我是新手学习PHP,正在尝试让提交按钮读取一个SQL表。

huangapple go评论70阅读模式
英文:

I am new to PHP and am trying to get a submit button to read an SQL Table

问题

我正在尝试在HTML上创建一个可见的产品列表。到目前为止,我已经显示了所有产品和详细信息,并在顶部添加了一个带有搜索文本框的提交按钮,但它什么都不做。然后我尝试使搜索按钮工作,但现在只显示文本框和提交按钮,当查询被搜索时,除了URL更新之外什么都不显示。我试图让它搜索表格Products中的Description Cell数据,但它不能正常工作。
请帮助我使搜索功能正常工作。

以下是代码:

<!doctype html>
<html>
<head>
	<meta charset="UTF-8" /> 
	<title>My First SQL Page</title>
	<link rel="stylesheet" type="text/css" href="shopstyle.css" />
</head>
<body>
	<h1>Products List</h1>
	<?php 
		
		// include some functions from another file.
		include('functions.php');
		
		// if the user provided a search string.
		
		if(isset($_GET['search']))
		{
			$searchString = $_GET['search'];
		}
		
		// if the user did not provide a search string, assume an empty string
		
		else
		{
			$searchString = "";
		}
		
		$SqlSearchString = "%searchString%";
		$safeSearchString = htmlspecialchars($searchString, ENT_QUOTES,"UTF-8");
		
		echo "<form>";
		echo "<input name = 'search' type = 'text' value = '$safeSearchString'/>";
		echo "<input type = 'submit'/>";
		echo "</form>";
		
		// connect to the database using our function (and enable errors, etc)
		$dbh = connectToDatabase();
		
		$sql = "SELECT * FROM Products WHERE Description = ?";
		
		// select all the products.
		$statement = $dbh->prepare($sql);
		$statement ->bindValue(1,$SqlSearchString,PDO::PARAM_STR);
		
		//execute the SQL.
		$statement->execute();

		// get the results
		while($row = $statement->fetch(PDO::FETCH_ASSOC))
		{
			// Remember that the data in the database could be untrusted data. 
			// so we need to escape the data to make sure its free of evil XSS code.
			$ProductID = htmlspecialchars($row['ProductID'], ENT_QUOTES, 'UTF-8'); 
			$Price = htmlspecialchars($row['Price'], ENT_QUOTES, 'UTF-8'); 
			$Description = htmlspecialchars($row['Description'], ENT_QUOTES, 'UTF-8'); 
			
			// output the data in a div with a class of 'productBox' we can apply css to this class.
			echo "<div class = 'productBox'>";
			echo "<img src = '/ProductPictures/$ProductID.jpg' />";
			echo "$Description <br/>";
			echo "$Price <br/>";
			echo "</div> \n";			
		}
	?>
</body>
</html>

我已尝试更新我的SQL查询,但没有成功,而且我不确定问题出在哪里,因为当我尝试Select * From Products where description like %radio%时,它可以正常工作。

英文:

I am trying to create a visible product list on html. I have gotten it to the point where I had all the products and details showing and a submit button with text box for search at the top that did nothing. I then tried to make the submit button for search work but now it’s only showing the text box and submit button and when a query is searched it doesn’t show anything except the URL updates. I am trying to get it to search through the Description Cell data in table Products but it’s not working properly.
Please help me get the search function to work properly.

Here is the code.

`&lt;!doctype html&gt;
&lt;html&gt;
&lt;head&gt;
&lt;meta charset=&quot;UTF-8&quot; /&gt; 
&lt;title&gt;My First SQL Page&lt;/title&gt;
&lt;link rel=&quot;stylesheet&quot; type=&quot;text/css&quot; href=&quot;shopstyle.css&quot; /&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;h1&gt;Products List&lt;/h1&gt;
&lt;?php 
// include some functions from another file.
include(&#39;functions.php&#39;);
// if the user provided a search string.
if(isset($_GET[&#39;search&#39;]))
{
$searchString = $_GET[&#39;search&#39;];
}
// if the user did not provide a search string, assume an empty string
else
{
$searchString = &quot;&quot;;
}
$SqlSearchString = &quot;%searchString%&quot;;
$safeSearchString = htmlspecialchars($searchString, ENT_QUOTES,&quot;UTF-8&quot;);
echo &quot;&lt;form&gt;&quot;;
echo &quot;&lt;input name = &#39;search&#39; type = &#39;text&#39; value = &#39;$safeSearchString&#39;/&gt;&quot;;
echo &quot;&lt;input type = &#39;submit&#39;/&gt;&quot;;
echo &quot;&lt;/form&gt;&quot;;
// connect to the database using our function (and enable errors, etc)
$dbh = connectToDatabase();
$sql = &quot;SELECT * FROM Products WHERE Description = ?&quot;;
// select all the products.
$statement = $dbh-&gt;prepare($sql);
$statement -&gt;bindValue(1,$SqlSearchString,PDO::PARAM_STR);
//execute the SQL.
$statement-&gt;execute();
// get the results
while($row = $statement-&gt;fetch(PDO::FETCH_ASSOC))
{
// Remember that the data in the database could be untrusted data. 
// so we need to escape the data to make sure its free of evil XSS code.
$ProductID = htmlspecialchars($row[&#39;ProductID&#39;], ENT_QUOTES, &#39;UTF-8&#39;); 
$Price = htmlspecialchars($row[&#39;Price&#39;], ENT_QUOTES, &#39;UTF-8&#39;); 
$Description = htmlspecialchars($row[&#39;Description&#39;], ENT_QUOTES, &#39;UTF-8&#39;); 
// output the data in a div with a class of &#39;productBox&#39; we can apply css to this class.
echo &quot;&lt;div class = &#39;productBox&#39;&gt;&quot;;
echo &quot;&lt;img src = &#39;/ProductPictures/$ProductID.jpg&#39; /&gt;&quot;;
echo &quot;$Description &lt;br/&gt;&quot;;
echo &quot;$Price &lt;br/&gt;&quot;;
echo &quot;&lt;/div&gt; \n&quot;;			
}
?&gt;
&lt;/body&gt;
&lt;/html&gt;`

I have tried updating my SQL query with no luck and I am not sure where the problem lies since the search worked perfect in the SQL database when I tried Select * From Products where description like %radio% and that worked.

答案1

得分: 1

我尝试过Select * From Products where description like %radio%,这个查询有效。

你的代码:

SELECT * FROM Products WHERE Description = ?

在绑定参数之前,你确实正确地在$SqlSearchString周围使用了%符号,但在查询中使用了=而不是LIKE

英文:

> I tried Select * From Products where description like %radio% and that worked.

Your code:

SELECT * FROM Products WHERE Description = ?

You do correctly wrap $SqlSearchString in % signs before binding it to the parameter, but you used = instead of LIKE in the query.

答案2

得分: 1

你应该在参数中使用"LIKE",然后将百分号 "%" 添加到变量中。

$sql = "SELECT * FROM Products WHERE Description LIKE ?";
        
// 选择所有产品。
$statement = $dbh->prepare($sql);
$statement->bindValue(1, "%" . $SqlSearchString . "%", PDO::PARAM_STR);
英文:

You shuld use like for your parameter and add then % to the variable

    $sql = &quot;SELECT * FROM Products WHERE Description LIKE ?&quot;;
// select all the products.
$statement = $dbh-&gt;prepare($sql);
$statement -&gt;bindValue(1,&quot;%&quot;.$SqlSearchString.&quot;%&quot;,PDO::PARAM_STR);

huangapple
  • 本文由 发表于 2023年3月7日 22:37:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/75663356.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定