2

我试图弄清楚如何制作一个更改查询示例(HTML)的表单

<form action="change.php" method="POST" name="Update">
<table>
  <tr>
    <td>
      <input type="text" value="Enter New Criteria" name="where" >
      <input type="text" value="Enter New Criteria" name="where2" >
    </td>
  </tr>
  <tr>
    <td align="center" style="font-family:Calibri">
    <input type="submit"  value="Search"/>
  </tr>
</table>

SQL 查询

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE **'%CHANGE VALUE HERE%'**
          OR order_number LIKE **'%CHANGE VALUE HERE%'**

我将如何去做,我是一个完整的菜鸟,但我正在努力。我尝试了搜索,但也许我没有使用正确的关键词。

4

2 回答 2

1

使用$_POST['where']$_POST['where2']代替%CHANGE VALUE HERE%。更多信息: http: //php.net/manual/en/reserved.variables.post.php

例如:

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '$_POST[where]'
          OR order_number LIKE '$_POST[where2]')";

当你让它工作时,阅读一下 SQL 注入: http: //php.net/manual/en/security.database.sql-injection.php

于 2013-08-22T14:48:31.270 回答
0

尝试:

$where = $_POST['where'];
$where2 = $_POST['where2'];

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '%whereParameter%'
          OR order_number LIKE '%where2Partameter%'"

$Query = str_replace("whereParameter", $where, $QueryTemplate);
$Query = str_replace("where2Parameter", $where2, $QueryTemplate);
于 2013-08-22T15:04:23.573 回答