PHP搜索有多个下拉框(PHP search with multiple drop down boxes)

PHP搜索有多个下拉框(PHP search with multiple drop down boxes)

我正在制作一个带有多个下拉框的搜索框。 这是主页面：

<div id="wrapper"> <form action="search2.php" method="post"> <select name="user"> <option value="" selected="selected">All Users</option> <option value="tom">tom</option> <option value="bob">bob</option> </select> <select name="city"> <option value="" selected="selected">All cities</option> <option value="NY">NY</option> <option value="NA">LA</option> </select> <input type="submit" value="search" /> </form> </div>

这是search2.php

<?php include('includes/db_AF.php'); //includes the db credentials $connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB); $whereClauses = array(); if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($_POST['user'])."'"; if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($_POST['city'])."'"; $where = ''; if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); } $sql = mysqli_query("SELECT * FROM profile " .$where." ORDER BY user "); $result=mysqli_query($sql); or die("Error: ".mysql_error()."<br />Query: ".$sql); while ($row = mysqli_fetch_assoc($result)) { echo $row['user']; echo $row['city']; } ?>

我收到错误消息说：

mysqli_real_escape_string（）只需要2个参数，给定1个

mysqli_query（）需要至少2个参数，给定1个

我究竟做错了什么？

I am making a search box with multiple drop down boxes. Here is the main page:

<div id="wrapper"> <form action="search2.php" method="post"> <select name="user"> <option value="" selected="selected">All Users</option> <option value="tom">tom</option> <option value="bob">bob</option> </select> <select name="city"> <option value="" selected="selected">All cities</option> <option value="NY">NY</option> <option value="NA">LA</option> </select> <input type="submit" value="search" /> </form> </div>

And here is the search2.php

<?php include('includes/db_AF.php'); //includes the db credentials $connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB); $whereClauses = array(); if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($_POST['user'])."'"; if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($_POST['city'])."'"; $where = ''; if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); } $sql = mysqli_query("SELECT * FROM profile " .$where." ORDER BY user "); $result=mysqli_query($sql); or die("Error: ".mysql_error()."<br />Query: ".$sql); while ($row = mysqli_fetch_assoc($result)) { echo $row['user']; echo $row['city']; } ?>

I get error messages saying:

mysqli_real_escape_string() expects exactly 2 parameters, 1 given

mysqli_query() expects at least 2 parameters, 1 given

What am I doing wrong?

最满意答案

请尝试此代码，将mysqli_query（$ sql）更改为mysqli_query（$ connection，$ sql）并将$ connection添加到某个部分。 还删除了一些不需要的代码 请比较一下。

include('includes/db_AF.php'); //includes the db credentials $connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $whereClauses = array(); if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($connection,$_POST['user'])."'"; if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($connection,$_POST['city'])."'"; $where = ''; if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); } $sql = "SELECT * FROM profile " .$where." ORDER BY user "; $result=mysqli_query($connection,$sql) or die("Error: ".mysqli_error()."<br />Query: ".$sql); while ($row = mysqli_fetch_assoc($result)) { echo $row['user']; echo $row['city']; }

注意：请参考面向对象的样式和程序样式。

面向对象的风格

$ result = $ connection-> query（$ sql）;

程序风格

mysqli_query（$连接，$ SQL）;

http://www.php.net/manual/en/mysqli.query.php ,

跟随任何一个。

Please try this code, mysqli_query($sql) changed to mysqli_query($connection,$sql) and $connection added to some section. also removed some unwanted code. please compare it.

include('includes/db_AF.php'); //includes the db credentials $connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $whereClauses = array(); if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($connection,$_POST['user'])."'"; if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($connection,$_POST['city'])."'"; $where = ''; if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); } $sql = "SELECT * FROM profile " .$where." ORDER BY user "; $result=mysqli_query($connection,$sql) or die("Error: ".mysqli_error()."<br />Query: ".$sql); while ($row = mysqli_fetch_assoc($result)) { echo $row['user']; echo $row['city']; }

NB: Please Refer Object oriented style and Procedural style.

Object oriented style

$result = $connection->query($sql);

Procedural style

mysqli_query($connection,$sql);

http://www.php.net/manual/en/mysqli.query.php ,

follow any one.