我正在尝试创建一个下拉列表来显示在我的网络浏览器上处于“特殊”状态且来 self 的数据库的车辆。我希望它们按从升到降的价格顺序显示。我有列表的编码,但出于某种原因,当您单击显示结果时它不起作用。我错过了什么?
<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
<select name="sort">
<option value="ASC">Ascending</option>
<option value="DESC">Descending</option>
</select>
<input type="submit" name="update" value= "Display results">
</form>
<?php
// set initial value for variables to avoid errors the first time the page runs
$sort_name = "ASC";
$price="price";
// check to see if the form value has been set and if so return the value
if(isset($_POST['sort'])) {
// set the variable to the value selected from the dropdown - either ASC or DESC
$sort_name = $_POST['sort'];
}
// create the query inserting the value for the sort order with the variable $sort_name
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
?>
我在编码之前已经连接到我的数据库
任何想法都会很棒
最佳答案
sql 语句当前排序ASC
并且类型严格,请尝试使用表单提交发送的值
$sql="SELECT * FROM vehicle WHERE special='yes'ORDER BY {$price} {$_POST['sort']}";
然而,该代码容易受到 sql 注入(inject)的攻击,因此您最好考虑使用准备好的语句
您发布的代码有一些错误 - html 输出中的每个字段都需要引用,否则 PHP 将假定您使用的是 constants
并会抛出错误。图像未正确使用单引号和双引号。
<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
<select name="sort">
<option value="ASC">Ascending</option>
<option value="DESC">Descending</option>
</select>
<input type="submit" name="update" value= "Display results">
</form>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$sort_name = isset( $_POST['sort'] ) && in_array( strtolower( $_POST['sort'] ), array( 'asc','desc' ) ) ? $_POST['sort'] : 'ASC';
$price="price";
$query = "SELECT * FROM vehicle WHERE special='yes' ORDER BY {$price} {$sort_name}";
$results = mysqli_query($conn, $query );
if( !$results ) {
echo ("Query error: ");
} else {
/*
The fields must be quoted otherwise they will be treated as constants, most likely undefined
*/
while ($row = mysqli_fetch_array($results)) {
echo "
<p>VIN_#: {$row['vin']}</p>
<p>Stock Number: {$row['stockno']}</p>
<p>Manufacturer Number: {$row['man_num']}</p>
<p>Model: {$row['model']}</p>
<p>Colour: {$row['col_id']}</p>
<p>Year: {$row['year']}</p>
<p>Price: {$row['price']}</p>
<p>Kilometres: {$row['kms']}</p>
<p>Registration: {$row['rego']}</p>
<p>Cylinders: {$row['cylinders']}</p>
<p>Fuel: {$row['fuel']}</p>
<p>Transmission: {$row['transmission']}</p>
<p>Category Id: {$row['cat_id']}</p>
<p>Vehicle on Special (yes/no): {$row['special']}</p>
<p>Standard Used Vehicle: {$row['standardusedvehicle']}</p>
<img src='{$row['vehicle_image']}' />";/* The image was not correctly set using single quotes */
}
}
}
?>
如果您打算使用 PHP_SELF
作为表单操作(或在您的代码中使用),您真的应该尝试使其免受 XSS 攻击 - 或者使用 $_SERVER[ 'SCRIPT_NAME']
代替。也就是说,尝试使用:
<?php
$action = htmlspecialchars( $_SERVER['PHP_SELF'], ENT_QUOTES, 'utf-8');
?>
<form method="post" action='<?php echo action; ?>' >
关于php - sort with SELECT drop down asc desc 连接到数据库,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44612360/