doukong9982 2013-05-08 07:49
浏览 38

如果仅选择一个过滤器,则过滤

I have to make a car website that filters cars depending on a preset mysql database. I have got it to filter if all are selected (eg: Honda, white, petrol and not on special - it will show that car) but if I just wanted to see all the Honda's (for example) nothing shows.

This is the code I have:

if(isset($_GET['make']) || isset($_GET['colour']) || isset($_GET['fueltype']) ||          isset($_GET['special'])){

if(isset($_GET['make'])){
$make = $_GET['make'];
}

if(isset($_GET['colour'])){
$colour = $_GET['colour'];
}

if(isset($_GET['fueltype'])){
$fueltype = $_GET['fueltype'];
}

if(isset($_GET['special'])){
$special = $_GET['special'];
}

$result = mysqli_query($con,"SELECT * FROM Cars WHERE MAKE ='$make' AND COLOUR = '$colour' AND FUELTYPE = '$fueltype' AND SPECIAL = '$special'");
}



else{
$result = mysqli_query($con,"SELECT * FROM Cars");
}

the else statement makes all the cars show up when you open the page before filtering.

  • 写回答

4条回答 默认 最新

  • dtsi9484 2013-05-08 08:01
    关注

    escape can mean: mysql_escape_string, check against a list of valid/allowed values, or whatever you want after good thinking.

    $where = "";
$separator = " WHERE ";

if(isset($_GET['make'])){
    $make = $_GET['make'];
    !! escape here
    $where .= $separator . " MAKE = '$make' ";
    $separator = " AND ";
}

if(isset($_GET['colour'])){
    $colour = $_GET['colour'];
    !! escape here
    $where .= $separator . " COLOUR = '$colour' ";
    $separator = " AND ";
}

... 

$result = mysqli_query($con,"SELECT * FROM Cars " . $where);
    评论

报告相同问题?

悬赏问题

  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示