我已经非常接近让这个网站正常运行了。在这个网站上的优秀人士的帮助下,我找到了最后一个问题的解决方案,并有最后一个问题。我的网站上有 8 个输入字段,这些字段将根据选择的专业知识提取代理信息。如果数据库设置不同,这很可能会容易得多,但我无法更改数据库的结构。
我的数据库结构:
ID | MemberID | First_Name | Last_Name | Ancillary | LongTerm | Medicare | ETC..<br />
1 | 77777 | John | Doe | 1 | 1 | 0 | ETC..
现在我需要根据用户选择的专业知识来提取信息。 由于我的专业领域各占一列,并且它们的值是 1 表示是,0 表示否,这对于新手程序员来说肯定是有点复杂。
用于根据选择的值进行拉取的 HTML:
<label for="agent">Agent Expertise</label><br />
<label for="ancillary"><input type="radio" value="Ancillary" onChange="showUser(this.value)" name="expertise[]" id="ancillary" />Ancillary</label><br />
<label for="smallgroup"><input type="radio" value="Smallgroup" onChange="showUser(this.value)" name="expertise[]" id="smallgroup" />Small Group</label><br />
<label for="largegroup"><input type="radio" value="LargeGroup" onChange="showUser(this.value)" name="expertise[]" id="largegroup" />Large Group</label><br />
<label for="medicare"><input type="radio" value="Medicare" onChange="showUser(this.value)" name="expertise[]" id="medicare" />Medicare</label><br />
<label for="longterm"><input type="radio" value="LongTerm" onChange="showUser(this.value)" name="expertise[]" id="longterm" />Long Term Care</label><br />
<label for="individual"><input type="radio" value="Individual" onChange="showUser(this.value)" name="expertise[]" id="individual" />Individual Plan</label><br />
<label for="tpa"><input type="radio" value="TPASelfInsured" onChange="showUser(this.value)" name="expertise[]" id="tpa" />TPA Self Insured</label><br />
<label for="ppaca"><input type="radio" value="CertifiedForPPACA" onChange="showUser(this.value)" name="expertise[]" id="ppaca" />Certified for PPACA</label><br />
jQuery 我曾经使用 ajax 提取信息并发布到 div 中:
更新了我的 jQuery 和 AJAX
$(document).ready(function() {
$('input').on('click', function() {
var value = $(this).val();
$.ajax({
type: 'POST',
data: ({expertise: value}),
url: "expertise.php",
success: function (data) {
$('#bodyA').html(data);
}
});
});
})
现在sql是我遇到问题的地方:
$sql="SELECT * FROM `roster` WHERE Ancillary = '1' OR SmallGroup = '1' OR IndividualPlans = '1' OR LongTermCare = '1' OR Medicare = '1' OR LargeGroup = '1' OR TPASelfInsured = '1' OR CertifiedForPPACA = '1' ORDER BY Last_Name ASC";
当我使用 OR 时,它会调用数据库中的每个人,但当我使用 AND 时,它只会调用拥有所有专业知识的代理。 (对我来说很有意义)
PHP 文件:
include 'datalogin.php'; // PHP File to login credentials
$sql="SELECT * FROM `roster` WHERE Ancillary = '1' OR SmallGroup = '1' OR IndividualPlans = '1' OR LongTermCare = '1' OR Medicare = '1' OR LargeGroup = '1' OR TPASelfInsured = '1' OR CertifiedForPPACA = '1' ORDER BY Last_Name ASC";
$result = mysqli_query($con,$sql) // Connects to database
or die("Error: ".mysqli_error($con));
echo "<h1>" . "Find a Local OAHU Agent." . "</h1>";
while ($row = mysqli_fetch_array($result)) { // Gets results from the database
echo "<div class='agentcon'>" . "<span class='agentn'>" . "<strong>".$row['First_Name'] . " " .$row['Last_Name'] . "</strong>" . "</span>" . "<a href=mailto:".$row['Email'] . ">" . "<span class='email'>" . "Send an e-mail to" . " " .$row['First_Name'] . "</span>" . "</a>" ."<div class='floathr'></div>";
if ($row['Company'] == NULL) {
echo "<p>";
}
else {
echo "<p>" . "<strong>" .$row['Company'] . "</strong>" . "<br>";
}
echo $row['WorkAddress1'] . " " .$row['WorkCity'] . "," . " " .$row['WorkStateProvince'] . " " .$row['WorkZipCode'] . "<br>";
if ($row['Work_Phone'] !== NULL) {
echo "<strong>" . "Work" . " " . "</strong>" .$row['Work_Phone'] . "<br>";
}
if ($row['Fax'] !== NULL) {
echo "<strong>" . "Fax" . " " . "</strong>" .$row['Fax'] . "<br>";
}
echo "<strong>" . "Agent Expertise:" . "</strong>";
if ($row['Ancillary'] == 1) {
echo " " . "Ancillary" . "/";
}
if ($row['SmallGroup'] == 1) {
echo " " . "Small Group" . "/";
}
if ($row['IndividualPlans'] == 1) {
echo " " . "Individual Plans" . "/";
}
if ($row['LongTermCare'] == 1) {
echo " " . "Long Term Care" . "/";
}
if ($row['Medicare'] == 1) {
echo " " . "Medicare" . "/";
}
if ($row['LargeGroup'] == 1) {
echo " " . "LargeGroup" . "/";
}
if ($row['TPASelfInsured'] == 1) {
echo " " . "TPA Self Insured" . "/";
}
if ($row['CertifiedForPPACA'] == 1) {
echo " " . "Certified For PPACA";
}
echo "</p>" . "</div>";
}
mysqli_close($con);
最佳答案
我不是预防注入(inject)方面的专家,但你难道不能像这样破坏你的专业知识吗?
JQuery:
<script>
function showUser(){
$.post("expertise.php",$('#expertiseform').serialize(), function(data){$('#bodyA').html(data)});
return false;
}
</script>
HTML:
<form id="expertiseform" action="expertise.php" method="POST">
<label for="agent">Agent Expertise</label><br />
<label for="ancillary"><input type="checkbox" value="Ancillary" onClick="showUser(this)" name="expertise[]" id="ancillary" />Ancillary</label><br />
<label for="smallgroup"><input type="checkbox" value="Smallgroup" onClick="showUser(this)" name="expertise[]" id="smallgroup" />Small Group</label><br />
<label for="largegroup"><input type="checkbox" value="LargeGroup" onClick="showUser(this)" name="expertise[]" id="largegroup" />Large Group</label><br />
<label for="medicare"><input type="checkbox" value="Medicare" onClick="showUser(this)" name="expertise[]" id="medicare" />Medicare</label><br />
<label for="longterm"><input type="checkbox" value="LongTerm" onClick="showUser(this)" name="expertise[]" id="longterm" />Long Term Care</label><br />
<label for="individual"><input type="checkbox" value="Individual" onClick="showUser(this)" name="expertise[]" id="individual" />Individual Plan</label><br />
<label for="tpa"><input type="checkbox" value="TPASelfInsured" onClick="showUser(this)" name="expertise[]" id="tpa" />TPA Self Insured</label><br />
<label for="ppaca"><input type="checkbox" value="CertifiedForPPACA" onClick="showUser(this)" name="expertise[]" id="ppaca" />Certified for PPACA</label><br />
</form>
PHP:
$poststr = $_POST['expertise']; //get our post data
if(is_array($poststr)){
if(count($poststr) > 1){ //count to make sure we have an array
$expertise = implode(" AND ",$_POST['expertise']); //implode the array using AND as glue
}else{ //otherwise implode without glue
$expertise = implode("",$poststr);
}
//here is our string for prepared statement
$sql = "SELECT First_Name, Last_Name, Email, Company, WorkAddress1, WorkCity, WorkStateProvince, WorkZipCode, Work_Phone, Fax, Ancillary, SmallGroup, IndividualPlans, LongTermCare, Medicare, LargeGroup, TPASelfInsured, CertifiedForPPACA FROM roster WHERE ".$expertise." = 1";
if(!$stmt = $con->Prepare($sql))
{
die; //echo error info if you want to know info
}else{
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($First_Name, $Last_Name, $Email, $Company, $WorkAddress1, $WorkCity, $WorkStateProvince, $WorkZipCode, $Work_Phone, $Fax, $Ancillary, $SmallGroup, $IndividualPlans, $LongTermCare, $Medicare, $LargeGroup, $TPASelfInsured, $CertifiedForPPACA);
$rows = $stmt->num_rows;
if($rows >0){
echo "<h1>" . "Find a Local OAHU Agent." . "</h1>";
while ($stmt->fetch()) { // Gets results from the database
echo "<div class='agentcon'>" . "<span class='agentn'>" . "<strong>".$First_Name . " " .$Last_Name . "</strong>" . "</span>" . "<a href=mailto:".$Email . ">" . "<span class='email'>" . "Send an e-mail to" . " " .$First_Name . "</span>" . "</a>" ."<div class='floathr'></div>";
if ($Company == NULL) {
echo "<p>";
}
else {
echo "<p>" . "<strong>" .$Company . "</strong>" . "<br>";
}
echo $WorkAddress1 . " " .$WorkCity . "," . " " .$WorkStateProvince . " " .$WorkZipCode . "<br>";
if ($Work_Phone !== NULL) {
echo "<strong>" . "Work" . " " . "</strong>" .$Work_Phone . "<br>";
}
if ($Fax !== NULL) {
echo "<strong>" . "Fax" . " " . "</strong>" .$Fax . "<br>";
}
echo "<strong>" . "Agent Expertise:" . "</strong>";
if ($Ancillary == 1) {
echo " " . "Ancillary" . "/";
}
if ($SmallGroup == 1) {
echo " " . "Small Group" . "/";
}
if ($IndividualPlans == 1) {
echo " " . "Individual Plans" . "/";
}
if ($LongTermCare == 1) {
echo " " . "Long Term Care" . "/";
}
if ($Medicare == 1) {
echo " " . "Medicare" . "/";
}
if ($LargeGroup == 1) {
echo " " . "LargeGroup" . "/";
}
if ($TPASelfInsured == 1) {
echo " " . "TPA Self Insured" . "/";
}
if ($CertifiedForPPACA == 1) {
echo " " . "Certified For PPACA";
}
echo "</p>" . "</div>";
}
$stmt->close;
}else{
Die;
}
}
}
这在我的服务器上测试一切正常。
关于php - 使用 mysql 根据单击的复选框/单选按钮提取 8 列中的 1 列,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18023696/