这个问题在这里已有答案:
我正在尝试为我的学校项目数据库设置搜索功能。我需要帮助来找到使其工作的解决方案。当我点击搜索按钮时,没有任何信息被过滤和显示
我尝试了各种解决方案,包括更改我的查询,但没有以下工作。我怀疑将信息正确注入phpmyadmin并运行查询存在问题。任何帮助表示赞赏。谢谢!
<body>
<div id="login">
<form method="post" action="searchfunction.php">
<input type="hidden" name="valueToSearch" value="Filter"><br><br>
<fieldset>
<p>
<Label>Hospital:</label>
<select id="Hos" name="Hos">
<option>--</option>
<option value = "Oshei">Oshei Children's</option>
<option value = "Buff Gen">Buffalo General</option>
</select>
</p>
<p>
<Label>Hospital Floor:</label>
<select id="HosF" name="HosF">
<option>--</option>
<option value = "1">1</option>
<option value = "2">2</option>
<option value = "3">3</option>
<option value = "4">4</option>
</select>
</p>
<p>
<Label>Clinical Service:</label>
<select id="CSer" name="CSer">
<option>--</option>
<option value = "Floor">Floor</option>
<option value = "NICU">NICU</option>
<option value = "PICU">PICU</option>
<option value = "General Surgery">Surgery</option>
<option value = "Oncology">Oncology</option>
</select>
</p>
<p>
<Label>Age:<input type="text" name="Age" /></label>
</p>
<p>
<Label>Gender:</label>
<select id="Gen" name="Gen">
<option>--</option>
<option value = "M">Male</option>
<option value = "F">Female</option>
</select>
</p>
<p>
<Label>Comorbidity:</label>
<select id="CMor" name="CMor">
<option>--</option>
<option value = "Cancer">Cancer Patient</option>
<option value = "Remission">Cancer Survivor</option>
<option value = "None">None</option>
</select>
</p>
<p>
<Label>Site of Infection:</label>
<select id="SOI" name="SOI">
<option>--</option>
<option value="Wound">Wound</option>
<option value="Surgical Wound">Surgical Wound</option>
</select>
</p>
<p>
<Label>Type of Pathogen Suspected:</label>
<select id="SusPath" name="SusPath">
<option>--</option>
<option value="Acinetobacter baumannii">Acinetobacter baumannii</option>
<option value="Klebsiella oxytoca">Klebsiella oxytoca</option>
<option value="Klebsiella pneumoniae">Klebsiella pneumoniae</option>
</select>
</p>
<p>
<input type="submit" action="searchfunction.php" name="submit"/>
</p>
</fieldset>
</form>
</body>
</html>
<?php
if(isset($_POST['submit'])) {
$valueToSearch = $_POST['valueToSearch'];
$query = "SELECT * FROM `data` WHERE CONCAT(`RefID`, `Age`, `Gen`, `Hos`, 'HosF', 'HosR', 'CSer', 'TOI', 'TOS', 'SOI', 'CMor', 'SusPath', 'APres', 'Path', 'Anti', 'Susc') LIKE '%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * FROM `data`";
$search_result = filterTable($query);
}
// function to connect and execute the query
function filterTable($query)
{
$connect = mysqli_connect("localhost", "root", "Rawrrawr1", "amr_database");
$filter_Result = mysqli_query($connect, $query);
return $filter_Result;
}
?>
<table>
<tr>
<th>Hospital</th>
<th>Age</th>
<th>Gender</th>
<th>Hospital Floor</th>
<th>Clinical Service</th>
<th>Site of Infection</th>
<th>Comorbidity</th>
<th>Pathogen</th>
<th>Antibiotic</th>
<th>Susceptibility</th>
</tr>
<style>
table { /*table style*/
border-collapse: collapse;}
table, th, td {
border: 1px solid black;}
tr:hover {
background-color: #f5f5f5;}
th {
background-color: #D3D3D3;
color: black;
}
</style>
<?php while($row = mysqli_fetch_array($search_result)):?>
<tr>
<td><?php echo $row['Hos'];?></td>
<td><?php echo $row['Age'];?></td>
<td><?php echo $row['Gen'];?></td>
<td><?php echo $row['HosF'];?></td>
<td><?php echo $row['CSer'];?></td>
<td><?php echo $row['SOI'];?></td>
<td><?php echo $row['CMor'];?></td>
<td><?php echo $row['Path'];?></td>
<td><?php echo $row['Anti'];?></td>
<td><?php echo $row['Susc'];?></td>
</tr>
<?php endwhile;?>
</table>
您的搜索参数“valueToSearch”的值是“过滤器”
<input type="hidden" name="valueToSearch" value="Filter"><br><br>
除非您的记录中包含“过滤”字,否则您的查询将失败。
也像其他人说你的查询不安全,可以被黑客入侵。使用:LIKE '%".mysqli_real_escape_string($mysqli_link, $valueToSearch)."%'"
来防止sql注入。