0

所以我在服务器上有一个表格,可以保存用户输入的帖子。在您可以查看它们的最后一页上,您可以选择查看每个人的结果,或者选择只查看特定天气。选择某些天气部分正在工作,但如果您选择“全部”选项,它不会显示任何内容。任何想法是为什么?

View Posts 
<br>
<form method="get" action="view_forum.php">
    <label>Select Weather to Filter </label><br />
    <select name="weather">
        <option value="all">all</option>
        <option value="cloudy">Cloudy</option>
        <option value="sunny">Sunny</option>
        <option value="windy">Windy</option>
        <option value="snowy">Snowy</option>
        <option value="mixy">Wintery Mix</option>
        <option value="rainy">Rainy</option>
    </select>
    <input type="submit" value="view" />
</form>

<div id="view">
    <center><img src="images/forum.png" width="589" height="97"></center>
</div>  

<div id="white">
    <div id="blue">
        <div id="grey">
            <div id="container">        
<?php

    $dbc = mysql_connect('html','user','password','database');
    mysql_select_db('database',$dbc);

    $weather = sanitize( $_GET["weather"] ); // keep your input clean

    if ( $weather == "all" ) {
        $sql = "SELECT * FROM stories ORDER BY id DESC";
    } else {
        $sql = "SELECT * FROM stories WHERE weather = '$weather' ORDER BY id DESC";
    }

    while( $row = mysql_fetch_array($result, MYSQL_ASSOC) ) {
        echo "<div class=\"names\"> {$row['name']}<br /></div>";
        echo "<div class=\"weathers\">{$row['weather']}<br /></div>";
        echo "<div class=\"stories\">{$row['story']}<br /></div>";
        echo "<img src=\"images/line.png\" width='800' height='3'>";
        echo "<br />";  
    }
?>
            </div>
        </div>
    </div>
</div>
4

2 回答 2

1

WHERE如果选择“全部”,则需要完全删除该子句。

$weather = mysql_real_escape_string( $_GET["weather"] ); // keep your input clean

if ( $weather == "all" ) {
  $sql = "SELECT * FROM stories ORDER BY id DESC";
} else {
  $sql = "SELECT * FROM stories WHERE weather = '$weather' ORDER BY id DESC";
}

$result = mysql_query( $sql ) or die( mysql_error() );

while ( $row = mysql_fetch_assoc( $result ) ) {
  /* Echo results */
}
于 2012-05-03T03:46:10.827 回答
0

您应该真正注意 sql 注入,如果可能,请转到 mysqli_preparePDO 准备 查询。

但是你的主要问题是你做一个查询all,除非你有天气叫它all不会找到它。

解决方案是检查该all选项并根据该选项更改查询。

此外,如果$_GET['weather']未设置您需要默认值,我怀疑您也关闭了错误报告并且它没有抛出通知:未定义错误。

<?php 
if(isset($_GET['weather'])){
    $_GET['weather']=mysql_real_escape_string($_GET['weather']);
    //All
    if($_GET['weather'] == 'all'){
        $sql = "SELECT * from stories ORDER BY id DESC";
    }else{
        //Specific
        $sql = "SELECT * from stories WHERE weather='{$_GET['weather']}' ORDER BY id DESC";
    }
}else{
    //Default
    $sql = "SELECT * from stories ORDER BY id DESC";
}
?>

更新(完整代码,带有修复):

<?php 
$dbc=mysql_connect('html','user','password','database') or die(mysql_error());
mysql_select_db('database',$dbc) or die(mysql_error());
?>

View Posts <br>
<form method="get" action="view_forum.php">
  <label>Select Weather to Filter </label><br />
  <select name="weather">
    <option value="all">all</option>
    <option value="cloudy">Cloudy</option>
    <option value="sunny">Sunny</option>
    <option value="windy">Windy</option>
    <option value="snowy">Snowy</option>
    <option value="mixy">Wintery Mix</option>
    <option value="rainy">Rainy</option>
  </select>
  <input type="submit" value="view" />
</form>

<div id="view">
 <center><img src="images/forum.png" width="589" height="97"></center>
</div>  
  <div id="white">
    <div id="blue">
      <div id="grey">
       <div id="container">
<?php
if(isset($_GET['weather'])){
$_GET['weather']=mysql_real_escape_string($_GET['weather']);
    //All
    if($_GET['weather'] == 'all'){
        $sql = "SELECT `name`,`weather`,`story`
                FROM stories 
                ORDER BY id DESC";
    }else{
        //Specific
        $sql = "SELECT `name`,`weather`,`story`
                FROM stories 
                WHERE weather='{$_GET['weather']}' 
                ORDER BY id DESC";
    }
}else{
    //Default
    $sql = "SELECT `name`,`weather`,`story`
            FROM stories 
            ORDER BY id DESC";
}

$result = mysql_query($sql);

if(mysql_num_rows($result)>0){
    while($row=mysql_fetch_assoc($result)){
        echo "<div class=\"names\"> {$row['name']}<br /></div>";
        echo "<div class=\"weathers\">{$row['weather']}<br /></div>";
        echo "<div class=\"stories\">{$row['story']}<br /></div>";
        echo "<img src=\"images/line.png\" width='800' height='3'>";
        echo "<br />";
    }
}else{
    echo 'No results';
}
?>
</div>
</div>
</div>
</div>
于 2012-05-03T03:47:56.703 回答