2015-06-15 30 views
-3

我這裏有我的代碼,和IM的股票有這樣的錯誤:過濾數據庫使用搜索按鈕

警告:請求mysql_query()預計參數1爲字符串,資源在C中給出:\ XAMPP \ htdocs中\ XAMPP \ elev8log \ \頁表\上線task.php 396

這裏是我的代碼:

<?php 
 
      
 
        $sql = mysql_query('select * from taskview where dept_id=(select deptid from users where username="'.$_SESSION['username'].'")'); 
 
         //where empname="'.$_SESSION['username'].'" and req_dateapprove IS NULL'); 
 
//where req_approveuser="'.$_SESSION['username'].'" and req_dateapprove IS NULL' 
 

 

 
      if(isset($_POST['search'])) { 
 

 
       $search_term = mysql_real_escape_string($_POST['search_box']); 
 

 
       $search_term=mysql_real_escape_string($_POST['search_box']); 
 
       $sql.="WHERE req_code LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_date LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_status LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_dateneeded LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_approveuser LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_noteuser LIKE '%{$search_term} %'"; 
 
       $sql.="OR req_datenote LIKE '%{$search_term} %'"; 
 
       $sql.="OR form_name LIKE '%{$search_term} %'"; 
 
        $sql.="OR itrf_type LIKE '%{$search_term} %'"; 
 
        $sql.="OR username LIKE '%{$search_term} %'"; 
 
        $sql.="OR itrf_details LIKE '%{$search_term} %'"; 
 
        $sql.="OR itrf_date LIKE '%{$search_term} %'"; 
 
         $sql.="OR comp_name LIKE '%{$search_term} %'"; 
 
         $sql.="OR dept_name LIKE '%{$search_term} %'"; 
 
         $sql.="OR dept_code LIKE '%{$search_term} %'"; 
 
         $sql.="OR dept_id LIKE '%{$search_term} %'"; 
 

 
      // $sql.="OR descriptionsql LIKE '%{$search_term}%'"; 
 
} 
 
//THIS IS THE LINE 396------->>>>>>$query = mysql_query($sql) or die(mysql_error()); 
 

 

 
      
 
      
 
      ?> 
 

 

 
     <!-- Main content --> 
 
     <section class="content"> 
 
      <div class="row"> 
 
      <div class="col-xs-12"> 
 
       <div class="box"> 
 
       <div class="box-header"> 
 
        <h3 class="box-title">List of Pending Task</h3> 
 
       </div><!-- /.box-header --> 
 
       
 
       <div class="box-body"> 
 
        <table id="example2" class="table table-bordered table-hover"> 
 
        
 
          <label><input type="radio" name="all" value="all" checked>&nbsp;All&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label> 
 
          <label><input type="radio" name="all" value="wait">&nbsp;Waiting for Feedback&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label><thead> 
 
          <label><input type="radio" name="all" value="closed">&nbsp;Closed</label><thead> 
 
          <form name="search_form" method="POST" action="task.php"> 
 
          Search: <input type="text" name="search_box" value="" /> 
 
          <input type="submit" name="search" value="search...."> 
 
          </form> 
 
         <tr> 
 
         
 
         <th>Date of Request</th> 
 
         <th>Requestor Name</th> 
 
         <th>Form Type</th> 
 
         <th>Request Type</th> 
 
         
 
         <th>Date Needed</th> 
 
          <th>Status</th> 
 
         <th>Action</th> 
 
          
 
         </tr> 
 
        </thead> 
 
       
 
       <?php 
 
        // if(isset($_GET['req_code'])){ 
 

 

 
        // } 
 

 

 
while($row = mysql_fetch_array($query)) 
 
{ 
 

 
?> 
 
<tr> 
 
     
 
     <td><?php echo date($row['req_date']); ?></td> 
 
     <td class="left"><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></a></td> 
 
     <td><?php echo htmlentities($row['form_name'], ENT_QUOTES, 'UTF-8'); ?></td> 
 
     <td> <?php echo ($row['itrf_type']);?></td> 
 
     
 
     <td> <?php echo ($row['req_dateneeded']);?></td> 
 
     <td> <?php echo ($row['req_status']);?></td> 
 
     
 
     <td class="left"><a href="#proceed-<?php echo $row['req_code'];?>" data-toggle="modal"><button type="submit" class="btn btn-primary" name="approved">Manage Task</button></a> 
 
     
 
     
 
    </tr>

+2

爲什麼你使用mysql_query它已被廢棄,請使用PDO或mysqli –

+3

這段代碼很醜!你可以在這裏定義$ sql作爲資源:'$ sql = mysql_query('select * from tas ....)''。你不能連接後,$ sql不是一個字符串!你必須定義一個新的變量。 –

回答

0

您的sql格式不正確。使用此

$sql = "SELECT * FROM taskview WHERE dept_id=(SELECT deptid FROM users WHERE username='".$_SESSION['username']."') "; 

if (isset($_POST['search'])) 
    $search_term = mysql_real_escape_string($_POST['search_box']); 

    $sql .= "AND (req_code LIKE '%{$search_term}%' "; 
    $sql .= "OR req_date LIKE '%{$search_term}%' "; 
    $sql .= "OR req_status LIKE '%{$search_term}%' "; 
    $sql .= "OR req_dateneeded LIKE '%{$search_term}%' "; 
    $sql .= "OR req_approveuser LIKE '%{$search_term}%' "; 
    $sql .= "OR req_noteuser LIKE '%{$search_term}%' "; 
    $sql .= "OR req_datenote LIKE '%{$search_term}%' "; 
    $sql .= "OR form_name LIKE '%{$search_term}%' "; 
    $sql .= "OR itrf_type LIKE '%{$search_term}%' "; 
    $sql .= "OR username LIKE '%{$search_term}%' "; 
    $sql .= "OR itrf_details LIKE '%{$search_term}%' "; 
    $sql .= "OR itrf_date LIKE '%{$search_term}%' "; 
    $sql .= "OR comp_name LIKE '%{$search_term}%' "; 
    $sql .= "OR dept_name LIKE '%{$search_term}%' "; 
    $sql .= "OR dept_code LIKE '%{$search_term}%' "; 
    $sql .= "OR dept_id LIKE '%{$search_term}%')"; 
} 

及後您的千元的LOL使用

$query = mysql_query($sql) OR die(); 

你使用兩種哪來的,也有在你的SQL沒有間距。嘗試我提供的確切代碼。

但請mysql不推薦嘗試使用mysqli或PDO。

+0

好吧,先生,謝謝你的建議 –

+0

答案解決了你的問題嗎? –

+0

是的,錯誤固定,但過濾我的表不工作,它顯示空的頁面,對不起,請求和感謝您的幫助 –

0

您錯過了應該進行查詢的表,其次不要使用mysql使用PDO或mysqli。

<?php 
    $sql = mysql_query('select * from taskview where dept_id=(select deptid from users where username="' . $_SESSION['username'] . '")'); 


if (isset($_POST['search'])) { 
    $search_term = mysql_real_escape_string($_POST['search_box']); 
    $sql = "select from `table` "; //add this which table 
    $sql.="WHERE req_code LIKE '%{$search_term} %'"; 
    $sql.="OR req_date LIKE '%{$search_term} %'"; 
    $sql.="OR req_status LIKE '%{$search_term} %'"; 
    $sql.="OR req_dateneeded LIKE '%{$search_term} %'"; 
    $sql.="OR req_approveuser LIKE '%{$search_term} %'"; 
    $sql.="OR req_noteuser LIKE '%{$search_term} %'"; 
    $sql.="OR req_datenote LIKE '%{$search_term} %'"; 
    $sql.="OR form_name LIKE '%{$search_term} %'"; 
    $sql.="OR itrf_type LIKE '%{$search_term} %'"; 
    $sql.="OR username LIKE '%{$search_term} %'"; 
    $sql.="OR itrf_details LIKE '%{$search_term} %'"; 
    $sql.="OR itrf_date LIKE '%{$search_term} %'"; 
    $sql.="OR comp_name LIKE '%{$search_term} %'"; 
    $sql.="OR dept_name LIKE '%{$search_term} %'"; 
    $sql.="OR dept_code LIKE '%{$search_term} %'"; 
    $sql.="OR dept_id LIKE '%{$search_term} %'"; 

    // $sql.="OR descriptionsql LIKE '%{$search_term}%'"; 
} 
+0

如何將此標記爲已解決? –

+0

@ dan-dan點擊上方向下箭頭之間的勾號。也投票,這將是偉大的。 –

相關問題