I have a form that contains multiple html text inputs, and I'd like to use the values of these inputs to make one search query (for example I want it to look like this results.php?input=value1+value2+value3
) I've tried, however I haven't managed to get one that queries with all the values from the 3 input fields.
我有一个包含多个html文本输入的表单,我想使用这些输入的值来进行一个搜索查询(例如,我希望它看起来像这个results.php?input = value1 + value2 + value3)我已经尝试过,但是我没有设法得到一个查询3输入字段中的所有值。
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$query = "SELECT * FROM search WHERE input='$input' AND topic ='$topic' AND location='$location' ";'
1 个解决方案
#1
1
You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:
你可以按照你演示的方式来实现,但你应该使用内置的PHP函数来通过预处理语句转义输入,例如使用mysqli的bind_param:
$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();
As for the form to get the URL you're wanting:
至于获取您想要的URL的表单:
<form action="results.php" method="GET">
<input type="text" name="input">
<input type="text" name="topic">
<input type="text" name="location">
</form>
The action is set to your results.php
script, and the method is set to GET
in order to have the form inputs put in the URL.
该操作设置为results.php脚本,并且该方法设置为GET,以便将表单输入放在URL中。
#1
1
You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:
你可以按照你演示的方式来实现,但你应该使用内置的PHP函数来通过预处理语句转义输入,例如使用mysqli的bind_param:
$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();
As for the form to get the URL you're wanting:
至于获取您想要的URL的表单:
<form action="results.php" method="GET">
<input type="text" name="input">
<input type="text" name="topic">
<input type="text" name="location">
</form>
The action is set to your results.php
script, and the method is set to GET
in order to have the form inputs put in the URL.
该操作设置为results.php脚本,并且该方法设置为GET,以便将表单输入放在URL中。