php
2011-07-12 58 views 0 likes 
0

我有下面的代码,当表单填写完毕后从数据库返回行。问题是,除非填写了所有三个字段(名称,地址,类型),否则代码不会返回任何内容。我想要更改代码,以便让我们假设只填写了一个字段,它将只搜索那个字段。执行条款,如果字段为空

我想这得益于另一名成员帮助,但我想我可能已经实施了一个错误:

if (empty($name)) { 
$nameClause=''; 
} else { 
$nameClause="name='".$name."'"; 
}

.....

<?php 
require("db_access.php"); 

function parseToXML($htmlStr) 
{ 
$xmlStr=str_replace('<','&lt;',$htmlStr); 
$xmlStr=str_replace('>','&gt;',$xmlStr); 
$xmlStr=str_replace('"','&quot;',$xmlStr); 
$xmlStr=str_replace("'",'&#39;',$xmlStr); 
$xmlStr=str_replace("&",'&amp;',$xmlStr); 
return $xmlStr; 
} 

$name=$_POST['name']; 
$address=$_POST['address']; 
$type=$_POST['type']; 



// Opens a connection to a MySQL server 
$connection=mysql_connect (localhost, $username, $password); 
if (!$connection) { 
    die('Not connected : ' . mysql_error()); 
} 

// Set the active MySQL database 
$db_selected = mysql_select_db($database, $connection); 
if (!$db_selected) { 
    die ('Can\'t use db : ' . mysql_error()); 
} 




// Select all the rows in the markers table 
$query = sprintf(
    "SELECT * FROM markers WHERE name = '%s' AND address = '%s' AND type = '%s'", 
    mysql_real_escape_string($name), 
    mysql_real_escape_string($address), 
    mysql_real_escape_string($type) 
); 
$result = mysql_query($query); 
if($result == false) { 
    die(mysql_error() . "<br />\n$query"); 
} 
if(mysql_num_rows($result) == 0) { 
    user_error("No rows returned by:<br />\n$query"); 
} 

header("Content-type: text/xml"); 

// Start XML file, echo parent node 
echo '<markers>'; 

// Iterate through the rows, printing XML nodes for each 
while ($row = @mysql_fetch_assoc($result)){ 
    // ADD TO XML DOCUMENT NODE 
    echo '<marker '; 
    echo 'name="' . parseToXML($row['name']) . '" '; 
    echo 'address="' . parseToXML($row['address']) . '" '; 
    echo 'type="' . parseToXML($row['type']) . '" '; 
    echo 'lat="' . $row['lat'] . '" '; 
    echo 'lng="' . $row['lng'] . '" '; 
    echo '/>'; 
} 

// End XML file 
echo '</markers>'; 

?>

我取代。该:

$query = sprintf(
"SELECT * FROM markers WHERE name = '%s' AND address = '%s' AND type = '%s'", 
mysql_real_escape_string($name), 
mysql_real_escape_string($address), 
mysql_real_escape_string($type) 
);
与本 

$query = sprintf(
    "SELECT * FROM markers WHERE name = '%s' AND address = '%s' AND type = '%s'", 
    mysql_real_escape_string($name), 
    mysql_real_escape_string($address), 
    mysql_real_escape_string($type) 
); 
$result = mysql_query($query); 
if($result == false) { 
    die(mysql_error() . "<br />\n$query"); 
} 
if(mysql_num_rows($result) == 0) { 
    user_error("No rows returned by:<br />\n$query"); 
}

来源

2011-07-12 pufAmuf

回答

1

这种替换$query = sprintf(...)代码:

$inputs = array('name', 'address', 'type'); 
$where = array(); 

foreach($inputs as $input) 
{ 
    if(!empty($_POST[$input])) { 
     $where[] = "{$input} = '" . mysql_real_escape_string($_POST[$input]) . "'"; 
    } 
} 

if ($where) { 
    $query = 'SELECT * FROM markers WHERE ' . implode(' AND ', $where); 
} else { 
    // do something here if name, address and type are all empty 
}

来源

2011-07-12 21:26:39

+0

我把正是这种代码:(见我的代码编辑)我加了分号,因为这是给我“意外}”的错误,虽然现在我得到这个错误:注意:没有通过返回的行:SELECT * FROM标记WHERE型= '类型' – pufAmuf

+0

对不起,我只是固定的错误:'mysql_real_escape_string($输入)'应该是:'mysql_real_escape_string($ _ POST [$输入])' 。 –

+0

完美无瑕!谢谢你,你救了我很多时间:))! – pufAmuf

相关问题
每日一句
每一个你不满意的现在,都有一个你没有努力的曾经。
最新问题

 相关问题