我一直在重新学习HTML和MySQL,最近又开始学习PHP。我遇到了一些麻烦(可能是由于我还在学习php)使情况能够正常工作。我在服务器上运行了MySQL实例,该服务器也是IIS7 Web服务器,安装了php。我使用HTML和PHP创建了一个表单,用于向表中添加条目,另一个表单用于显示表并对其进行过滤(如果需要)。目前对我来说看起来很凌乱,而且还说是湿的。尝试遵循DRY的原理,我想更改此[后]部分(当前在每个可能的表列上使用文本框和按钮进行过滤),以使用下拉列表选择要过滤的列,单个文本框以填充要过滤的值。这是我当前的代码(带有多个文本框和按钮):
<?php
/**
* Function to query information based on
* a parameter: in the first case, track_eps.
*
*/
if (isset($_POST['search_eps'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_eps = :track_eps";
$track_eps = $_POST['track_eps'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_eps', $track_eps, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_artist'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_artist = :track_artist";
$track_artist = $_POST['track_artist'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_artist', $track_artist, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_album'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_album = :track_album";
$track_album = $_POST['track_album'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_album', $track_album, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_year'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_year = :track_year";
$track_year = $_POST['track_year'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_year', $track_year, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['search_pick'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list
WHERE track_pick = :track_pick";
$track_pick = $_POST['track_pick'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
if (isset($_POST['view'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM track_list";
$track_pick = $_POST['track_pick'];
$statement = $connection->prepare($sql);
$statement->bindParam(':track_pick', $track_pick, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
?>
<?php require "templates/header.php"; ?>
<?php
if (isset($_POST['search_eps'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_eps']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_artist'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_artist']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_album'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_album']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_year'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_year']); ?>.</blockquote>
<?php }
}
if (isset($_POST['search_pick'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
<?php }
}
if (isset($_POST['view'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) { ?>
<tr>
<td><?php echo escape($row["track_name"]); ?></td>
<td><?php echo escape($row["track_artist"]); ?></td>
<td><?php echo escape($row["track_album"]); ?></td>
<td><?php echo escape($row["track_year"]); ?></td>
<td><?php echo escape($row["track_eps"]); ?></td>
<td><?php echo escape($row["track_pick"]); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>No results found for <?php echo escape($_POST['track_pick']); ?>.</blockquote>
<?php }
} ?>
<h2>Find track based on Episode #</h2>
<form method="post">
<input type="submit" name="view" value="View All">
<label for="track_eps">Episode #</label>
<input type="text" id="track_eps" name="track_eps">
<input type="submit" name="search_eps" value="Search Episodes">
<label for="track_artist">Artist</label>
<input type="text" id="track_artist" name="track_artist">
<input type="submit" name="search_artist" value="Search Artist">
<label for="track_album">Album</label>
<input type="text" id="track_album" name="track_album">
<input type="submit" name="search_album" value="Search Album">
<label for="track_year">Year</label>
<input type="text" id="track_year" name="track_year">
<input type="submit" name="search_year" value="Search Year">
<label for="track_pick">Picked By</label>
<input type="text" id="track_pick" name="track_pick">
<input type="submit" name="search_pick" value="Search Pick">
</form>
<a href="index.php">Back to home</a>
<?php require "templates/footer.php"; ?>
如您所见-非常冗长。我对如何获取下拉列表有基本了解-尽管似乎有不止一种方法,但我正在尝试这样做:
<form method="post">
<select name="colunm">
<option value="track_eps">Episode #</option>
<option value="track_artist">Artist</option>
<option value="track_album">Album</option>
<option value="track_year">Year</option>
<option value="track_pick">Picked by</option>
</select>
<input type="text" id="filter" name="filter">
<input type="submit" name="Search" value="Search">
</form>
[ SQL语句“ WHERE [选项值] = [文本值]”;“
有人有什么建议吗?我可能会忽略一些基本知识。在您的第一组if
语句中,唯一改变的是查询。无需重复其他所有内容。在第二组if
语句中,在数十行代码中,实际上是一个单词被更改。这很浪费。
因此,正如您所怀疑的,这可以更有效地完成。
<?php
require_once "../config.php";
require_once "../common.php";
// if it doesn't already, $options should look like this:
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
// these are safe columns to search
$columns = ["track_eps", "track_artist", "track_album", "track_year", "track_pick"];
try {
// fall back to a safe value if needed
$column = in_array($_POST["search_column"], $columns) ? $_POST["search_column"] : $columns[0];
// if it doesn't already, $dsn should include charset=utf8mb4
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT * FROM track_list WHERE $column = ?";
$statement = $connection->prepare($sql);
// no need for binding, just pass parameters to execute
$statement->execute([$_POST["search_text"]]);
$result = $statement->fetchAll();
} catch (\Exception $e) {
// don't show errors to the user, just pretend you got no results
$result = [];
// if you have a global exception handler, let it take over
throw $e;
}
?>
<?php if(count($result) === 0): ?>
<div class="alert">No results found for <?= escape($_POST["search_text"]) ?>.</div>
<?php else: ?>
<h2>Results</h2>
<table>
<thead>
<tr>
<th>Title</th>
<th>Artist</th>
<th>Album</th>
<th>Year</th>
<th>Episode</th>
<th>Picked By</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row): ?>
<tr>
<td><?= escape($row["track_name"]) ?></td>
<td><?= escape($row["track_artist"]) ?></td>
<td><?= escape($row["track_album"]) ?></td>
<td><?= escape($row["track_year"]) ?></td>
<td><?= escape($row["track_eps"]) ?></td>
<td><?= escape($row["track_pick"]) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
<form method="post">
<select name="search_column">
<option value="track_eps">Episode #</option>
<option value="track_artist">Artist</option>
<option value="track_album">Album</option>
<option value="track_year">Year</option>
<option value="track_pick">Picked by</option>
</select>
<input type="text" id="filter" name="search_text">
<button type="submit">Search</button>
</form>
<a href="index.php">Back to home</a>
<?php require "templates/footer.php"; ?>
一些注意事项:[混合HTML和PHP时,如果您没有使用适当的模板系统,则将alternative syntax用于控件结构和short echo tags显得比较整洁。
我假设您的
escape()
函数仅执行htmlspecialchars()
,所以如果您要保存键入内容,只需将其命名为e()
!这是一个有20年历史的参数,但是您不应出于演示目的而使用
<blockquote>
之类的语义元素。将其设为<div>
,给它一个类,然后设置其样式。