<?php
//session_start(); // not needed for this example
function get_post($var_name) {
$out = '';
if(array_key_exists($var_name,$_POST)) {
$out = $_POST[$var_name];
}
return $out;
}
// whenever you have to do something over, break it out into a function
$faculty = get_post('fac');
$degree = get_post('degree');
$course = get_post('course');
// set up PDO connection
// this section credit to https://phpdelusions.net/pdo
$host = '127.0.0.1';
$db = 'students';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
// helpful initializations, such as default fetch is associative array
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $user, $pass, $opt);
// note that the first time the page is accessed,
// the POST variables will be saved as empty strings,
// so the query will execute fine, but won't find any results.
$query= 'SELECT name,faculty,degree,course,attend ' .
'FROM students ' .
'WHERE faculty=? AND degree=? AND course=? ' .
'ORDER BY name';
$pdo->prepare($query);
$result = $pdo->execute([$faculty, $degree, $course]); // don't miss the [] which is a shortcut for array()
// notice, try to keep PHP and HTML presentation separate,
// with PHP on top. (advanced: learn MVC)
// now that we have access to our data, present the html
// The HTML could be in another file and simply required() here.
?>
<html>
<head>
<title>Staff List</title>
</head>
<body>
<form action="" method="post">
<img src="login10.png" id="logos"/>
<h2 id="inf">Staff List </h2>
<ul>
<li>
<label for="fac">Faculty :</label>
<select id="fac" name="fac" required>
<option value="">Select course Faculty ..</option>
<option value="Business">Business</option>
<option value="Engineering">Engineering</option>
<option value="pharmaceutical">pharmaceutical</option>
<option value="Sport">Sport </option>
<option value="Science">Science </option>
</select>
</li>
<li>
<label for="degree">Degree :</label>
<select id="degree" name="degree" required>
<option value="">Select Course Degree..</option>
<option value="Associate degree">Associate degree</option>
<option value="Bachelor degree">Bachelor degree</option>
<option value="Master degree">Master degree </option>
<option value="Doctoral degree">Doctoral degree </option>
</select>
</li>
<li>
<label for="course">Required Course :</label>
<input type="text" name="course" id="course" class="text" placeholder="Enter Course Name" required>
</li>
<li>
<label for="submit"> </label>
<input type="submit" id="submit" value="Student List">
</li>
</ul>
</form>
<?php if($faculty && $degree && $course): ?>
<hr>
<h2>Results</h2>
<table>
<?php while ($row = $result->fetch()): ?>
<tr class="data"> <!-- can't use id="data" because id has to be unique -->
<td><?= $row['name'] ?></td>
<td><?= $row['faculty'] ?></td>
<td><?= $row['degree'] ?></td>
<td><?= $row['course'] ?></td>
<td class="colors"><?= $row['attend'] ?></td>
</tr>
<?php endwhile; ?>
</table>
<?php endif; ?>
</body>
</html>
2条答案
按热度按时间i2byvkas1#
试试这个:
哦,请用事先准备好的声明。这个解决方案非常不安全!!
您可以在下面阅读有关准备好的声明的更多信息:
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
r7s23pms2#
首先,免责声明:我不与mysqli或pdo合作;我使用自己的数据库抽象。所以你需要用文档来验证我的例子。
我第一次尝试写一个答案来演示mysqli中参数的使用,但是坦率地说mysqli是。。。丑陋的。非常难看而且相当笨拙。
如果您需要添加会话,可以在基本原型工作后这样做。我不是在处理会话,而是在讨论数据库访问的基础知识。请不要认为这是剪切和粘贴代码:它可能工作,也可能不工作,因为我无法测试它。这是一个建议和出发点,为您建立。