0

我正在尝试找出如何使用表单中的一个文本字段来搜索数据库表中的任何列。

现在它只是在我的名为 stock 的数据库表的 sn 列中搜索。我需要它来搜索列名 sn 或用户或状态。

因此,如果您输入序列号并发布表格,它将搜索我的数据库并毫无问题地返回结果。但我希望能够输入用户的姓名或状态并以这种方式搜索我的数据库。所以我在想一些如何用单选按钮动态更改 Input name="" 以将值更改为 Input name="sn" 或 Input name="user" 或 Input name="status" 但我不确定怎么做。我一直在阅读其他人用 Javascript 或 JQuery 说的话。我真的很感激任何帮助。谢谢!

我的记录集只能查询 sn 列。我确定我也需要更改此设置,但我不确定如何更改。

表格

<form id="form1" name="form1" method="get" action="search.php">
<label>
<input type="radio" name="RadioGroup1" value="sn" id="RadioGroup1_0" />
sn</label><br />
<label>
<input type="radio" name="RadioGroup1" value="user" id="RadioGroup1_1" />
User</label>
<br />
<label>
<input type="radio" name="RadioGroup1" value="status" id="RadioGroup1_2" />
Staus</label>
<br />
</p>
<label for="sn"> Search :</label>
<input name="sn" type="text" id="sn" size="25" />
<input name="submit" type="submit" value="submit" />
</form>

SQL

SELECT *
    FROM stock
    WHERE sn = colname
    ORDER BY `datetime` DES

php

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",             $theNotDefinedValue = "") 
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string    ($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;    
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$maxRows_Recordset567 = 10;
$pageNum_Recordset567 = 0;
if (isset($_GET['pageNum_Recordset567'])) {
$pageNum_Recordset567 = $_GET['pageNum_Recordset567'];
}
$startRow_Recordset567 = $pageNum_Recordset567 * $maxRows_Recordset567;

$colname_Recordset567 = "-1";
if (isset($_GET['sn'])) {
$colname_Recordset567 = $_GET['sn'];
}
mysql_select_db($database_stock, $stock);
$query_Recordset567 = sprintf("SELECT * FROM stock WHERE sn = %s ORDER BY  `datetime`  DESC", GetSQLValueString($colname_Recordset567, "text"));
$query_limit_Recordset567 = sprintf("%s LIMIT %d, %d", $query_Recordset567,    $startRow_Recordset567, $maxRows_Recordset567);
$Recordset567 = mysql_query($query_limit_Recordset567, $stock) or die(mysql_error());
$row_Recordset567 = mysql_fetch_assoc($Recordset567);

if (isset($_GET['totalRows_Recordset567'])) {
$totalRows_Recordset567 = $_GET['totalRows_Recordset567'];
} else {
$all_Recordset567 = mysql_query($query_Recordset567);
$totalRows_Recordset567 = mysql_num_rows($all_Recordset567);
}
$totalPages_Recordset567 = ceil($totalRows_Recordset567/$maxRows_Recordset567)-1;
?>
4

2 回答 2

1

单选按钮是个好主意...确保它们都具有相同的名称。然后用php来识别哪个值属于哪个动作。确保保护输入中的所有数据。您还可以使用 mysql 术语 OR 一次在不同的列中进行搜索。这是你的 php:

$radioVal = $_POST['radiobtnVal'];
switch $radioVal{
    case 1 :
        $col = "sn";    //don't directly write to the variable here, since that would make a security risk
        break;
    case 2 :
        $col = "user";
        break;
    case 3 :
        $col = "status";
        break;
}

//now make connection to your database
$search = mysqli_real_escape_string($db,$_POST['searchString']);    //This will secure your input from mysql injections
//$db is the variable you made during connection with your database
$result = mysqli_query($db,"SELECT * FROM `Stock` WHERE `" . $col . "`='" . $search . "'");

//or use the mentioned OR term
$result = mysqli_query($db,"SELECT * FROM `Stock` WHERE `sn`='" . $search . "' OR `user`='" . $search . "' OR `status`='" . $search . "'");
//Note that if some search strings are in multiple columns all these rows will be selected

我希望这有帮助

于 2013-11-06T18:32:29.433 回答
0

这是一种基本的方法,它具有良好的用户体验。试试这个解决方案。

形式

<Form action="search.php" method="post">
    <label>Serial</label>
    <input name='search' type='text' size='25'/>
    <button type='submit'>Search</button>
</form>

PHP

<?php
$search = $_POST['search'];
$searchColumns = array();
//Will add Serial Number if # was found on search
if(!(strpos("#",$search)===FALSE)){
    $searchColumns[] = "sn = '{$search}'";
}
//Will add Status to select if there is no spaces in search.
if(count(explode(" ",$search))==1){
    $searchColumns[] = "status = '{$search}'";
}
//Will add user to select if its not a Serial search
//And if its has more than 5 chars (change it to your min char username)
if(strpos("#",$search)===FALSE && strlen($search) > 5){
    $searchColumns[] = "user = '{$search}'";
}

$sql = "
SELECT *
  FROM stock
 WHERE ".(implode(" AND ",$searchColumns))."
 ORDER BY datetime DES";

?>
于 2013-11-06T19:56:02.633 回答