0

我在这段代码中遇到了麻烦,如果用户从选择下拉菜单中选择了“全部显示”,我只想从表行中获取所有数据。

这是选择菜单!

所以,这个菜单从这个表中获取数据,但是如果他选择全部,那么在选项值之间回显的合适代码是什么:)

<b>speciality:</b>  <select id="main_mav" name="speciality">
<option value="none">Select speciality:</option>
<option value=""> All specialities </option>
<?php

        $result = mysql_query('SELECT speciality FROM visits') or die(mysql_error());
        while ($row = mysql_fetch_assoc($result)) {
                echo '<option value="'.$row['speciality'].'">'.$row['speciality'].'</option>';
        }
?>
</select><br />

那是提交表格!

if ($region=="All regions" ){


              $region=$_POST['""'];  
            }
            else ( $region=$_POST['region']);

            $date1 =$_POST['from_date'];
            $date2 = $_POST['to_date'];
            $product=$_POST['product'];
            $speciality=$_POST['speciality'];
            $type=$_POST['visit_type'];

sql="SELECT id, customer_name, seller_1_name, seller_2_name FROM visits Where (speciality ='$speciality') AND (visit_type ='$type') AND (product ='$product') AND (region ='$region') AND (visit_date BETWEEN '$date1' AND '$date2')";
$result=mysql_query($sql); ## This line is new.
$num=mysql_numrows($result);
$row = mysql_fetch_array($result);

如果用户选择“在下拉菜单中显示全部”,输入的正确代码是什么?!

4

2 回答 2

2

You really need to sanitize your inputs, at least with mysql_real_escape_string!

On to your actual question: just check if $speciality is empty, and generate a different query without the (speciality ='$speciality') condition.

于 2012-05-11T23:07:55.870 回答
0

由于您的 HTML 引用了“专业”,而您的 PHP 引用了“区域”,我将坚持使用“区域”,但这是我的想法。

    if ($region=="All regions" ){
        $sql = 'SELECT id, customer_name, seller_1_name, seller_2_name, FROM visits';
    } else {
        $region     = mysql_real_escape_string($_POST['region']);
        $date1      = mysql_real_escape_string($_POST['from_date']);
        $date2      = mysql_real_escape_string($_POST['to_date']);
        $product    = mysql_real_escape_string($_POST['product']);
        $speciality = mysql_real_escape_string($_POST['speciality']);
        $type       = mysql_real_escape_string($_POST['visit_type']);
        $sql        = "SELECT id, customer_name, seller_1_name, seller_2_name FROM visits Where (speciality ='$speciality') AND (visit_type ='$type') AND (product ='$product') AND (region ='$region') AND (visit_date BETWEEN '$date1' AND '$date2')";
    }

$result = mysql_query($sql); ## This line is new.
$num    = mysql_numrows($result);
$row    = mysql_fetch_array($result);
于 2012-05-11T23:10:59.740 回答