我已經創建了一個顯示包頁面與PHP和MySQL。表格頂部有10個按鈕來重新輸出輸出。我是如何使用$_GET['command']
等於'AND lock_in_period = '1yr'
。我嘗試在會話中保存$_GET['command']
,但它不起作用。現在的問題是我無法獲得最小貸款額度,以便在重新輸出輸出後對asc或desc進行排序。PHP過濾和按分鐘數排序
輸出
MySQL查詢:
if($property_type_search == 'HDB'){
$find=mysql_query("SELECT*FROM package_creation WHERE property_type IN ('HDB','HDB,Private') $newcommand ORDER BY $columnname $order");
}
分鐘貸款量排序按鈕:
<a class="link_style" href="<?php echo $_SERVER['PHP_SELF']; ?>?command=<?php echo $_GET['command']?>&columnname= min_loan_amount&<?php if($_GET['sort']== "asc"){echo "sort=desc"; $_GET['sort']="asc";}elseif($_GET['sort']=="desc"){echo "sort=asc";$_GET['sort']="desc";}elseif($_GET['sort']==""){echo "sort=asc";}?>"><img src="images/arrow_sort.png"></a>
個
重新過濾按鈕:
<?php
session_start();
if($_GET['FC']=='1'){
header("location:rates_results.php?command=AND lock_in_period = 'N.A' AND interest_rate_type IN ('Floating Rate(Sibor/Sor Rate)','Floating Rate(Sibor Rate)')");
}
if($_GET['FC']=='2'){
header("location:rates_results.php?command=AND lock_in_period = '1yr' AND interest_rate_type IN ('Floating Rate(Sibor/Sor Rate)','Floating Rate(Sibor Rate)')");
}
if($_GET['FC']=='3'){
header("location:rates_results.php?command=AND lock_in_period = '2yrs' AND interest_rate_type IN ('Floating Rate(Sibor/Sor Rate)','Floating Rate(Sibor Rate)')");
}
if($_GET['FC']=='4'){
header("location:rates_results.php?command=AND lock_in_period = '3yrs' AND interest_rate_type IN ('Floating Rate(Sibor/Sor Rate)','Floating Rate(Sibor Rate)')");
}
if($_GET['FC']=='5'){
header("location:rates_results.php?command=AND yrs_of_fixed_rate = '1yr' AND interest_rate_type = 'Fixed Rate'");
}
if($_GET['FC']=='6'){
header("location:rates_results.php?command=AND yrs_of_fixed_rate = '2yrs' AND interest_rate_type = 'Fixed Rate'");
}
if($_GET['FC']=='7'){
header("location:rates_results.php?command=AND yrs_of_fixed_rate = '3yrs' AND interest_rate_type = 'Fixed Rate'");
}
if($_GET['FC']=='8'){
header("location:rates_results.php?command=AND yrs_of_fixed_rate = '4yrs' AND interest_rate_type = 'Fixed Rate'");
}
if($_GET['FC']=='9'){
header("location:rates_results.php?command=AND yrs_of_fixed_rate = '5yrs' AND interest_rate_type = 'Fixed Rate'");
}
if($_GET['FC']=='10'){
header("location:rates_results.php?command=AND installation_mode IN ('Saving offset interest','Interest and Principle,Saving offset interest','Interest only, Saving offset interest','Interest and Principle,Interest only,Saving offset interest')");
}
?>
到MySQL查詢注:
$columnname ="";
if($_GET['columnname']){
$columnname = $_GET['columnname'];
}
if($columnname==""){
$columnname="first_year";
}
if($order==""){
$order = "desc";
}
$order=$_GET['sort'];
$newcommand = "";
if($_GET['command'] !=""){
$newcommand = $_GET['command'];
}
你是如何傳遞'$ _GET [ '排序' ]'到你的查詢?另外,要注意''_GET ['command']'對SQL注入攻擊是開放的 –
還在想辦法解決這個問題。 – Psinyee
您正在將'$ order'設置爲'$ _GET ['order']' (看不到這個var來自哪裏),然後用'$ _GET ['sort']'覆蓋它。或許更好的做'$ order =(isset($ _ GET ['sort'])&& $ _GET ['sort'])? $ _GET ['sort']:'desc';' - 雖然這可能不能真正解決您的問題,但不容易出錯。 –