我试图让我的搜索在我的数据库中查找$ searchtext,其中$ selecteditem表示它正在搜索的columb.我在代码的最后部分得到了语法错误
我的表格 -
<form name="search" id="search" method="POST" action="">
<input type="text" name="searchterm" id="searchterm">
<select name="selectitem">
<option value="propertydescription">Property/Description</option>
<option value="transactiontype">Transaction type</option>
<option value="applicabledocument">Applicable document</option>
<option value="recieved">recieved</option>
<option value="paid">paid</option>
</select>
</div></td>
<td> </td>
<td><input type="submit" name="search" value="search"></td>
我的php为此 -
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND WHERE '$columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND $columbname = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
WHERE$columbname变量获取的列名称周围的引号.更改
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND WHERE '$columbname' = '$searchterm'";
至
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' AND $columbname = '$searchterm'";
旁注:您的代码容易受到sql注入攻击.切换到mysqli或PDO并使用预准备语句.
我已经替换了你的PHP代码,现在它运行良好
if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else