php mysql基于用户输入表单

I am having trouble using a checkbox to select one or multiple fields of data for PHP/AJAX to process and display. I have the PHP/AJAX working great on my <select>s but as soon as I try setting up the checkbox all hell breaks lose.

I also am very unsure on how to further prevent SQL injection on the site so if anyone could fill me in a little more about this I would GREATLY appreciate it! I read the link I was provided and just don't understand how bid_param or PDO works exactly.

The ajax script: (I can't seem to insert the ajax/js so I'll leave a link to the live site)

Link to Agent search page

My php page that displays the data:

<div id="bodyA">
    <h1>Find a Local OAHU Agent.</h1>
    <!-- This is where the data is placed. -->  
</div>
<div id="sideB">
    <div class="sideHeader">
        <em>Advanced Search</em>            
    </div>
    <form class="formC">
        <label for="last">Last Name</label><br />
        <select id="last" name="Last_Name" onChange="showUser(this.value)">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT Last_Name FROM `roster` ORDER BY Last_Name ASC;");
    echo '<option value="">' . 'Select an Agent' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        echo '<option value="'.$row['Last_Name'].'">'.$row['Last_Name'].'</option>';
    }
?>
        </select>
        <label for="company">Company</label><br />
        <select id="company" name="users" onChange="showUser(this.value)">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT Company FROM `roster` ORDER BY Company ASC;");
echo '<option value="">' . 'Select a Company' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        if ($row['Company'] == NULL) {
        } else {
            echo '<option value="'.$row['Company'].'">'.$row['Company'].'</option>';
        }
    }
?>
        </select>
        <label for="WorkCity">City</label><br />
        <select id="WorkCity" name="WorkCity" onChange="showUser(this.value)" value="city">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT WorkCity FROM `roster` ORDER BY WorkCity ASC;");
    echo '<option value="">' . 'Select a City' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        echo '<option value="'.$row['WorkCity'].'">'.$row['WorkCity'].'</option>';
    }
?>
        </select>
        <label for="WorkZipCode">Zip Code</label><br />
        <select id="WorkZipCode" name="WorkZipCode" onChange="showUser(this.value)">
<?php 
      include 'datalogin.php';

      $result = mysqli_query($con, "SELECT DISTINCT WorkZipCode FROM `roster` ORDER BY WorkZipCode + 0 ASC;");
      echo '<option value="">' . 'Select a Zip Code' .'</option>';
      while ($row = mysqli_fetch_array($result)) {
          echo '<option value="'.$row['WorkZipCode'].'">'.$row['WorkZipCode'].'</option>';
      }
?>
        </select>
        <label for="agent">Agent Expertise</label><br />
        <label for="ancillary"><input type="checkbox" value="Ancillary" name="Ancillary[]" id="ancillary" />Ancillary</label><br />
        <label for="smallgroup"><input type="checkbox" value="Smallgroup" name="Smallgroup[]" id="smallgroup" />Small Group</label><br />
        <label for="largegroup"><input type="checkbox" value="LargeGroup" name="LargeGroup[]" id="largegroup" />Large Group</label><br />
        <label for="medicare"><input type="checkbox" value="Medicare" name="Medicare[]" id="medicare" />Medicare</label><br />
        <label for="longterm"><input type="checkbox" value="LongTerm" name="LongTerm[]" id="longterm" />Long Term Care</label><br />
        <label for="individual"><input type="checkbox" value="Individual" name="Individual[]" id="individual" />Individual Plan</label><br />
        <label for="tpa"><input type="checkbox" value="TPASelfInsured" name="TPASelfInsured[]" id="tpa" />TPA Self Insured</label><br />
        <label for="ppaca"><input type="checkbox" value="CertifiedForPPACA" name="CertifiedForPPACA[]" id="ppaca" />Certified for PPACA</label><br />
    </form>
</div>

My php page that pulls the info and places it into a container on the page:

    $q = (isset($_GET['q'])) ? $_GET['q'] : false; // Returns results from user input

    include 'datalogin.php'; // PHP File to login credentials

    $sql="SELECT * FROM `roster` WHERE Company = '".$q."' OR Last_Name = '".$q."' OR WorkCity = '".$q."' OR WorkZipCode = '".$q."' ORDER BY Last_Name ASC";

    $result = mysqli_query($con,$sql) // Connects to database or die("Error: ".mysqli_error($con));

    echo "<h1>" . "Find a Local OAHU Agent." . "</h1>";

    while ($row = mysqli_fetch_array($result)) { // Gets results from the database
                echo "<div class='agentcon'>" . "<span class='agentn'>" . "<strong>".$row['First_Name'] . "&nbsp;" .$row['Last_Name'] . "</strong>" . "</span>" . "<a href=mailto:".$row['Email'] . ">" . "<span class='email'>".$row['Email'] . "</span>" . "</a>" ."<div class='floathr'></div>";
                if ($row['Company'] == NULL) {
                    echo "<p>";
                }
                else {
                    echo "<p>" . "<strong>" .$row['Company'] . "</strong>" . "<br>";
                }
                echo $row['WorkAddress1'] . "&nbsp;" .$row['WorkCity'] . "," . "&nbsp;" .$row['WorkStateProvince'] . "&nbsp;" .$row['WorkZipCode'] . "<br>";
                if ($row['Work_Phone'] !== NULL) {
                    echo "<strong>" . "Work" . "&nbsp;" . "</strong>" .$row['Work_Phone'] . "<br>";
                }
                if ($row['Fax'] !== NULL) {
                    echo "<strong>" . "Fax" . "&nbsp;" . "</strong>" .$row['Fax'] . "<br>";
                }
                echo "<strong>" . "Agent Expertise:" . "</strong>";
                if ($row['Ancillary'] == 1) {
                        echo "&nbsp;" . "Ancillary" . "/";
                }
                if ($row['SmallGroup'] == 1) {
                        echo "&nbsp;" . "Small Group" . "/";
                }
                if ($row['IndividualPlans'] == 1) {
                        echo "&nbsp;" . "Individual Plans" . "/";
                }
                if ($row['LongTermCare'] == 1) {
                        echo "&nbsp;" . "Long Term Care" . "/";
                }
                if ($row['Medicare'] == 1) {
                        echo "&nbsp;" . "Medicare" . "/";
                }
                if ($row['LargeGroup'] == 1) {
                        echo "&nbsp;" . "LargeGroup" . "/";
                }
                if ($row['TPASelfInsured'] == 1) {
                        echo "&nbsp;" . "TPA Self Insured" . "/";
                }
                if ($row['CertifiedForPPACA'] == 1) {
                        echo "&nbsp;" . "Certified For PPACA";
                }
                echo "</p>" . "</div>";
    }
    mysqli_close($con);
?>

I appreciate any and all help on this topic! Any time I add the checkbox values to my php file it ends up displaying everyone in the database for all fields in the form.

I am also trying to prevent sql injection on this but how can a user do this if I don't have a field the user can input text into?

EDIT As of today I gave a try with using jQuery to activate the checkboxes and then call some AJAX. Here is the script I wrote and it is pulling an agent, just not everyone that has that "expertise".

$('input').click(function() {
        $.ajax({
            url: "process.php",
            data: { value: 1},
            success: function (data) {
                $('#bodyA').html(data);
            }
        });
    });

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongxuying7583 2013-08-02 15:48
关注
I DID IT!! Wohoo! I ended up just making a separate php page called expertise.php to process the checkboxs using jquery/ajax.

The jQuery that achieved this: (Thank god I went onto the jQuery website to look up functions!)

$('input').click(function() { $.ajax({ url: "expertise.php", data: { value: 1}, success: function (data) { $('#bodyA').html(data); } }); });

The PHP page is the same as my process.php page except for the sql:

$sql="SELECT * FROM `roster` WHERE Ancillary = '1' AND SmallGroup = '1' AND CertifiedForPPACA = '1' ORDER BY Last_Name ASC";

If anyone would enlighten me more on making this better protected against sql injections, feel free to!

Agent Search Page

Well I at least got both parts of the search working but a new problem has arose :p

Now in the sql I can use AND or OR, with AND it pulls only agents that have everyone of those expertise and with OR it seems to pull everyone. Any ideas?
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

在表单提交后使用数据库值更新前端表 mysql php
2017-11-09 16:39

回答 1 已采纳 Change the order and put the DELETE part before the SELECT. <?php session_start(); include 'h
form表单提交到数据库储存 html mysql php
2022-07-28 15:34

回答 1 已采纳 php 存入mysql数据库https://blog.csdn.net/weixin_42464553/article/details/113165207
PHP向数据库传送的数据中文乱码 html5 mysql php sql
2019-02-13 19:06

回答 3 已采纳编码不一致， 1、php 文件中添加 header("Content-Type: text/html; charset=utf-8"); 2、mysql编码和php编码确保一致，如果php编码是g
PHP实现用户登录功能（MySQL+Session+表单）
2020-12-12 09:04

超周到的程序员的博客标签），接收用户输入（用户名、密码），在表单的action属性中，指定要处理表单数据的php文件。 2.在接收用户输入的php文件中，将用户输入的用户名、密码这两个字段同时作为一个条件在数据库的用户表中进行查找，...
如何在php中提交表单后返回同一页面。 http mysql php
2015-03-27 11:03

回答 7 已采纳 Thank You All. I Got My Answer $_SERVER['REQUEST_URI']; will give the current URL with query stri
有关PHP 图片上传问题 css html5 php
2020-05-06 10:05

回答 1 已采纳 https://blog.csdn.net/Zhang17_617/article/details/86812795
重命名输入使用while循环创建的表单中的字段ID javascript php sql
2019-01-31 12:20

回答 2 已采纳 it was late and I could not figure out the answer, but with a fresh look I found it. In the code t
PHP+MySQL制作简单的用户注册登录界面（注释超详细~附源代码）
2022-07-20 01:01

WAMIA的博客 PHP+MySQL制作简单的用户注册登录界面（附详细注释源代码）
如何将此表单拆分为两个值 javascript mysql php
2013-10-10 09:00

回答 3 已采纳 Replace div with textarea and to disable resizing use css: textarea { resize: none; } To
将html Web表单保存为草稿 mysql php
2011-02-21 05:18

回答 1 已采纳 Save the information they write into your database, but set it as not published. You can do this
我一直收到用户名和密码错误的登录表单[重复] css html javascript mysql php
2015-10-21 19:06

回答 1 已采纳 You have some missing quotes: $user = $_POST[user]; $pass = $_POST[pass]; Fixed version: $user
基于PHP+MySQL的小型购物系统网站
2022-05-19 00:33

biyezuopinvip的博客完整的购物过程为：用户注册 → 用户登录 → 将商品添加到购物车 → 提交订单 → 银行卡支付但是由于涉及到与银行接口相关的支付过程，本项目没有具体实现付款细节，仅仅是做了一个支付表单的完整性的判断。...
通过ajax在html / php中搜索表单 ajax html javascript php
2010-04-25 22:10

回答 3 已采纳 onclick="run_query();" You don't seem to block the form's default action. Add a return false; to
php mysql 表单_php表单怎么提交到数据库？（详解）
2021-01-18 23:20

Isaac Duan的博客提交数据到服务器端数据库都是用的form表单，这是最普通最简单提交数据的方法，填写完表单后，post提交到后台.php文件，处理完后返回到指定页面，最后，页面就重新刷新了一遍，显示预想的页面。下面本篇文章就来...
基于PHP的校园生活系统
2021-10-03 13:56

论坛排序算法，基于时间和点赞赞数量进行hackerNew计算论坛点赞功能设计中计划使用redis来存储点赞人的ID，从而减轻对服务器的负担 ##1月10日 TP5中不支持redis的set（高效存取）选择使用redis扩展库，TP5...
没有解决我的问题, 去提问

悬赏问题

¥50 求解vmware的网络模式问题
¥24 EFS加密后，在同一台电脑解密出错，证书界面找不到对应指纹的证书，未备份证书，求在原电脑解密的方法，可行即采纳
¥15 springboot 3.0 实现Security 6.x版本集成
¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动只能进入容器启动，如何解决？(操作系统-ubuntu)
¥30 请帮我解决一下下面六个代码
¥15 关于资源监视工具的e-care有知道的嘛
¥35 MIMO天线稀疏阵列排布问题
¥60 用visual studio编写程序，利用间接平差求解水准网
¥15 Llama如何调用shell或者Python
¥20 谁能帮我挨个解读这个php语言编的代码什么意思？

php mysql基于用户输入表单

2条回答 默认 最新

悬赏问题

2条回答默认最新