1. 首页
  2. 问答
  3. 使用SELECT进行排序下拉asc desc连接数据库

使用SELECT进行排序下拉asc desc连接数据库

2017-06-18 82 views
1

我想创建一个下拉列表来显示我的网络浏览器上来自我的数据库的“特殊”车辆。我希望他们按照asc的价格顺序显示desc。我有列表的编码,但由于某种原因,当你点击显示结果时,它不起作用。我错过了什么?使用SELECT进行排序下拉asc desc连接数据库

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' > 
 
<select name="sort"> 
 
<option value="ASC">Ascending</option> 
 
<option value="DESC">Descending</option> 
 
</select> 
 
<input type="submit" name="update" value= "Display results"> 
 
\t </form> 
 

 
<?php 
 
// set initial value for variables to avoid errors the first time the page runs 
 
$sort_name = "ASC"; 
 
$price="price"; 
 
// check to see if the form value has been set and if so return the value 
 
if(isset($_POST['sort'])) { 
 
// set the variable to the value selected from the dropdown - either ASC or DESC 
 
$sort_name = $_POST['sort']; 
 
} 
 

 
// create the query inserting the value for the sort order with the variable $sort_name 
 
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC"; 
 
$results = mysqli_query($conn, $query); 
 
if(!$results) { 
 
echo ("Query error: " . mysqli_error($conn)); 
 
} 
 
else { 
 
// fetch and display results 
 
while ($row = mysqli_fetch_array($results)) { 
 
echo "<p>VIN_#: $row[vin]</p> "; \t 
 
echo "<p>Stock Number: $row[stockno]</p> "; 
 
echo "<p>Manufacturer Number: $row[man_num]</p>"; 
 
echo "<p>Model: $row[model]</p>"; 
 
echo "<p>Colour: $row[col_id]</p>"; 
 
echo "<p>Year: $row[year]</p>"; 
 
echo "<p>Price: $row[price]</p>"; 
 
echo "<p>Kilometres: $row[kms] </p>"; 
 
echo "<p>Registration: $row[rego] </p>"; 
 
echo "<p>Cylinders: $row[cylinders] </p>"; 
 
echo "<p>Fuel: $row[fuel] </p>"; 
 
echo "<p>Transmission: $row[transmission] </p>"; 
 
echo "<p>Category Id: $row[cat_id] </p>"; 
 
echo "<p>Vehicle on Special (yes/no): $row[special] </p>"; 
 
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>"; 
 
echo '<img src="'.$row[vehicle_image] . "\" >"; 
 
} 
 
} 
 
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC"; 
 
$results = mysqli_query($conn, $query); 
 
if(!$results) { 
 
echo ("Query error: " . mysqli_error($conn)); 
 
} 
 
else { 
 
// fetch and display results 
 
while ($row = mysqli_fetch_array($results)) { 
 
echo "<p>VIN_#: $row[vin]</p> "; \t 
 
echo "<p>Stock Number: $row[stockno]</p> "; 
 
echo "<p>Manufacturer Number: $row[man_num]</p>"; 
 
echo "<p>Model: $row[model]</p>"; 
 
echo "<p>Colour: $row[col_id]</p>"; 
 
echo "<p>Year: $row[year]</p>"; 
 
echo "<p>Price: $row[price]</p>"; 
 
echo "<p>Kilometres: $row[kms] </p>"; 
 
echo "<p>Registration: $row[rego] </p>"; 
 
echo "<p>Cylinders: $row[cylinders] </p>"; 
 
echo "<p>Fuel: $row[fuel] </p>"; 
 
echo "<p>Transmission: $row[transmission] </p>"; 
 
echo "<p>Category Id: $row[cat_id] </p>"; 
 
echo "<p>Vehicle on Special (yes/no): $row[special] </p>"; 
 
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>"; 
 
echo '<img src="'.$row[vehicle_image] . "\" >"; 
 
} 
 
} 
 
?>

我已经在我的编码

连接到我的数据库早些时候任何想法将是巨大的

来源

2017-06-18 Taylor

+0

上述代码出现任何错误? –

回答

0

SQL语句目前排序ASC,并且刚性类型,尝试代替使用通过表单提交发送的值

$sql="SELECT * FROM vehicle WHERE special='yes'ORDER BY {$price} {$_POST['sort']}";

的代码却容易受到SQL注入,所以你会更好看使用预处理语句

您发布的代码有一些错误 - 在HTML输出需要加引号,否则PHP会认为你是每个字段使用constants并会抛出一个错误。图像不正确使用单引号和双引号。

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' > 
    <select name="sort"> 
     <option value="ASC">Ascending</option> 
     <option value="DESC">Descending</option> 
    </select> 
    <input type="submit" name="update" value= "Display results"> 
</form> 


<?php 
    if($_SERVER['REQUEST_METHOD']=='POST'){ 

     $sort_name = isset($_POST['sort']) && in_array(strtolower($_POST['sort']), array('asc','desc')) ? $_POST['sort'] : 'ASC'; 
     $price="price"; 

     $query = "SELECT * FROM vehicle WHERE special='yes' ORDER BY {$price} {$sort_name}"; 
     $results = mysqli_query($conn, $query); 
     if(!$results) { 
      echo ("Query error: "); 
     } else { 
      /* 
       The fields must be quoted otherwise they will be treated as constants, most likely undefined 
      */ 
      while ($row = mysqli_fetch_array($results)) { 
       echo " 
       <p>VIN_#: {$row['vin']}</p> 
       <p>Stock Number: {$row['stockno']}</p> 
       <p>Manufacturer Number: {$row['man_num']}</p> 
       <p>Model: {$row['model']}</p> 
       <p>Colour: {$row['col_id']}</p> 
       <p>Year: {$row['year']}</p> 
       <p>Price: {$row['price']}</p> 
       <p>Kilometres: {$row['kms']}</p> 
       <p>Registration: {$row['rego']}</p> 
       <p>Cylinders: {$row['cylinders']}</p> 
       <p>Fuel: {$row['fuel']}</p> 
       <p>Transmission: {$row['transmission']}</p> 
       <p>Category Id: {$row['cat_id']}</p> 
       <p>Vehicle on Special (yes/no): {$row['special']}</p> 
       <p>Standard Used Vehicle: {$row['standardusedvehicle']}</p> 
       <img src='{$row['vehicle_image']}' />";/* The image was not correctly set using single quotes */ 
      } 
     } 
    } 
?>

如果你要使用PHP_SELF作为表单动作(或在你的代码的话),你真的应该尽量做到从XSS攻击的安全 - 或使用$_SERVER['SCRIPT_NAME']代替。也就是说,尝试使用:

<?php 
    $action = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'utf-8'); 
?> 

<form method="post" action='<?php echo action; ?>' >

来源

2017-06-18 06:37:52 RamRaider

+0

它没有工作,它想出了:注意:未定义的变量:查询/ 98/100//xamppfiles/htdocs/taylor_callaghan_wca/specials.php上线98 查询错误: – Taylor

+0

现在有问题,它不是从数据库读取数据 – Taylor

+0

对不起,我犯了一个错误,现在正在工作,非常感谢你 – Taylor

相关问题

 相关问题