0

我需要根据表单提交值获取行。

这是我的表格

<form name="choose" method "post" t" action="search.php">
    <table>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Prof</font1>
        </td>
        <td>
            <select name proffession on>
                <option value=""></option>
                <option value="doctor"><font4>Doctor</font></option>
                <option value="designer">Designer</option>
            </select>
        </td>
    </tr>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Source</font1>
        </td>
        <td>
            <select name source>
                <option value=""></option>
                <option value="x"><font4>X</font></option>
                <option value="y">Y</option>
                <option value="z">Z</option>
            </select>
        </td>
    </tr>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Location</font1>
        </td>
        <td>
            <select name location on>
                <option value=""></option>
                <option value="bangalore">Bangalore</option>
                <option value="delhi">Delhi</option>
            </select>
        </td>
    </tr>
    <tr>
        <td>
            <input name=look type=submit value=submit>
        </td>
    </tr>
</form>

如果有任何空字段提交,我需要获取不包括该列的行。这是我的 search.php

 <?php
mysql_connect("localhost","root","");//database connection
mysql_select_db("alldata");
$qry = "SELECT * FROM data WHERE location LIKE '" . mysql_escape_string($_POST['location']) . "' And proffession LIKE '" . mysql_escape_string($_POST['proffession']) . "' And source LIKE '" . mysql_escape_string($_POST['source']) . "'";

$res = mysql_query($qry);
function mysql_fetch_all($res) {
   while($row=mysql_fetch_array($res)) {
       $return[] = $row;
   }
   return $return;
}
function create_table($dataArr) {
    echo "<tr>
"; for($j = 0; $j < count($dataarr); $j++) { echo "<td>".$dataArr[$j]."
</td>
"; } echo "
</tr>
"; } $all = mysql_fetch_all($res); echo "
<table class='data_table'>
"; for($i = 0; $i < count($all); $i++) { create_table($all[$i]); } echo "</table>";
?>

但是这个脚本无法为我提供解决方案。请帮忙

4

3 回答 3

1 
 1.Correct your function mysql_fetch_all($res). There is no query
           inside the function. 

 2. Deprecated: mysql_escape_string(): This
           function is deprecated; use mysql_real_escape_string()

 3. Correct: <select name source> to: <select name="source"> and <select name location on> to <select name="location"> and <input name=look type=submit value=submit> to <input name="look" type="submit" value="submit"> and delete t" from choose form AND <form name="choose" method="post"  action="search.php">
于 2013-03-31T11:21:57.180 回答
0

首先,你不应该使用函数,看这里mysql_*的大红框。考虑改用PDOMySQLi

其次,您似乎遗漏了一些内容=,例如method="post"您可能想要检查您实际上是否正确接收了您的 POST 值var_dump($_POST)

第三,排除未提交的值,您可以基于这些构造查询字符串。就像是:

$qry = "SELECT * FROM data WHERE ";
if($_POST['location']) {
   $qry .= 'LIKE "%'. mysql_real_escape_string($_POST['location']) .'%"';
}
// etc...
于 2013-03-31T11:31:06.943 回答
0 
$qry = "SELECT * FROM data WHERE location LIKE '%" . mysql_escape_string($_POST['location']) . "%' And proffession LIKE '%" . mysql_escape_string($_POST['proffession']) . "%' And source LIKE '%" . mysql_escape_string($_POST['source']) . "%'";
于 2013-03-31T12:38:27.983 回答