如何使用phpmyadmin和mysql从web下拉菜单中修复搜索功能? [重复]

问题描述 投票:-2回答:1

这个问题在这里已有答案:

我正在尝试为我的学校项目数据库设置搜索功能。我需要帮助来找到使其工作的解决方案。当我点击搜索按钮时,没有任何信息被过滤和显示

我尝试了各种解决方案,包括更改我的查询,但没有以下工作。我怀疑将信息正确注入phpmyadmin并运行查询存在问题。任何帮助表示赞赏。谢谢!

<body>
  <div id="login">
  <form method="post" action="searchfunction.php">
<input type="hidden" name="valueToSearch" value="Filter"><br><br>
    <fieldset>
    <p>
        <Label>Hospital:</label>
            <select id="Hos" name="Hos">
        <option>--</option>
                <option value = "Oshei">Oshei Children's</option>
        <option value = "Buff Gen">Buffalo General</option>
      </select>
        </p>
    <p>
        <Label>Hospital Floor:</label>
                <select id="HosF" name="HosF">
          <option>--</option>
                    <option value = "1">1</option>
            <option value = "2">2</option>
            <option value = "3">3</option>
            <option value = "4">4</option>
          </select>
        </p>
    <p>
        <Label>Clinical Service:</label>
            <select id="CSer" name="CSer">
        <option>--</option>
                <option value = "Floor">Floor</option>
        <option value = "NICU">NICU</option>
                <option value = "PICU">PICU</option>
        <option value = "General Surgery">Surgery</option>
                <option value = "Oncology">Oncology</option>
      </select>
        </p>
    <p>
        <Label>Age:<input type="text" name="Age" /></label>
        </p>
    <p>
        <Label>Gender:</label>
            <select id="Gen" name="Gen">
        <option>--</option>
                <option value = "M">Male</option>
        <option value = "F">Female</option>
            </select>
        </p>
    <p>
        <Label>Comorbidity:</label>
            <select id="CMor" name="CMor">
        <option>--</option>
                <option value = "Cancer">Cancer Patient</option>
          <option value = "Remission">Cancer Survivor</option>
                <option value = "None">None</option>
            </select>
        </p>
    <p>
        <Label>Site of Infection:</label>
            <select id="SOI" name="SOI">
        <option>--</option>
                <option value="Wound">Wound</option>
        <option value="Surgical Wound">Surgical Wound</option>
            </select>
        </p>
    <p>
        <Label>Type of Pathogen Suspected:</label>
            <select id="SusPath" name="SusPath">
        <option>--</option>
                <option value="Acinetobacter baumannii">Acinetobacter baumannii</option>

                <option value="Klebsiella oxytoca">Klebsiella oxytoca</option>
                <option value="Klebsiella pneumoniae">Klebsiella pneumoniae</option>
            </select>
        </p>
        <p>
      <input type="submit" action="searchfunction.php" name="submit"/>
    </p>
    </fieldset>
  </form>



  </body>

  </html>



<?php

if(isset($_POST['submit'])) {

    $valueToSearch = $_POST['valueToSearch'];

    $query = "SELECT * FROM `data` WHERE CONCAT(`RefID`, `Age`, `Gen`, `Hos`, 'HosF', 'HosR', 'CSer', 'TOI', 'TOS', 'SOI', 'CMor', 'SusPath', 'APres', 'Path', 'Anti', 'Susc') LIKE '%".$valueToSearch."%'";
    $search_result = filterTable($query);

}
 else {
    $query = "SELECT * FROM `data`";
    $search_result = filterTable($query);
}

// function to connect and execute the query
function filterTable($query)
{
    $connect = mysqli_connect("localhost", "root", "Rawrrawr1", "amr_database");
    $filter_Result = mysqli_query($connect, $query);
    return $filter_Result;
}

?>
<table>
<tr>
    <th>Hospital</th>
    <th>Age</th>
    <th>Gender</th>
    <th>Hospital Floor</th>
    <th>Clinical Service</th>
    <th>Site of Infection</th>
    <th>Comorbidity</th>
    <th>Pathogen</th>
    <th>Antibiotic</th>
    <th>Susceptibility</th>

</tr>

<style>
table {            /*table style*/
       border-collapse: collapse;}
table, th, td {
       border: 1px solid black;}
tr:hover {
       background-color: #f5f5f5;}
th {
       background-color: #D3D3D3;
       color: black;
}

</style>

<?php while($row = mysqli_fetch_array($search_result)):?>
         <tr>
          <td><?php echo $row['Hos'];?></td>
          <td><?php echo $row['Age'];?></td>
          <td><?php echo $row['Gen'];?></td>
          <td><?php echo $row['HosF'];?></td>
          <td><?php echo $row['CSer'];?></td>
          <td><?php echo $row['SOI'];?></td>
          <td><?php echo $row['CMor'];?></td>
          <td><?php echo $row['Path'];?></td>
          <td><?php echo $row['Anti'];?></td>
          <td><?php echo $row['Susc'];?></td>
         </tr>
<?php endwhile;?>

</table>
php html mysql mysqli phpmyadmin
1个回答
0
投票

您的搜索参数“valueToSearch”的值是“过滤器”

<input type="hidden" name="valueToSearch" value="Filter"><br><br>

除非您的记录中包含“过滤”字,否则您的查询将失败。

也像其他人说你的查询不安全,可以被黑客入侵。使用:LIKE '%".mysqli_real_escape_string($mysqli_link, $valueToSearch)."%'"来防止sql注入。

© www.soinside.com 2019 - 2024. All rights reserved.