如何使用多个HTML文本输入来进行SQL搜索查询

时间:2022-11-05 09:31:49

I have a form that contains multiple html text inputs, and I'd like to use the values of these inputs to make one search query (for example I want it to look like this results.php?input=value1+value2+value3) I've tried, however I haven't managed to get one that queries with all the values from the 3 input fields.

我有一个包含多个html文本输入的表单,我想使用这些输入的值来进行一个搜索查询(例如,我希望它看起来像这个results.php?input = value1 + value2 + value3)我已经尝试过,但是我没有设法得到一个查询3输入字段中的所有值。

$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$query = "SELECT * FROM search WHERE input='$input' AND topic ='$topic' AND location='$location' ";'

1 个解决方案

#1


1  

You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:

你可以按照你演示的方式来实现,但你应该使用内置的PHP函数来通过预处理语句转义输入,例如使用mysqli的bind_param:

$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();

As for the form to get the URL you're wanting:

至于获取您想要的URL的表单:

<form action="results.php" method="GET">
  <input type="text" name="input">
  <input type="text" name="topic">
  <input type="text" name="location">
</form>

The action is set to your results.php script, and the method is set to GET in order to have the form inputs put in the URL.

该操作设置为results.php脚本,并且该方法设置为GET,以便将表单输入放在URL中。

#1


1  

You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:

你可以按照你演示的方式来实现,但你应该使用内置的PHP函数来通过预处理语句转义输入,例如使用mysqli的bind_param:

$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();

As for the form to get the URL you're wanting:

至于获取您想要的URL的表单:

<form action="results.php" method="GET">
  <input type="text" name="input">
  <input type="text" name="topic">
  <input type="text" name="location">
</form>

The action is set to your results.php script, and the method is set to GET in order to have the form inputs put in the URL.

该操作设置为results.php脚本,并且该方法设置为GET,以便将表单输入放在URL中。