Home > Article > Backend Development > javascript - How can I query this web page?
As shown in the picture, my web page background is implemented using php. I want to display all the project information in the database in the table below when the query button is not clicked; after clicking the query, the qualified projects are displayed. Currently, I In this display, I have not set the situation of unclicked query. What should I write? JS or php? How to write it in general
Currently I have only written this
mysql_select_db("wuliu", $con);
$result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0");
while($row = mysql_fetch_array($result))
{
echo"";
echo "";
echo " ";
echo "".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/" ";
echo "".$row['area']." ";
echo "".$row['field']." ";
echo "".$row['title']." ";
echo "".$row['submiter']." ";
echo " ";
}
mysql_close($con);As shown in the picture, my web page background is implemented using php. I want to display all the project information in the database in the table below when the query button is not clicked; after clicking the query, the qualified projects are displayed. Currently, I In this display, I have not set the situation of unclicked query. What should I write? JS or php? How to write it in general
Currently I have only written this
mysql_select_db("wuliu", $con);
$result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0");
while($row = mysql_fetch_array($result))
{
echo"";
echo "";
echo " ";
echo "".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/" ";
echo "".$row['area']." ";
echo "".$row['field']." ";
echo "".$row['title']." ";
echo "".$row['submiter']." ";
echo " ";
}
mysql_close($con);
Determine whether there is a post, and execute the query only if there is a post.
if(isset($_POST)){
//这里是你发出来了那部分
}
There is a problem with sql splicing
Separate the where statement.
$where = "";
if(isset($_POST)){
$where = "where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0"";
}
$result=mysql_query("SELECT * from content_info ".$where);It is strongly recommended to parameterize queries to prevent injection
http://php.net/manual/zh/clas...
Ideas:
1. Use paging query to display 10 pieces of information on each page
2. Submit the form using GET method and assemble the SQL statement
3. When there is no query condition, query all (pagination)
Both php and js are available.
The reason you reported an error is because you called the $_POST variable incorrectly.
$result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2] ' and pass=0");
changed to
$result=mysql_query("SELECT * from content_info where title='".$_POST['textfield322']."' and submiter='".$_POST['textfield322']."' and area='".$ _POST['select']."' and field='".$_POST['select2']."' and pass=0");
As mentioned above, it is best to do paging processing. Use limit in the mysql statement to process it.
Don’t splice sql statements like this, you can inject sql in minutes.
It is recommended to set the default value of the variable outside this splicing statement, then verify and filter the post data after receiving it, then overwrite the old default value, and then splice the query statement.
This is both safe and meets your needs.
1. The value corresponding to the key in the $_POST array should be given a default value
2. Add paging
3. Study hard and make progress every day