drgovyk64676 2013-08-01 15:16
浏览 30
已采纳

php mysql基于用户输入表单

I am having trouble using a checkbox to select one or multiple fields of data for PHP/AJAX to process and display. I have the PHP/AJAX working great on my <select>s but as soon as I try setting up the checkbox all hell breaks lose.

I also am very unsure on how to further prevent SQL injection on the site so if anyone could fill me in a little more about this I would GREATLY appreciate it! I read the link I was provided and just don't understand how bid_param or PDO works exactly.

The ajax script: (I can't seem to insert the ajax/js so I'll leave a link to the live site)

Link to Agent search page

My php page that displays the data:

<div id="bodyA">
    <h1>Find a Local OAHU Agent.</h1>
    <!-- This is where the data is placed. -->  
</div>
<div id="sideB">
    <div class="sideHeader">
        <em>Advanced Search</em>            
    </div>
    <form class="formC">
        <label for="last">Last Name</label><br />
        <select id="last" name="Last_Name" onChange="showUser(this.value)">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT Last_Name FROM `roster` ORDER BY Last_Name ASC;");
    echo '<option value="">' . 'Select an Agent' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        echo '<option value="'.$row['Last_Name'].'">'.$row['Last_Name'].'</option>';
    }
?>
        </select>
        <label for="company">Company</label><br />
        <select id="company" name="users" onChange="showUser(this.value)">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT Company FROM `roster` ORDER BY Company ASC;");
echo '<option value="">' . 'Select a Company' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        if ($row['Company'] == NULL) {
        } else {
            echo '<option value="'.$row['Company'].'">'.$row['Company'].'</option>';
        }
    }
?>
        </select>
        <label for="WorkCity">City</label><br />
        <select id="WorkCity" name="WorkCity" onChange="showUser(this.value)" value="city">
<?php 
    include 'datalogin.php';

    $result = mysqli_query($con, "SELECT DISTINCT WorkCity FROM `roster` ORDER BY WorkCity ASC;");
    echo '<option value="">' . 'Select a City' .'</option>';
    while ($row = mysqli_fetch_array($result)) {
        echo '<option value="'.$row['WorkCity'].'">'.$row['WorkCity'].'</option>';
    }
?>
        </select>
        <label for="WorkZipCode">Zip Code</label><br />
        <select id="WorkZipCode" name="WorkZipCode" onChange="showUser(this.value)">
<?php 
      include 'datalogin.php';

      $result = mysqli_query($con, "SELECT DISTINCT WorkZipCode FROM `roster` ORDER BY WorkZipCode + 0 ASC;");
      echo '<option value="">' . 'Select a Zip Code' .'</option>';
      while ($row = mysqli_fetch_array($result)) {
          echo '<option value="'.$row['WorkZipCode'].'">'.$row['WorkZipCode'].'</option>';
      }
?>
        </select>
        <label for="agent">Agent Expertise</label><br />
        <label for="ancillary"><input type="checkbox" value="Ancillary" name="Ancillary[]" id="ancillary" />Ancillary</label><br />
        <label for="smallgroup"><input type="checkbox" value="Smallgroup" name="Smallgroup[]" id="smallgroup" />Small Group</label><br />
        <label for="largegroup"><input type="checkbox" value="LargeGroup" name="LargeGroup[]" id="largegroup" />Large Group</label><br />
        <label for="medicare"><input type="checkbox" value="Medicare" name="Medicare[]" id="medicare" />Medicare</label><br />
        <label for="longterm"><input type="checkbox" value="LongTerm" name="LongTerm[]" id="longterm" />Long Term Care</label><br />
        <label for="individual"><input type="checkbox" value="Individual" name="Individual[]" id="individual" />Individual Plan</label><br />
        <label for="tpa"><input type="checkbox" value="TPASelfInsured" name="TPASelfInsured[]" id="tpa" />TPA Self Insured</label><br />
        <label for="ppaca"><input type="checkbox" value="CertifiedForPPACA" name="CertifiedForPPACA[]" id="ppaca" />Certified for PPACA</label><br />
    </form>
</div>

My php page that pulls the info and places it into a container on the page:

    $q = (isset($_GET['q'])) ? $_GET['q'] : false; // Returns results from user input

    include 'datalogin.php'; // PHP File to login credentials

    $sql="SELECT * FROM `roster` WHERE Company = '".$q."' OR Last_Name = '".$q."' OR WorkCity = '".$q."' OR WorkZipCode = '".$q."' ORDER BY Last_Name ASC";

    $result = mysqli_query($con,$sql) // Connects to database or die("Error: ".mysqli_error($con));

    echo "<h1>" . "Find a Local OAHU Agent." . "</h1>";

    while ($row = mysqli_fetch_array($result)) { // Gets results from the database
                echo "<div class='agentcon'>" . "<span class='agentn'>" . "<strong>".$row['First_Name'] . "&nbsp;" .$row['Last_Name'] . "</strong>" . "</span>" . "<a href=mailto:".$row['Email'] . ">" . "<span class='email'>".$row['Email'] . "</span>" . "</a>" ."<div class='floathr'></div>";
                if ($row['Company'] == NULL) {
                    echo "<p>";
                }
                else {
                    echo "<p>" . "<strong>" .$row['Company'] . "</strong>" . "<br>";
                }
                echo $row['WorkAddress1'] . "&nbsp;" .$row['WorkCity'] . "," . "&nbsp;" .$row['WorkStateProvince'] . "&nbsp;" .$row['WorkZipCode'] . "<br>";
                if ($row['Work_Phone'] !== NULL) {
                    echo "<strong>" . "Work" . "&nbsp;" . "</strong>" .$row['Work_Phone'] . "<br>";
                }
                if ($row['Fax'] !== NULL) {
                    echo "<strong>" . "Fax" . "&nbsp;" . "</strong>" .$row['Fax'] . "<br>";
                }
                echo "<strong>" . "Agent Expertise:" . "</strong>";
                if ($row['Ancillary'] == 1) {
                        echo "&nbsp;" . "Ancillary" . "/";
                }
                if ($row['SmallGroup'] == 1) {
                        echo "&nbsp;" . "Small Group" . "/";
                }
                if ($row['IndividualPlans'] == 1) {
                        echo "&nbsp;" . "Individual Plans" . "/";
                }
                if ($row['LongTermCare'] == 1) {
                        echo "&nbsp;" . "Long Term Care" . "/";
                }
                if ($row['Medicare'] == 1) {
                        echo "&nbsp;" . "Medicare" . "/";
                }
                if ($row['LargeGroup'] == 1) {
                        echo "&nbsp;" . "LargeGroup" . "/";
                }
                if ($row['TPASelfInsured'] == 1) {
                        echo "&nbsp;" . "TPA Self Insured" . "/";
                }
                if ($row['CertifiedForPPACA'] == 1) {
                        echo "&nbsp;" . "Certified For PPACA";
                }
                echo "</p>" . "</div>";
    }
    mysqli_close($con);
?>

I appreciate any and all help on this topic! Any time I add the checkbox values to my php file it ends up displaying everyone in the database for all fields in the form.

I am also trying to prevent sql injection on this but how can a user do this if I don't have a field the user can input text into?

EDIT As of today I gave a try with using jQuery to activate the checkboxes and then call some AJAX. Here is the script I wrote and it is pulling an agent, just not everyone that has that "expertise".

$('input').click(function() {
        $.ajax({
            url: "process.php",
            data: { value: 1},
            success: function (data) {
                $('#bodyA').html(data);
            }
        });
    });
  • 写回答

2条回答 默认 最新

  • dongxuying7583 2013-08-02 15:48
    关注

    I DID IT!! Wohoo! I ended up just making a separate php page called expertise.php to process the checkboxs using jquery/ajax.

    The jQuery that achieved this: (Thank god I went onto the jQuery website to look up functions!)

    $('input').click(function() {
            $.ajax({
                url: "expertise.php",
                data: { value: 1},
                success: function (data) {
                    $('#bodyA').html(data);
                }
            });
        });
    

    The PHP page is the same as my process.php page except for the sql:

    $sql="SELECT * FROM `roster` WHERE Ancillary = '1' AND SmallGroup = '1' AND CertifiedForPPACA = '1' ORDER BY Last_Name ASC";
    

    If anyone would enlighten me more on making this better protected against sql injections, feel free to!

    Agent Search Page

    Well I at least got both parts of the search working but a new problem has arose :p

    Now in the sql I can use AND or OR, with AND it pulls only agents that have everyone of those expertise and with OR it seems to pull everyone. Any ideas?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥50 swiftui @query 报错
  • ¥50 怎么解决刷卡或扫码后,点击软件输入框,win10屏幕键盘不会自动弹出的问题
  • ¥15 如何使用arcgispro的训练深度模型,发现water和nowater精度为0?(相关搜索:深度学习)
  • ¥20 matlab作业不太懂呀有问题能给个代码吗
  • ¥15 自制电路图为何无法驱动ESP01S?
  • ¥15 前端加access数据库
  • ¥15 ARCGIS 多值提取到点 ERROR 999999
  • ¥15 mysql异常断电, [MY-011971] [InnoDB]
  • ¥15 uni.onBluetoothDeviceFound熄屏不运行
  • ¥15 求PHDA糖尿病并发症数据集,有偿