-5
我有一個PHP代碼,其中包括SQL查詢,用戶從下拉列表中選擇並根據其選擇SQL查詢檢索數據。其中是sql查詢中的錯誤?
問題是,當我試圖比較選定的數據與數據庫中的現有值查詢不起作用。我試圖在查詢之前和之後顯示變量的值,它與用戶選擇相同。所以我相信這個問題是在SQL QUERY裏我比較i.siteNAME = '".$site_name."'
如何解決這個問題我一直堅持使用這段代碼5天,仍然在計數。
這是代碼的一部分:
<?php
/*
Template Name: search info
*/
get_header();
?>
<?php
// code for submit button action
global $wpdb, $site_name;
//variables that handle the retrieved data from mysql database based on the ID of the variable in HTML (select)
if(isset($_POST['query_submit']))
{
if(isset($_POST['site_name']))
{
$site_name=$_POST['site_name'];
}
else { $site_name=""; }
if(isset($_POST['owner_name']))
{
$owner_name=$_POST['owner_name'];
}
else { $owner_name=""; }
if(isset($_POST['Company_name']))
{
$company_name=$_POST['Company_name'];
}
else { $company_name=""; }
if(isset($_POST['Subcontractor_name']))
{
$Subcontractor_name=$_POST['Subcontractor_name'];
}
else { $Subcontractor_name="";}
var_dump($site_name);
$query_submit =$wpdb->get_results ("
select i.siteID
, i.siteNAME
, i.equipmentTYPE
, c.latitude
, c.longitude
, c.height
, o.ownerNAME
, o.ownerCONTACT
, x.companyNAME
, y.subcontractorCOMPANY
, y.subcontractorNAME
, y.subcontractorCONTACT
from site_info i
LEFT
JOIN owner_info o
on i.ownerID = o.ownerID
LEFT
JOIN company_info x
on i.companyID = x.companyID
LEFT
JOIN subcontractor_info y
on i.subcontractorID = y.subcontractorID
LEFT JOIN `site_coordinates` c
on i.siteID=c.siteID
where
i.siteNAME = '".$site_name."'
AND
o.ownerNAME = '".$owner_name." '
AND
x.companyNAME = '".$company_name."'
");
var_dump($_POST['site_name']);
echo "<br>";
echo "<br>";
echo $site_name;
echo $owner_name;
echo $company_name;
echo $Subcontractor_name;
foreach ($query_submit as $obj) {
echo "query is working";
echo "<table width='30%' ";
echo "<tr>";
echo "<td>".$obj->siteNAME."</td>";
echo "<td>".$obj->ownerNAME."</td>";
echo "<td>".$obj->companyNAME."</td>";
echo "<td>".$obj->subcontractorNAME."</td>";
echo "<td>".$obj->siteID."</td>";
echo "<td>".$obj->equipmentTYPE."</td>";
echo "<td>".$obj->latitude."</td>";
echo "<td>".$obj->longitude."</td>";
echo "<td>".$obj->height."</td>";
echo "<td>".$obj->ownerCONTACT."</td>";
echo "<td>".$obj->subcontractorCONTACT."</td>";
echo "<td>".$obj->subcontractorCOMPANY."</td>";
echo "</tr>";
echo "</table>";
}
?>
<table width="30%" >
<tr>
<td>Site Name</td>
<td>Owner Name</td>
<td>Company Name</td>
<td>Subcontractor Name</td>
<td>Site ID</td>
<td>Equipment Type</td>
<td> Lattitude</td>
<td>Longitude </td>
<td> Height</td>
<td> Owner Contact</td>
<td> Sub Contact</td>
<td> Sub company Name</td>
</tr>
<tr>
<?php }
?>
<!-- the below part of code work as it should --!>
<!--create dropdown list site names-->
<form method ="post" action ="" name="submit_form">
<table width="30%">
<tr>
<td>Site Name</td>
<td>Owner Name</td>
<td>Company Name</td>
<td>Subcontractor Name</td>
</tr>
<tr>
<td><select id="site_name" name = "site_name">
<?php
$query_site_name =$wpdb->get_results ("select DISTINCT siteNAME from site_info");
foreach($query_site_name as $site_name)
{
$site_name = (array)$site_name;
echo "<option value = '{".$site_name ['siteNAME']."}'>". $site_name['siteNAME']."</option>";
}
?>
<!--create dropdown list owner names-->
</select></td>
<td><select id="owner_name" name ="owner_name">
<?php
global $owner_name;
$query_owner_name =$wpdb->get_results ("select DISTINCT ownerNAME from owner_info");
foreach($query_owner_name as $owner_name)
{
$owner_name = (array)$owner_name;
echo "<option value = '{".$owner_name ['ownerNAME']."}'>". $owner_name['ownerNAME']."</option>";
}
?>
</select></td>
<!--create dropdown list Company names-->
</select></td>
<td><select id="Company_name" name ="Company_name">
<?php
global $Company_name;
$query_Company_name =$wpdb->get_results ("select DISTINCT companyNAME from company_info");
foreach($query_Company_name as $Company_name)
{
$Company_name = (array)$Company_name;
echo "<option value = '{".$Company_name ['companyNAME']."}'>". $Company_name['companyNAME']."</option>";
}
?>
</select></td>
<!--create dropdown list Subcontractor names-->
</select></td>
<td><select id="Subcontractor_name" name ="Subcontractor_name">
<?php
global $Subcontractor_name;
$query_Subcontractor_name =$wpdb->get_results ("select DISTINCT subcontractorNAME from subcontractor_info");
foreach($query_Subcontractor_name as $Subcontractor_name)
{
$Subcontractor_name = (array)$Subcontractor_name;
echo "<option value = '{".$Subcontractor_name ['subcontractorNAME']."}'>". $Subcontractor_name['subcontractorNAME']."</option>";
}
?>
</select></td>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>
<input type ="submit" name="query_submit" value ="Search" />
</td>
</tr>
</table>
</form>
<?php
get_footer();
?>
所以,我們如何知道(未知)形式是否也沒有過錯? –
在解決您的問題之前,您應該查看http://bobby-tables.com並學習一些關於SQL注入的知識。您的代碼寫入的方式實際上是不安全的,您的數據庫可能會在幾秒鐘內被黑客入侵。 – Twinfriends
您是否通過錯誤報告和查詢檢查錯誤? –