-1

我需要将 WHERE 子句连接到链接。这是我的代码:

<body>
<?php

function toiletPaper($input) {
    // Clean input
    return $input;
}


$username="USERNAME";
$password="PASSWORD";
$database="DATABASE";

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM searchacts";
$result=mysql_query($query);

// process form when posted 
$query = "SELECT * FROM searchacts";
$options['PriceLow'] = array("desc" => "Price (Low to High)","query" => " ORDER BY price ASC");
$options['PriceHigh'] = array("desc" => "Price (High to Low)","query" => " ORDER BY price DESC");
$options['NameAZ'] = array("desc" => "Name (A-Z)","query" => " ORDER BY name ASC");
$options['NameZA'] = array("desc" => "Name (Z-A)","query" => " ORDER BY name DESC");

$query = "SELECT * FROM searchacts";
$filter['partybands'] = array("desc" => "Party Bands","query" => " WHERE category='Party Bands'");


// Important: function name is made up
$cleanValue = toiletPaper($_REQUEST['value']);
if (array_key_exists($cleanValue, $options)) {
    $query .= $query.$options[$cleanValue];
}
$result = mysql_query($query);
$num = mysql_num_rows($result);
echo "<a href='".$_SERVER['PHP_SELF']."'>All</a>";
foreach ($options as $key => $value) {
    echo "<a href='".$_SERVER['PHP_SELF']."?value=".$key."'>".$value['desc']."</a>";

}   


?>

<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='form_filter' >  
    <select name="value">  
        <option value="all">All</option>  
        <option value="PriceLow">Price (Low to High)</option>  
        <option value="PriceHigh">Price (High to Low)</option>  
        <option value="NameAZ">Name (A-Z)</option>  
        <option value="NameZA">Name (Z-A)</option>  
    </select>  
    <br />  
    <input type='submit' value = 'Re-Order'>  
</form>

<?php
$i=0;
while ($i < $num) {

$image=mysql_result($result,$i,"image");
$name=mysql_result($result,$i,"name");
$category=mysql_result($result,$i,"category");
$description=mysql_result($result,$i,"description");
$stamps=mysql_result($result,$i,"stamps");
$stickmen=mysql_result($result,$i,"stickmen");
$price=mysql_result($result,$i,"price");
$view=mysql_result($result,$i,"view");
$actpagelink=mysql_result($result,$i,"actpagelink");


?>


<a href="<?php echo $actpagelink; ?>" class="searchitem">
<div class="searchimage"><img src="<?php echo $image; ?>"/></div>
<div class="searchtext">
  <div class="searchname"><?php echo $name; ?></div>
  <div class="searchcategory"><?php echo $category; ?></div>
  <div class="searchdescription"><?php echo $description; ?></div>
</div>
<div class="searchstamps"><img src="<?php echo $stamps; ?>" /></div>
<div class="searchstickmen"><img src="<?php echo $stickmen; ?>" /></div>
<div class="searchprice"><span class="pricefrom">from</span>&pound;<?php echo $price; ?></div>

<div class="searchview"><img src="<?php echo $view; ?>" /></div>


</a>

<?php
$i++;
}


mysql_close();
?>


</body>

所以我有我的条款:

elseif($_POST['value'] == 'partybands') {   

            $query = "SELECT * FROM searchacts
    WHERE category='Party Bands'";   
        }

我需要连接到一个链接,例如。<a href="">Party Bands</a>

我该怎么做,因为我将有很多 where 子句来过滤数据。

谢谢

4

3 回答 3

0

使用 url 参数并传入变量,然后使用这些变量来触发你想要 where 子句说的内容。

于 2013-02-25T23:21:48.637 回答
0

我建议使用关联数组in_array进行验证。

还要确保在使用输入之前对其进行消毒。

编辑2:

<body>
<?php
function toiletPaper($input) {
    // Clean input
    return $input;
}

$username="USERNAME";
$password="PASSWORD";
$database="DATABASE";

mysqli_connect("localhost",$username,$password);
@mysqli_select_db($database) or die( "Unable to select database");

// process form when posted
$query = "SELECT * FROM searchacts";
$options['partybands'] = array("desc" => "Party Bands","query" => " WHERE category='Party Bands'");
$options['PriceLow'] = array("desc" => "Price (Low to High)","query" => " ORDER BY price ASC");
$options['PriceHigh'] = array("desc" => "Price (High to Low)","query" => " ORDER BY price DESC");
$options['NameAZ'] = array("desc" => "Name (A-Z)","query" => " ORDER BY name ASC");
$options['NameZA'] = array("desc" => "Name (Z-A)","query" => " ORDER BY name DESC");

// Important: function name is made up
$cleanValue = toiletPaper($_REQUEST['value']);
if (array_key_exists($cleanValue, $options)) {
    $query .= $query.$options[$cleanValue];
}
$result = mysqli_query($query);
$num = mysqli_num_rows($result);
echo "<a href='".$_SERVER['PHP_SELF']."'>All</a>";
foreach ($options as $key => $value) {
    echo "<a href='".$_SERVER['PHP_SELF']."?value=".$key."'>".$value['desc']."</a>";
}
?>
<br />
<?php
$i=0;
while ($i < $num) {
    $image = mysqli_result($result,$i,"image");
    $name = mysqli_result($result,$i,"name");
    $category = mysqli_result($result,$i,"category");
    $description = mysqli_result($result,$i,"description");
    $stamps = mysqli_result($result,$i,"stamps");
    $stickmen = mysqli_result($result,$i,"stickmen");
    $price = mysqli_result($result,$i,"price");
    $view = mysqli_result($result,$i,"view");
    $actpagelink = mysqli_result($result,$i,"actpagelink");
?>

<a href="<?php echo $actpagelink; ?>" class="searchitem">
    <div class="searchimage"><img src="<?php echo $image; ?>"/></div>
    <div class="searchtext">
        <div class="searchname"><?php echo $name; ?></div>
        <div class="searchcategory"><?php echo $category; ?></div>
        <div class="searchdescription"><?php echo $description; ?></div>
    </div>
    <div class="searchstamps"><img src="<?php echo $stamps; ?>" /></div>
    <div class="searchstickmen"><img src="<?php echo $stickmen; ?>" /></div>
    <div class="searchprice"><span class="pricefrom">from</span>&pound;<?php echo $price; ?></div>
    <div class="searchview"><img src="<?php echo $view; ?>" /></div>
</a>

<?php
 $i++;
}
mysql_close();
?>
于 2013-02-25T23:23:29.790 回答
0

我猜你正在尝试:

http://example.com/yourscript.php?value=partybands

但是发现这行不通...

这是因为您正在寻找数组中的value变量$_POST

$_POST['value'] == 'partybands'

如果您希望能够从 POST 或 GET 中获取值,您可以使用 $_REQUEST

$_REQUEST['value'] == 'partybands'

您还需要修改最上面的条件isset()

但请认真对待其他人在此提出的关于安全性和前向兼容性的警告。

不要相信用户数据。必须消毒。最好的方法可能是通过 PDO。

于 2013-02-25T23:38:51.090 回答