我在表单中有6个选择项.我想在MYSQL DB中搜索那些6.如果只使用一个结果,我可以检索结果,例如:
I have 6 select items in a form. I want to search those 6 in MYSQL DB. I can retrieve results if I use only one, like:
$result = mysql_query("SELECT * FROM wsinmuebles WHERE Property_Type LIKE '%{$_POST['Property_Type']}%'");但是当我尝试更多时,我没有结果!
But when I try more, I get no results!
$result = mysql_query("SELECT * FROM wsinmuebles WHERE Property_Type LIKE '%{$_POST['Property_Type']}%' AND Estado LIKE '%{$_POST['Estado']}%' AND Ciudad LIKE '%{$_POST['Ciudad']}%' AND Urbanizacion LIKE '%{$_POST['Urbanizacion']}%' AND Operacion LIKE '%{$_POST['Operacion']}%' AND Precio_bsf LIKE '%{$_POST['Precio_bsf']}%'");这来自于POST方法的表单.
This comes from a form by the POST method.
我需要在MYSQL DB中查找Property_Type,Estado,Ciudad,Urbanizacion,Operacion和Precio_bsf变量,并仅接收与所有这些值匹配的结果.
What I need is to look for Property_Type, Estado, Ciudad, Urbanizacion, Operacion and Precio_bsf variables in MYSQL DB, and receive only the results that match all those values.
推荐答案不要在条件之间使用或使用Or,毕竟,您应该知道串联字符串和执行查询可能会导致SQL注入,这是在代替搜索的情况下字符串我结束您的查询并执行给定的操作,例如'和1 = 1;删除wsinmuebles",如果这是我的搜索查询,您将丢失所有数据.
Dont use And use Or between criteria, and after all you should know that concatenating strings and executing queries is giving possible SQL Injection, that is when instead of your search string I end your query and execute given action, for example "' and 1=1; delete wsinmuebles" if this is my serach query you will lose all your data.
$result = mysql_query("select * from tbl1 where Name='".mysql_escape_string ($_POST["value"]."'" );更多推荐
在多个列中搜索多个项目
发布评论