My webpage is implemented using php in the background. if I do not click the query button, all project information in the database is displayed in the following table. after clicking query, display items that meet the conditions. Currently, I am displaying this type. I have not set the query not clicked. what should I use? JS or php? How to Write
Currently, I only write this
mysql_select_db("wuliu", $con); $result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0"); while($row = mysql_fetch_array($result)) { echo""; echo ""; echo ""; echo "".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/""; echo "".$row['area'].""; echo "".$row['field'].""; echo "".$row['title'].""; echo "".$row['submiter'].""; echo ""; } mysql_close($con);My webpage is implemented using php in the background. if I do not click the query button, all project information in the database is displayed in the following table. after clicking query, display items that meet the conditions. Currently, I am displaying this type. I have not set the query not clicked. what should I use? JS or php? How to Write
Currently, I only write this
mysql_select_db("wuliu", $con); $result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0"); while($row = mysql_fetch_array($result)) { echo""; echo ""; echo ""; echo "".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/""; echo "".$row['area'].""; echo "".$row['field'].""; echo "".$row['title'].""; echo "".$row['submiter'].""; echo ""; } mysql_close($con);
Determine whether a post exists. if a post exists, the query is executed.
If (isset ($ _ POST) {// Here is the part you sent}
SQL concatenation problems
Separate the where statement.
$where = "";if(isset($_POST)){ $where = "where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0"";}$result=mysql_query("SELECT * from content_info ".$where);It is strongly recommended to parameterize the query to prevent injection.
Http://php.net/manual/zh/clas...
Ideas:
1. query by page. 10 messages are displayed on each page.
2. submit form assembly SQL statement in GET mode
3. If no query conditions exist, all queries are performed (by page)
Both php and js are supported.
The error is reported because the $ _ POST variable is called incorrectly.
$ Result = mysql_query ("SELECT * from content_info where title = '$ _ POST [textfield22]' and submiter = '$ _ POST [textfield322]' and area = '$ _ POST [select] 'and field =' $ _ POST [select2] 'and pass = 0 ");
Change
$ Result = mysql_query ("SELECT * from content_info where title = '". $ _ POST ['textfield322 ']. "'and submiter = '". $ _ POST ['textfield322 ']. "'and area = '". $ _ POST ['select']. "'and field = '". $ _ POST ['select2']. "'and pass = 0 ");
As mentioned above, it is best to perform paging. Use limit to process mysql statements.
Do not concatenate SQL statements like this. an SQL statement is generated and injected every minute.
We recommend that you set the default value of the variable in the external part of the merging statement. after receiving the post data, check and filter the data, overwrite the old default value, and then splice the query statement.
This is both safe and meets your needs.
1. the value corresponding to the key in the $ _ POST array should be given a default value.
2. add pagination
3. study hard and study every day
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
