Home  >  Article  >  Backend Development  >  javascript - How can I query this web page?

javascript - How can I query this web page?

WBOY
WBOYOriginal
2016-12-01 00:25:291168browse

javascript - How can I query this web page?

As shown in the picture, my web page background is implemented using php. I want to display all the project information in the database in the table below when the query button is not clicked; after clicking the query, the qualified projects are displayed. Currently, I In this display, I have not set the situation of unclicked query. What should I write? JS or php? How to write it in general
Currently I have only written this

<code> mysql_select_db("wuliu", $con);
                      

                          $result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0");
                           
                             

                          while($row = mysql_fetch_array($result))
                            {
                           
         

                            echo"<tr class='midTable1td2'>";
                            echo "<td><input type='radio' name='radiobutton' value='radiobutton'>";
                            echo "</td>";
                            echo "<td>".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/"</td>";
                            echo "<td>".$row['area']."</td>";
                            echo "<td>".$row['field']."</td>";
                            echo "<td>".$row['title']."</td>";
                            echo "<td>".$row['submiter']."</td>";
                            echo "</tr>";
                          }

                  mysql_close($con);</code>

Reply content:

javascript - How can I query this web page?

As shown in the picture, my web page background is implemented using php. I want to display all the project information in the database in the table below when the query button is not clicked; after clicking the query, the qualified projects are displayed. Currently, I In this display, I have not set the situation of unclicked query. What should I write? JS or php? How to write it in general
Currently I have only written this

<code> mysql_select_db("wuliu", $con);
                      

                          $result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0");
                           
                             

                          while($row = mysql_fetch_array($result))
                            {
                           
         

                            echo"<tr class='midTable1td2'>";
                            echo "<td><input type='radio' name='radiobutton' value='radiobutton'>";
                            echo "</td>";
                            echo "<td>".$row['UpdateDate'].$row['UpdateTime']./*2004-10-14 10:08:01*/"</td>";
                            echo "<td>".$row['area']."</td>";
                            echo "<td>".$row['field']."</td>";
                            echo "<td>".$row['title']."</td>";
                            echo "<td>".$row['submiter']."</td>";
                            echo "</tr>";
                          }

                  mysql_close($con);</code>

Determine whether there is a post, and execute the query only if there is a post.

<code>if(isset($_POST)){

//这里是你发出来了那部分

}</code>

There is a problem with sql splicing

Separate the where statement.

<code>$where = "";
if(isset($_POST)){
    $where = "where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2]' and pass=0"";
}
$result=mysql_query("SELECT * from content_info ".$where);</code>

It is strongly recommended to parameterize queries to prevent injection
http://php.net/manual/zh/clas...

Ideas:
1. Use paging query to display 10 pieces of information on each page
2. Submit the form using GET method and assemble the SQL statement
3. When there is no query condition, query all (pagination)

Both php and js are available.

The reason you reported an error is because you called the $_POST variable incorrectly.

$result=mysql_query("SELECT * from content_info where title='$_POST[textfield22]' and submiter='$_POST[textfield322]' and area='$_POST[select]' and field='$_POST[select2] ' and pass=0");

changed to

$result=mysql_query("SELECT * from content_info where title='".$_POST['textfield322']."' and submiter='".$_POST['textfield322']."' and area='".$ _POST['select']."' and field='".$_POST['select2']."' and pass=0");

As mentioned above, it is best to do paging processing. Use limit in the mysql statement to process it.

Don’t splice sql statements like this, you can inject sql in minutes.

It is recommended to set the default value of the variable outside this splicing statement, then verify and filter the post data after receiving it, then overwrite the old default value, and then splice the query statement.

This is both safe and meets your needs.

1. The value corresponding to the key in the $_POST array should be given a default value
2. Add paging
3. Study hard and make progress every day

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn