[在PHP中使用下拉列表过滤MySQL表

问题描述 投票:0回答:1

我一直在重新学习HTML和MySQL,最近又开始学习PHP。我遇到了一些麻烦(可能是由于我还在学习php)使情况能够正常工作。我在服务器上运行了MySQL实例,该服务器也是IIS7 Web服务器,安装了php。我使用HTML和PHP创建了一个表单,用于向表中添加条目,另一个表单用于显示表并对其进行过滤(如果需要)。目前对我来说看起来很凌乱,而且还说是湿的。尝试遵循DRY的原理,我想更改此[后]部分(当前在每个可能的表列上使用文本框和按钮进行过滤),以使用下拉列表选择要过滤的列,单个文本框以填充要过滤的值。这是我当前的代码(带有多个文本框和按钮):

<?php

/**
 * Function to query information based on 
 * a parameter: in the first case, track_eps.
 *
 */

if (isset($_POST['search_eps'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list
    WHERE track_eps = :track_eps";

        $track_eps = $_POST['track_eps'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_eps', $track_eps, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
if (isset($_POST['search_artist'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list
    WHERE track_artist = :track_artist";

        $track_artist = $_POST['track_artist'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_artist', $track_artist, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
if (isset($_POST['search_album'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list
    WHERE track_album = :track_album";

        $track_album = $_POST['track_album'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_album', $track_album, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
if (isset($_POST['search_year'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list
    WHERE track_year = :track_year";

        $track_year = $_POST['track_year'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_year', $track_year, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
if (isset($_POST['search_pick'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list
    WHERE track_pick = :track_pick";

        $track_pick = $_POST['track_pick'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
if (isset($_POST['view'])) {
    try  {

        require "../config.php";
        require "../common.php";

        $connection = new PDO($dsn, $username, $password, $options);

        $sql = "SELECT * 
        FROM track_list";

        $track_pick = $_POST['track_pick'];

        $statement = $connection->prepare($sql);
        $statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
        $statement->execute();

        $result = $statement->fetchAll();
    } catch(PDOException $error) {
        echo $sql . "<br>" . $error->getMessage();
    }
}
?>
<?php require "templates/header.php"; ?>

<?php  
if (isset($_POST['search_eps'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_eps']); ?>.</blockquote>
    <?php } 
}
if (isset($_POST['search_artist'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_artist']); ?>.</blockquote>
    <?php } 
}
if (isset($_POST['search_album'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_album']); ?>.</blockquote>
    <?php } 
}
if (isset($_POST['search_year'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_year']); ?>.</blockquote>
    <?php } 
}
if (isset($_POST['search_pick'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
    <?php } 
}
if (isset($_POST['view'])) {
    if ($result && $statement->rowCount() > 0) { ?>
        <h2>Results</h2>

        <table>
            <thead>
                <tr>
            <th>Title</th>
            <th>Artist</th>
            <th>Album</th>
            <th>Year</th>
            <th>Episode</th>
            <th>Picked By</th>
        </tr>
            </thead>
            <tbody>
        <?php foreach ($result as $row) { ?>
            <tr>
                <td><?php echo escape($row["track_name"]); ?></td>
                <td><?php echo escape($row["track_artist"]); ?></td>
                <td><?php echo escape($row["track_album"]); ?></td>
                <td><?php echo escape($row["track_year"]); ?></td>
                <td><?php echo escape($row["track_eps"]); ?></td>
                <td><?php echo escape($row["track_pick"]); ?></td>
            </tr>
        <?php } ?>
        </tbody>
    </table>
    <?php } else { ?>
        <blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
    <?php } 
} ?> 

<h2>Find track based on Episode #</h2>

<form method="post">
    <input type="submit" name="view" value="View All">
    <label for="track_eps">Episode #</label>
    <input type="text" id="track_eps" name="track_eps">
    <input type="submit" name="search_eps" value="Search Episodes">
    <label for="track_artist">Artist</label>
    <input type="text" id="track_artist" name="track_artist">
    <input type="submit" name="search_artist" value="Search Artist">
    <label for="track_album">Album</label>
    <input type="text" id="track_album" name="track_album">
    <input type="submit" name="search_album" value="Search Album">
    <label for="track_year">Year</label>
    <input type="text" id="track_year" name="track_year">
    <input type="submit" name="search_year" value="Search Year">
    <label for="track_pick">Picked By</label>
    <input type="text" id="track_pick" name="track_pick">
    <input type="submit" name="search_pick" value="Search Pick">
</form>

<a href="index.php">Back to home</a>

<?php require "templates/footer.php"; ?>

如您所见-非常冗长。我对如何获取下拉列表有基本了解-尽管似乎有不止一种方法,但我正在尝试这样做:

<form method="post">
    <select name="colunm">
        <option value="track_eps">Episode #</option>
        <option value="track_artist">Artist</option>
        <option value="track_album">Album</option>
        <option value="track_year">Year</option>
        <option value="track_pick">Picked by</option>
    </select>
    <input type="text" id="filter" name="filter">
    <input type="submit" name="Search" value="Search">
</form>
[ SQL语句“

WHERE [选项值] = [文本值]”;“

有人有什么建议吗?我可能会忽略一些基本知识。
php html mysql
1个回答
0
投票
唯一的一次重复这样的事情是今晚当你照镜子,一遍又一遍地告诉自己“ don't repeat yourself”!

在您的第一组if语句中,唯一改变的是查询。无需重复其他所有内容。在第二组if语句中,在数十行代码中,实际上是一个单词被更改。这很浪费。

因此,正如您所怀疑的,这可以更有效地完成。

<?php require_once "../config.php"; require_once "../common.php"; // if it doesn't already, $options should look like this: $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; // these are safe columns to search $columns = ["track_eps", "track_artist", "track_album", "track_year", "track_pick"]; try { // fall back to a safe value if needed $column = in_array($_POST["search_column"], $columns) ? $_POST["search_column"] : $columns[0]; // if it doesn't already, $dsn should include charset=utf8mb4 $connection = new PDO($dsn, $username, $password, $options); $sql = "SELECT * FROM track_list WHERE $column = ?"; $statement = $connection->prepare($sql); // no need for binding, just pass parameters to execute $statement->execute([$_POST["search_text"]]); $result = $statement->fetchAll(); } catch (\Exception $e) { // don't show errors to the user, just pretend you got no results $result = []; // if you have a global exception handler, let it take over throw $e; } ?> <?php if(count($result) === 0): ?> <div class="alert">No results found for <?= escape($_POST["search_text"]) ?>.</div> <?php else: ?> <h2>Results</h2> <table> <thead> <tr> <th>Title</th> <th>Artist</th> <th>Album</th> <th>Year</th> <th>Episode</th> <th>Picked By</th> </tr> </thead> <tbody> <?php foreach ($result as $row): ?> <tr> <td><?= escape($row["track_name"]) ?></td> <td><?= escape($row["track_artist"]) ?></td> <td><?= escape($row["track_album"]) ?></td> <td><?= escape($row["track_year"]) ?></td> <td><?= escape($row["track_eps"]) ?></td> <td><?= escape($row["track_pick"]) ?></td> </tr> <?php endforeach; ?> </tbody> </table> <?php endif; ?> <form method="post"> <select name="search_column"> <option value="track_eps">Episode #</option> <option value="track_artist">Artist</option> <option value="track_album">Album</option> <option value="track_year">Year</option> <option value="track_pick">Picked by</option> </select> <input type="text" id="filter" name="search_text"> <button type="submit">Search</button> </form> <a href="index.php">Back to home</a> <?php require "templates/footer.php"; ?>

一些注意事项:

[混合HTML和PHP时,如果您没有使用适当的模板系统,则将alternative syntax用于控件结构和short echo tags显得比较整洁。

我假设您的escape()函数仅执行htmlspecialchars(),所以如果您要保存键入内容,只需将其命名为e()

这是一个有20年历史的参数,但是您不应出于演示目的而使用<blockquote>之类的语义元素。将其设为<div>,给它一个类,然后设置其样式。

© www.soinside.com 2019 - 2024. All rights reserved.