如何使用多个 HTML 文本输入进行 SQL 搜索查询 [英] how to use multiple HTML text inputs to make an SQL search query

问题描述

我有一个包含多个 html 文本输入的表单，我想使用这些输入的值来进行一个搜索查询(例如，我希望它看起来像这样 results.php?input=value1+value2+value3) 我试过了，但是我还没有设法得到一个查询来自 3 个输入字段的所有值.

I have a form that contains multiple html text inputs, and I'd like to use the values of these inputs to make one search query (for example I want it to look like this results.php?input=value1+value2+value3) I've tried, however I haven't managed to get one that queries with all the values from the 3 input fields.

$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$query = "SELECT * FROM search WHERE input='$input' AND topic ='$topic' AND location='$location' ";'

推荐答案

你可以按照你展示的方式来做，但你真的应该使用内置的 PHP 函数来通过准备好的语句来转义输入，例如使用 mysqli 的 bind_param:

You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:

$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();

至于获取您想要的 URL 的表单:

As for the form to get the URL you're wanting:

<form action="results.php" method="GET">
  <input type="text" name="input">
  <input type="text" name="topic">
  <input type="text" name="location">
</form>

操作设置为您的 results.php 脚本，方法设置为 GET 以便将表单输入放入 URL.

The action is set to your results.php script, and the method is set to GET in order to have the form inputs put in the URL.

这篇关于如何使用多个 HTML 文本输入进行 SQL 搜索查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！