1. 首页
  2. 问答
  3. PHP使用查询更改订单和价格过滤器

PHP使用查询更改订单和价格过滤器

2014-02-17 44 views
0

我正在为我的网站开发一个过滤器,看起来我的逻辑似乎已经不多了! 我设法排序依据所选择的单选按钮的项目的顺序,但我不知道怎么的价格输入端集成(来源:__为:__)PHP使用查询更改订单和价格过滤器

在index.php 

$price_range =''; 
if(isset($_POST['submit'])){ 
    $lowest_price = $_POST['lowest_price']; 
    $highest_price = $_POST['highest_price']; 
    $price_range = "`price` BETWEEN LIKE '%" .$lowest_price."%' AND LIKE '%" .$highest_price."%'"; 
        } 

    $order_list=(isset($_POST['order_list']))?$_POST['order_list']:'';      
switch($order_list) { 
    case "link1": $order_list_sql = "ORDER BY `date` DESC";  break; 
    case "link2": $order_list_sql = "ORDER BY `price` ASC";  break; 
    case "link3": $order_list_sql = "ORDER BY `price` DESC";  break; 
    case "link4": $order_list_sql = "ORDER BY `id` DESC";   break; 
    default:  $order_list_sql = "ORDER BY `date` DESC"; 
        } 

$res = mysql_query("SELECT * FROM `classifieds` ".$order_list_sql." LIMIT 10");

在form.php的:

<form action="index.php" method="post" enctype="multipart/form-data"> 
    <li>Ad Order 
     <ul> 
      <li> 
       <label> 
        <input type="radio" name="order_list" value="link1" <?php echo (isset($_POST[ 'order_list'])=='link1' ? 'checked': '')?>>Newest First</label> 
      </li> 
      <li> 
       <label> 
        <input type="radio" name="order_list" value="link2" <?php echo (isset($_POST[ 'order_list'])=='link2' ? 'checked': '')?>>Lowest Price First</label> 
      </li> 
      <li> 
       <label> 
        <input type="radio" name="order_list" value="link3" <?php echo (isset($_POST[ 'order_list'])=='link3' ? 'checked': '')?>>Highest Price First</label> 
      </li> 
      <li> 
       <label> 
        <input type="radio" name="order_list" value="link4" <?php echo (isset($_POST[ 'order_list'])=='link4' ? 'checked': '')?>>Nearest First</label> 
      </li> 
     </ul> 
    </li> 
    <li>Price 
     <ul> 
      <li>From: $ 
       <input type="text" placeholder="0.00" size="8" name="lowest_price" value="<?php if(isset($_POST['lowest_price'])) { echo $_POST['lowest_price']; } ?>"> 
      </li> 
      <li>To: $ 
       <input type="text" size="8" name="highest_price" value="<?php if(isset($_POST['highest_price'])) { echo $_POST['highest_price']; } ?>"> 
      </li> 
     </ul> 
    </li> 
    <input type="submit" value="Save"> 
</form>

更新: 我至今尝试过,但似乎向右转到else语句

if(isset($_POST['submit']) === true && empty($_POST['submit']) === false){ 
    $lowest_price = $_POST['lowest_price']; 
    $highest_price = $_POST['highest_price']; 
    $price_range = "WHERE `price` BETWEEN ".$lowest_price." AND ".$highest_price.""; 

    if(empty($_POST['order_list']) === false && $_POST['order_list'] == "link1"){ 
     $order_list = "ORDER BY `date` DESC"; 
    } 
    if(empty($_POST['order_list']) === false && $_POST['order_list'] == "link2"){ 
     $order_list = "ORDER BY `price` ASC"; 
    } 
    if(empty($_POST['order_list']) === false && $_POST['order_list'] == "link3"){ 
     $order_list = "ORDER BY `price` DESC"; 
    } 
    if(empty($_POST['order_list']) === false && $_POST['order_list'] == "link4"){ 
     $order_list = "ORDER BY `id` DESC";  
    }       
    $res = mysql_query("SELECT * FROM `classifieds` ".$price_range." ".$order_list." LIMIT 10"); 
}else{ 
    $res = mysql_query("SELECT * FROM `classifieds` ORDER BY `date` DESC LIMIT 10"); 
}

来源

2014-02-17 Gadgetster

+0

如果你能,更好地利用'mysqli'的功能,而不是'mysql',因为最后一个已被弃用 –

+0

并且请修复你的SQL注入漏洞! –

回答

0

更改$ PRICE_RANGE到:

$price_range = "WHERE price BETWEEN ".$lowest_price." AND ".$highest_price." ";

变化$资源到

$res = mysql_query("SELECT * FROM classifieds ".$price_range." ".$order_list_sql." LIMIT 10");

让我知道结果..

来源

2014-02-17 08:52:04 user3106988

+0

这根本不是一种安全的方式!看看[这个](https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#!)链接 – ilhnctn

+0

我曾尝试过,它给了我错误。并且当前,每次我更改订单时,即使我指定它被检查,订单选择单选按钮也不会被检查。现在它总是检查订单清单中的最后一个选项 – Gadgetster

相关问题

 相关问题