0
到目前为止,我有以下的PHP,它允许用户搜索数据库的特定列并显示所有结果。格式化数据库查询的结果
<?php
require("header.php");
if(isset($_REQUEST['searching'])){ //check if form has been submitted
echo"<h2>Results</H2><p>";
connect('final');//connect to DB
//set the values from search form
$field = $_POST['field'];
$query = $_POST['query'];
$query = htmlspecialchars($query); // stop HTML characters
$query = mysql_real_escape_string($query); //stop SQL injection
$data = mysql_query("SELECT *
FROM customer
INNER JOIN address ON customer.ID = address.customer_ID
LEFT OUTER JOIN sites ON address.ID = sites.address_ID
WHERE customer.ID IN (SELECT customer.ID
FROM customer
INNER JOIN address ON customer.ID = address.customer_ID
LEFT OUTER JOIN sites ON address.ID = sites.address_ID
WHERE upper(customer.$field) LIKE'%$query%')") ;//query the DB with search field in colleumn selected//
//$data = mysql_query("SELECT * FROM customer INNER JOIN address ON customer.ID = address.Customer_ID LEFT OUTER JOIN sites ON address.ID = sites.address_ID WHERE upper(customer.$field) LIKE'%$query%'") ;
if($data === FALSE) {
$error = 'Query error:'.mysql_error();
echo $error;
}
else
{
while($results = mysql_fetch_array($data)){// puts data from database into array, loops until no more
echo "<br>";
echo $results['First_Name'];
echo " ";
echo $results['Surname'];
echo " ";
echo $results['Company_Name'];
echo " ";
echo $results['Telephone'];
echo " ";
echo $results['Alt_Telephone'];
echo " ";
echo $results['line_1'];
echo " ";
echo $results['line2'];
echo " ";
echo $results['town'];
echo " ";
echo $results['postcode'];
echo " ";
echo $results['site_name'];
//posts results from db query
}
}
$anymatches=mysql_num_rows($data); //checks if the querys returned any results
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
}
然而,由于我使用的回声输出它只是显示所有页面的最顶端的成果,并推动我所有的HTML内容的楼下吧。
我该如何格式化它以便它出现在我的html内容中?例如在搜索按钮下方。
由于'$ field',您可能会注入SQL。 – 2013-04-25 08:54:44