构建一个mysqli查询,并按页面显示顺序 [英] Building a mysqli query with order by and per page to show
问题描述
该页面显示所有结果,现在我要过滤结果以及每页有多少结果。为此,访问者使用一个简单的html GET表单来选择过滤器。
现在我得到GET表单并尝试过滤结果
<?php
$ order_by = mysqli_real_escape_string($ database,$ _ GET ['order_by']);
$ order = if(empty($ order_by)){echo'manufacturer';} else {echo'$ order_by';
?>
好了,现在我们得到过滤器并尝试像这样得到MySQL的结果
$ set_order = mysqli_query($ database,SELECT * FROM`products` order by`$ order` ASC);}
但是我得到一行错误:
$ order = if(empty($ order_by)){echo'manufacturer';} else {echo'$ order_by';
无法找到这样做的方法...任何想法?
> $ order ='manufacturer';
接下来,如果用户提供了其他内容,请用默认值替换。
if(!empty($ _ GET ['order_by'])){
$ order = mysqli_real_escape_string($ database,$ _GET [ 'ORDER_BY']);
}
然后你可以使用它在查询中的任何内容。
$ set_order = mysqli_query($ database,SELECT * FROM`products` order by`$ order` ASC);
使用 mysqli_real_escape_string
在这里,但我会建议检查用户输入列表的可接受的列名称,以缓解SQL注入风险。
The page display all results, now I want to filter results and how many results per page. To do this the visitor use a simple html GET form to select the filter.
Now I get the GET form and try to filter the results
<?php
$order_by = mysqli_real_escape_string($database,$_GET['order_by']);
$order = if(empty($order_by)){echo 'manufacturer';}else{echo '$order_by';
?>
OK now we get the filter and try to get results from MySQL like this
$set_order=mysqli_query($database,"SELECT * FROM `products` order by `$order` ASC");}
But I get error in the line:
$order = if(empty($order_by)){echo 'manufacturer';}else{echo '$order_by';
Cannot find a way to do this ... Any idea?
First, set a default value for order by.
$order = 'manufacturer';
Next, if the user has provided something else, replace the default value with that.
if (!empty($_GET['order_by'])) {
$order = mysqli_real_escape_string($database, $_GET['order_by']);
}
Then you can use whatever it ends up being in your query.
$set_order = mysqli_query($database, "SELECT * FROM `products` order by `$order` ASC");
It is definitely good that you're using mysqli_real_escape_string
here, but I would recommend checking the user input against a list of acceptable column names to mitigate the SQL injection risk.
这篇关于构建一个mysqli查询,并按页面显示顺序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!