douzhuanqian8244 2011-05-26 10:31 采纳率: 100%
浏览 23

在php中用于在sql数据库中搜索数据并显示

I have a database with some info and some html code that generates a report of the data in the database, based on the sql query in the code. I would like users to be able to use a form to extract only certain data without having to change the sql query manually. How can I do this?

My form has 3 fields (branch code, ip address and serial number) which i would like to use as a search criteria for the information that should be displayed in the report.

When a users types in the branch code for instance, the form should adapt the sql query to display only that specific branches info.

  • 写回答

2条回答 默认 最新

  • du5591 2011-05-26 10:35
    关注

    You can programatically create a SQL query based on input from the user - but you need to be careful how you do it. Directly accepting input from the user and including it in a SQL statement is generally considered to be a bad idea, especially if you don't validate / sanitise it properly.

    One alternative is using prepared statements (assuming you're using MySQL): http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html

    There are also lots of libraries floating around that help with SQL, including verification / sanitisation.

    From what you've said, when the form is posted to the page you can check to see which part of the form has been filled in, and execute a prepared statement / build your own statement from that. Just make sure you do it in a safe way.

    评论

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c