0

真的希望有人可以帮助我。我正在构建一个 PHP / MySQL 搜索表单,希望它允许用户搜索我们的葡萄酒数据库并根据通过下拉菜单选择的价格范围过滤结果。

该表单可以很好地搜索并返回一个很好的准确结果列表。但它不会对结果进行价格过滤。

经过几天的搜索和试验,我已经将各种代码片段组合在一起以达到这一目标,但总的来说,PHP 对我来说仍然是一个谜。

这是我遇到的正确编码和语法。

我如何编码此处发布的 PHP 以正确集成价格范围过滤器?我怀疑我在 sql 查询中包含“pricerange”是离谱的。

  • MySQL 服务器版本:5.1.65-cll
  • 价格列类型:小数(10,2)

任何帮助将不胜感激。请检查下面的代码块。

万分感谢!

HTML

 <form  method="post" action="winesearch.php?go" id="searchform"> 
 <input  type="text" size="35" name="user-entry"/>
 <select name="pricerange" size="1" id="pricerange">
    <option value="">Price Range&nbsp;</option>
    <option value="1">$&nbsp;10 - $20</option>
    <option value="2">$&nbsp;21 - $30</option>
    <option value="3">$&nbsp;31 - $50</option>
    <option value="4">$&nbsp;51 - $75</option>
    <option value="5">$&nbsp;76 - $100</option>
    <option value="6">$101 - $200</option>
    <option value="7">$201 - Plus</option>
</select> 
<input  type="submit" name="submit" value="Wine Search"/> 
</form>

PHP

<?php

  if(isset($_POST['submit'])){
  if(isset($_GET['go'])){
  if(preg_match("/^[a-zA-Z0-9]+/", $_POST['user-entry'])){
  $cob=$_POST['user-entry'];
  $pricerange=$_POST['pricerange'];


  //connect to the database
  $db=mysql_connect  ("server", "user", "pass") or die (mysql_error());

  //-select the database to use
  $mydb=mysql_select_db("db_name");

  if($pricerange == 0) $pricerange = 1;

  switch ($pricerange) {
  case 1  :  $pricerange = " where Price BETWEEN 10.00 AND 20.00 ";  break; 
  case 2  :  $pricerange = " where Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " where Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " where Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " where Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " where Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 7  :  $pricerange = " where Price > 200.00 ";  break;           
  }

  //-query the database table
  $sql="
    SELECT  ID, 
    CSPC, 
    Country,
    Producer,
    Wine,
    Year,
    Price 
    FROM winecellar WHERE 
    CSPC LIKE '%" . $cob .  "%' 
    OR 
    Country LIKE '%" . $cob ."%'
    OR 
    Producer LIKE '%" . $cob ."%'
    OR 
    Wine LIKE '%" . $cob ."%'
    OR 
    Year LIKE '%" . $cob ."%'
    OR 
    Price LIKE '%" . $pricerange ."%'
    ";

  //-run  the query against the mysql query function
  $result=mysql_query($sql);

  //-create  while loop and loop through result set
  while($row=mysql_fetch_array($result)){
    $CSPC=$row['CSPC'];
    $Country=$row['Country'];
    $Producer=$row['Producer'];
    $Wine=$row['Wine'];
    $Year=$row['Year']; 
    $Price=$row['Price'];
    $ID=$row['ID'];

    //-display the result of the array
echo  "<ul>\n";
echo  "<li>" . $CSPC . "</li>\n";
echo  "<li>" . $Country . "</li>\n";
echo  "<li>" . $Producer . "</li>\n";
echo  "<li>" . $Wine . "</li>\n";
echo  "<li>" . $Year . "</li>\n";
echo  "<li>" . "<a href=" . $Price .  ">" . "$" . $Price . "</a></li>\n";

echo  "</ul>";
  }
  }
  else{
  echo  "<p>Please enter a search query</p>";
  }
  }
  }
?>
4

3 回答 3

1

在将查询放在一起之前,您一直都在做。您不需要以下语句中的“位置”,因为您已经在下面构建的查询中拥有它。

switch ($pricerange) {
  case 1  :  $pricerange = " Price BETWEEN 10.00 AND 20.00 ";  break; 
  case 2  :  $pricerange = " Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 6  :  $pricerange = " Price > 200.00 ";  break;           
}

OR 
Price LIKE '%" . $pricerange ."%'

应该

OR ". $pricerange ."

因为您已经在构建 between 语句。

于 2012-12-06T16:47:54.913 回答
1

我会在运行之前回显您的 sql 查询,这样您就可以看到它的样子。但似乎价格范围部分的 SQL 部分是错误的。现在它看起来像这样:

OR Price LIKE '% where price BETWEEN 10.00 AND 20.00 %'

我想你会希望它看起来像:

OR PRICE BETWEEN 10.00 AND 20.00

你想让它成为“或”还是“和”?

于 2012-12-06T16:48:44.587 回答
0 
<?php

  if(isset($_POST['submit'])){
  if(isset($_GET['go'])){
   // improved the filter to support space and -
   // Also closed critical security breache (SQL-injection)
  if(preg_match("/^[a-zA-Z0-9 -]+$/", $_POST['user-entry'])){
  $cob=$_POST['user-entry'];
  $pricerange=$_POST['pricerange'];


  //connect to the database
  $db=mysql_connect  ("server", "user", "pass") or die (mysql_error());

  //-select the database to use
  $mydb=mysql_select_db("db_name");

  switch ($pricerange) {
  case 2  :  $pricerange = " AND Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " AND Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " AND Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " AND Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " AND Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 7  :  $pricerange = " AND Price > 200.00 ";  break;
  default :  $pricerange = " AND Price BETWEEN 10.00 AND 20.00 "; // covers all other cases
  }

  //-query the database table
  $sql="
    SELECT  ID, 
    CSPC, 
    Country,
    Producer,
    Wine,
    Year,
    Price 
    FROM winecellar WHERE 
    (CSPC LIKE '%" . $cob .  "%' 
    OR 
    Country LIKE '%" . $cob ."%'
    OR 
    Producer LIKE '%" . $cob ."%'
    OR 
    Wine LIKE '%" . $cob ."%'
    OR 
    Year LIKE '%" . $cob ."%')
    " . $pricerange;

  //-run  the query against the mysql query function
  $result=mysql_query($sql);

  //-create  while loop and loop through result set
  while($row=mysql_fetch_array($result)){
    $CSPC=$row['CSPC'];
    $Country=$row['Country'];
    $Producer=$row['Producer'];
    $Wine=$row['Wine'];
    $Year=$row['Year']; 
    $Price=$row['Price'];
    $ID=$row['ID'];

    //-display the result of the array
echo  "<ul>\n";
echo  "<li>" . $CSPC . "</li>\n";
echo  "<li>" . $Country . "</li>\n";
echo  "<li>" . $Producer . "</li>\n";
echo  "<li>" . $Wine . "</li>\n";
echo  "<li>" . $Year . "</li>\n";
echo  "<li>" . "<a href=" . $Price .  ">" . "$" . $Price . "</a></li>\n";

echo  "</ul>";
  }
  }
  else{
  echo  "<p>Please enter a search query</p>";
  }
  }
  }
?>
于 2012-12-06T16:45:10.097 回答