php - sort with SELECT drop down asc desc 连接到数据库

标签 php html mysql database mysqli

我正在尝试创建一个下拉列表来显示在我的网络浏览器上处于“特殊”状态且来 self 的数据库的车辆。我希望它们按从升到降的价格顺序显示。我有列表的编码,但出于某种原因,当您单击显示结果时它不起作用。我错过了什么?

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
<select name="sort">
<option value="ASC">Ascending</option>
<option value="DESC">Descending</option>
</select>
<input type="submit" name="update" value= "Display results">
	</form>

<?php
// set initial value for variables to avoid errors the first time the page runs
$sort_name = "ASC";
$price="price";
// check to see if the form value has been set and if so return the value
if(isset($_POST['sort'])) {
// set the variable to the value selected from the dropdown - either ASC or DESC
$sort_name = $_POST['sort'];
}

// create the query inserting the value for the sort order with the variable $sort_name
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";	
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
$query = "SELECT * FROM vehicle WHERE special='yes'ORDER BY $price ASC";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and display results
while ($row = mysqli_fetch_array($results)) {
echo "<p>VIN_#: $row[vin]</p> ";	
echo "<p>Stock Number: $row[stockno]</p> ";
echo "<p>Manufacturer Number: $row[man_num]</p>";
echo "<p>Model: $row[model]</p>";
echo "<p>Colour: $row[col_id]</p>";
echo "<p>Year: $row[year]</p>";
echo "<p>Price: $row[price]</p>";
echo "<p>Kilometres: $row[kms] </p>";
echo "<p>Registration: $row[rego] </p>";
echo "<p>Cylinders: $row[cylinders] </p>";
echo "<p>Fuel: $row[fuel] </p>";
echo "<p>Transmission: $row[transmission] </p>";
echo "<p>Category Id: $row[cat_id] </p>";
echo "<p>Vehicle on Special (yes/no): $row[special] </p>";
echo "<p>Standard Used Vehicle: $row[standardusedvehicle] </p>";
echo '<img src="'.$row[vehicle_image] . "\" >";
}
}
?>

我在编码之前已经连接到我的数据库

任何想法都会很棒

最佳答案

sql 语句当前排序ASC 并且类型严格,请尝试使用表单提交发送的值

$sql="SELECT * FROM vehicle WHERE special='yes'ORDER BY {$price} {$_POST['sort']}";

然而,该代码容易受到 sql 注入(inject)的攻击,因此您最好考虑使用准备好的语句

您发布的代码有一些错误 - html 输出中的每个字段都需要引用,否则 PHP 将假定您使用的是 constants 并会抛出错误。图像未正确使用单引号和双引号。

<form method="post" action='<?php echo $_SERVER['PHP_SELF']; ?>' >
    <select name="sort">
        <option value="ASC">Ascending</option>
        <option value="DESC">Descending</option>
    </select>
    <input type="submit" name="update" value= "Display results">
</form>


<?php
    if( $_SERVER['REQUEST_METHOD']=='POST' ){

        $sort_name = isset( $_POST['sort'] ) && in_array( strtolower( $_POST['sort'] ), array( 'asc','desc' ) ) ? $_POST['sort'] : 'ASC';
        $price="price";

        $query = "SELECT * FROM vehicle WHERE special='yes' ORDER BY {$price} {$sort_name}";
        $results = mysqli_query($conn, $query );
        if( !$results ) {
            echo ("Query error: ");
        } else {
            /*
                The fields must be quoted otherwise they will be treated as constants, most likely undefined
            */
            while ($row = mysqli_fetch_array($results)) {
                echo "
                <p>VIN_#: {$row['vin']}</p>
                <p>Stock Number: {$row['stockno']}</p>
                <p>Manufacturer Number: {$row['man_num']}</p>
                <p>Model: {$row['model']}</p>
                <p>Colour: {$row['col_id']}</p>
                <p>Year: {$row['year']}</p>
                <p>Price: {$row['price']}</p>
                <p>Kilometres: {$row['kms']}</p>
                <p>Registration: {$row['rego']}</p>
                <p>Cylinders: {$row['cylinders']}</p>
                <p>Fuel: {$row['fuel']}</p>
                <p>Transmission: {$row['transmission']}</p>
                <p>Category Id: {$row['cat_id']}</p>
                <p>Vehicle on Special (yes/no): {$row['special']}</p>
                <p>Standard Used Vehicle: {$row['standardusedvehicle']}</p>
                <img src='{$row['vehicle_image']}' />";/* The image was not correctly set using single quotes */
            }
        }
    }
?>

如果您打算使用 PHP_SELF 作为表单操作(或在您的代码中使用),您真的应该尝试使其免受 XSS 攻击 - 或者使用 $_SERVER[ 'SCRIPT_NAME'] 代替。也就是说,尝试使用:

<?php
    $action = htmlspecialchars( $_SERVER['PHP_SELF'], ENT_QUOTES, 'utf-8');
?>

<form method="post" action='<?php echo action; ?>' >

关于php - sort with SELECT drop down asc desc 连接到数据库,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44612360/

上一篇:php - SQL 选择等号字母

下一篇:php - 检索和处理无限量的数据

相关文章:

php - PHP 中的 cURL 下载进度

ios - HTML5 离线应用总是在 iPod Touch iOS 4.2.1 上发送 "error"事件

javascript - 调整窗口宽度时隐藏菜单

mysql - 通过 ODBC 带参数的 SSRS/MySQL/存储过程

php - 如何检查对象是否是特定类的实例?

与 PDFlib API 兼容的 PHP 包装器

mysql - 根据以前的销售预测库存消耗率

php - XAMPP 使用 PHP/MySQL 运行速度非常慢

php - 使用 Thrift 生成的文件中的 PSR-4 命名空间

javascript - HTML/CSS : Add Icon to Text Button

©2024 IT工具网  联系我们