row['C_StreetName'];
        $C_Postcode = $row['C_Postcode'];
    $C_City = $row['C_City'];
        $C_County = $row['C_County'];
        $C_Tele = $row['C_Tele'];
        $C_Website = $row['C_Website'];
        $Contact_Forename = $row['Contact_Forename'];
        $Contact_Surname = $row['Contact_Surname'];
        $Contact_Email = $row['Contact_Email'];
        $Job_Type = $row['Job_Type'];
        $Job_Price = $row['Job_Price'];
    $Rating = $row['Review_Rate'];
    $Comment = $row['Review_Comment'];

echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>City: $C_City<br>Postcode: $C_Postcode<br>County:     $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email:    $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<br>Rating: $Rating<br>Comment: $Comment<hr><br>";
        
       



?>