-1
我有以下代碼不起作用。這是行不通的,因爲它會做一個查詢與mySQL查詢有關的麻煩。需要*而不是'*'
WHERE列=「*」,而不是WHERE列= *
我試圖想辦法來獲得它,所以它會做WHERE變量='var'如果一個變量在表單中發佈,而WHERE column = *如果沒有發佈,但我想不出一種方式,而我嘗試的所有內容都是hacky或不工作。
if(isset($_POST['variable'])){
$variable=$_POST['variable'];
}
else{$variable='*';}
$sql="SELECT * FROM table WHERE column = '$variable'";
編輯,下面是實際的代碼:
<form method='post' action='policy.php?go'>
<input type='radio' name='gen' value='M'>Male
<input type='radio' name='gen' value='F'>Female
<select name='state'>
<option value='AK'>AK</option>
<option value='WY'>WY</option>
</select>
<input type='radio' name='logic' value='>'>Older Than
<input type='radio' name='logic' value='<'>Younger Than
<select name='age'>
<option value='5'>5</option>
<option value='11'>11</option>
<option value='17'>17</option>
<option value='65'>65</option>
</select>
<input type='submit' name='submit' value='Search'>
</form>
<?php
if(isset($_GET['go']) && isset($_POST['submit'])){
if(isset($_POST['state'])){
$state="'".mysql_real_escape_string($_POST['state'])."'";
}
else{ $state='*';}
if(isset($_POST['age'])){
$age=$_POST['age'];
//append to query string
}
if(isset($_POST['logic'])){
$log=$_POST['logic'];
//append to query string
}
else{$log='';}
if(isset($_POST['gen'])){
$gen="'".mysql_real_escape_string($_POST['gen'])."'";
}
else {$gen='*';}
echo "<table id='hor-minimalist-b' summary='Employee Pay Sheet' class='tablesorter'>
<caption>Age: ".$log." ".$age." Gender: ".$gen." </caption>
<thead>
<tr>
<th scope='col'>State</th>
<th scope='col'>Number</th>
</tr>
</thead>
<tbody>";
// (WHY IS THIS NOT WORKING?)
$sql = "SELECT SUM(num) AS sum, state,gen,age FROM `policy-ssi`
WHERE age $log $age AND gen = $gen
GROUP BY state
ORDER BY sum DESC";
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
-1'「我不擔心安全「' – 2013-05-05 05:02:57