0

我想回显我想要的结果,如何进一步过滤它们?

例如, search x100 y100, 目前得到数百个结果。我需要进一步过滤这些结果,所以我只得到那些被标记为敌对、待定或友好的结果

我有以下html表单

<form action="xysearch.php" method="post">
     <label>X Coord
       <input type="text" name="x" />
      </label>
     <label>Y Coord
       <input type="text" name="y" />
      </label>
     <select name="term">
       <option value="Hostile">Hostile</option>
       <option value="Pending">Pending</option>
       <option value="Friendly">Friendly</option>
      </select>
     <input type="submit" value="Search" />
   </form>

我需要添加到搜索查询中的是一种过滤这些结果的方法,因此只显示在外交下拉列表中选择的选项

到目前为止,我的查询不起作用-我可以获得所有结果,而不仅仅是过滤的结果。

<?php

$x = $_POST['x'];
$y = $_POST['y'];
$term = $_POST['term'];

mysql_connect ("localhost","host","pass")  or die (mysql_error());
mysql_select_db ("d_base");

 $res = mysql_query("SELECT * FROM my_table WHERE (x BETWEEN $x -75 AND $x +75) AND (y BETWEEN $y -75 AND $y +75) ");
 $res2 = mysql_query("SELECT dip FROM my_table WHERE dip IN '%$term%' ORDER BY '%$term%' DESC  ");

    echo "<table border='1' align='center' cellpadding='5'>";
    echo "<tr> <th>City Name</th> <th>X</th> <th>Y</th> <th>Diplomacy</th> </tr>";

// loop through results of database query, displaying them in the table

    while($row = mysql_fetch_array( $res, $res2 )) {

// echo out the contents of each row into a table

    echo '<td>' . $row['city'] . '</td>';
    echo '<td>' . $row['x'] . '</td>';
    echo '<td>' . $row['y'] . '</td>';
    echo '<td>' . $row['dip'] . '</td>';
    echo "</tr>";

// close table>

    echo "</table>";

    }

?>

我不太确定我哪里出错了,因为我实际上可以得到结果来回显,只是过滤就是问题所在。

4

3 回答 3

0

采用:

"SELECT dip FROM my_table WHERE dip IN '%".$term."%' ORDER BY '".$term."' DESC"

或者,如果这不起作用:

"SELECT dip FROM my_table WHERE dip='".$term."' ORDER BY '".$term."' DESC"

是的,SQL 注入 :) 你很容易受到攻击。

于 2013-04-07T08:25:36.887 回答
0

我查看了mysql_fetch_array 的 PHP 定义,它似乎只接受一个结果集,所以如果我是正确的,那么您只是在遍历第一个结果集,即未过滤的结果集。

array mysql_fetch_array ( resource $result [, int $result_type = MYSQL_BOTH ] )

为什么不在单个查询中过滤结果?看起来您正在从单个表 (my_table) 中获取项目,对吗?

这是一个有效的sqlfiddle

$res = mysql_query("SELECT * FROM my_table WHERE (x BETWEEN $x -75 AND $x +75) AND (y BETWEEN $y -75 AND $y +75) AND dip REGEXP '$term' ORDER BY dip DESC");
while($row = mysql_fetch_array( $res )) {
...
}

请注意,您将通过“|”连接不同的术语 (或)运算符。

于 2013-04-07T08:29:19.253 回答
0

第一眼看到你的代码:

while($row = mysql_fetch_array( $res, $res2 )) {

不正确,因为 $res2 应该是结果类型,而不是查询的结果。

选项包括:

while($row = mysql_fetch_array( $res, MYSQL_ASSOC )) {
while($row = mysql_fetch_array( $res, MYSQL_NUM )) {
while($row = mysql_fetch_array( $res, MYSQL_BOTH )) {

我猜你正在尝试实现这样的目标:

$res = mysql_query("SELECT * FROM my_table WHERE (x BETWEEN $x -75 AND $x +75) AND  (y BETWEEN $y -75 AND $y +75) AND dip LIKE '%$term%'");

这意味着这样的代码:

<?php

$x = $_POST['x'];
$y = $_POST['y'];
$term = $_POST['term'];

mysql_connect ("localhost","host","pass")  or die (mysql_error());
mysql_select_db ("d_base");


 $res = mysql_query("SELECT * FROM my_table WHERE (x BETWEEN $x -75 AND $x +75) AND  (y BETWEEN $y -75 AND $y +75) AND dip LIKE '%$term%'");



    echo "<table border='1' align='center' cellpadding='5'>";
    echo "<tr> <th>City Name</th> <th>X</th> <th>Y</th> <th>Diplomacy</th> </tr>";

// loop through results of database query, displaying them in the table

    while($row = mysql_fetch_array( $res, MYSQL_ASSOC )) {

// echo out the contents of each row into a table

    echo '<td>' . $row['city'] . '</td>';
    echo '<td>' . $row['x'] . '</td>';
    echo '<td>' . $row['y'] . '</td>';
    echo '<td>' . $row['dip'] . '</td>';
    echo "</tr>";

// close table>

    echo "</table>";

    }

?>

为了获得更好的数据库,我认为您应该将术语存储在单独的表中并进行一些连接:

如果您决定这样做,请以类似于以下方式使用查询:

 $res = mysql_query("SELECT * FROM my_table mt LEFT JOIN terms t ON (mt.term_id = t.id) WHERE (x BETWEEN $x -75 AND $x +75) AND  (y BETWEEN $y -75 AND $y +75) AND dip LIKE '%$term%'");

另一个技巧是使用 PDO。使用 mysql_* - 函数确实并不难。在某种程度上,创建更好、更易读的代码更容易。

于 2013-04-07T09:11:00.790 回答