2017-07-04 30 views
2

名前と性別の異なる2つのフィールドを使用して検索することはできません。高度な検索入力プログラムを追加する場所のファイルやコードを助けるために 置き、あなたはよりよく理解詳細検索データを追加

getdata.php

<?php 
 

 
if(isset($_GET['page'])){ 
 
    //Include pagination class file 
 
    include('Pagination.php'); 
 
    
 
    //Include database configuration file 
 
    include('dbConfig.php'); 
 
    
 
    $start = !empty($_GET['page'])?$_GET['page']:0; 
 
    $limit = 25; 
 
    //set conditions for search 
 
    $whereSQL = $orderSQL = ''; 
 
    $keywords = $_GET['keywords']; 
 
    $keyname = $_GET['keyname']; 
 
    $sortBy = $_GET['sortBy']; 
 

 
    if(!empty($keyname)){ 
 
     $whereSQL = "WHERE name LIKE '%".$keyname."%'"; 
 
    } 
 
    if(!empty($keywords)){ 
 
     $whereSQ = "WHERE member_group_id LIKE '".$keywords."'"; 
 
    } 
 

 
    if(!empty($sortBy)){ 
 
     $orderSQL = " ORDER BY name ".$sortBy; 
 
    }else{ 
 
     $orderSQL = " ORDER BY name DESC "; 
 
    } 
 

 
    //get number of rows 
 
    $queryNum = $db->query("SELECT COUNT(*) as name FROM ILFREE_core_members ".$whereSQL.$whereSQ.$orderSQL); 
 
    $resultNum = $queryNum->fetch_assoc(); 
 
    $rowCount = $resultNum['name']; 
 

 
    //initialize pagination class 
 
    $pagConfig = array(
 
     'currentPage' => $start, 
 
     'totalRows' => $rowCount, 
 
     'perPage' => $limit, 
 
     'link_func' => 'searchFilter' 
 
    ); 
 
    $pagination = new Pagination($pagConfig); 
 
    
 
    //get rows 
 
    $query = $db->query("SELECT * FROM ILFREE_core_members $whereSQL $whereSQ $orderSQL LIMIT $start,$limit"); 
 

 
    if($query->num_rows > 0){ ?> 
 
     <div class="GETs_list"> 
 
     <?php 
 
while($row = $query->fetch_assoc()){ 
 
$GroupID = $row["member_group_id"]; 
 
$IDgroup = array('29','77','62','83','46','43','73','58','68','2','78','63','82','45','42','71','52','67','27','76','60','81','44','41','70','56','65'); 
 
$GETID = $row['member_id']; 
 
$Name = $row["name"]; 
 
$photo = $row["pp_main_photo"]; 
 
$bannato = '7'; 
 

 

 
?> 
 
<div class="list_item"> 
 
<?php 
 
// name 
 

 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '" ><h2>' . $Name . '</h2></a>'; 
 

 
// foto 
 
if(empty($photo)) { if(in_array($GroupID, $IDgroup)) { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/search_femmina.png"/></a>'; } 
 
elseif ($bannato == $GroupID) { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/ban.png"/></a>'; } 
 
else { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/search_maschio.png"/></a>'; } } 
 
else{ 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/profile_photos/' . $photo . '"/></a>'; 
 
} 
 

 

 

 

 

 

 

 

 
?> 
 

 

 

 

 

 

 
    
 
      
 

 

 
      
 

 
      
 
      </div> 
 
     <?php } ?> 
 
     </div> 
 
     <?php echo $pagination->createLinks(); ?> 
 
<?php } } ?>

のindex.php

<!DOCTYPE HTML> 
 
<html lang="en"> 
 
<head> 
 

 

 
</head> 
 
<body> 
 

 

 

 

 
<div class="GET-search-panel"> 
 
    <input type="text" id="keyname" placeholder="name" onkeyup="searchFilter()"/> 
 

 
    <input type="text" id="keywords" placeholder="Type keywords to filter GETs" onkeyup="searchFilter()"/> 
 
    <select id="sortBy" onchange="searchFilter()"> 
 
     <option value="">Sort By</option> 
 
     <option value="asc">Ascending</option> 
 
     <option value="desc">Descending</option> 
 
    </select> 
 
</div> 
 
<div class="GET-wrapper"> 
 
    <div id="GETs_content"> 
 
    <?php 
 
    //Include pagination class file 
 
    include('Pagination.php'); 
 
    
 
    //Include database configuration file 
 
    include('dbConfig.php'); 
 
    
 
    $limit = 25; 
 

 
    //get number of rows 
 
    $queryNum = $db->query("SELECT COUNT(*) as ilfreexxx FROM ILFREE_core_members"); 
 
    $resultNum = $queryNum->fetch_assoc(); 
 
    $rowCount = $resultNum['ilfreexxx']; 
 
    
 
    //initialize pagination class 
 
    $pagConfig = array(
 
     'totalRows' => $rowCount, 
 
     'perPage' => $limit, 
 
     'link_func' => 'searchFilter' 
 
    ); 
 
    $pagination = new Pagination($pagConfig); 
 
    
 
    //get rows 
 
    $query = $db->query("SELECT * FROM ILFREE_core_members ORDER BY member_id DESC LIMIT $limit"); 
 
    
 
    if($query->num_rows > 0){ ?> 
 
     <div class="GETs_list"> 
 

 
      
 
<?php   
 

 
while($row = $query->fetch_assoc()){ 
 
$GroupID = $row["member_group_id"]; 
 
$IDgroup = array('29','77','62','83','46','43','73','58','68','2','78','63','82','45','42','71','52','67','27','76','60','81','44','41','70','56','65'); 
 
$GETID = $row['member_id']; 
 
$Name = $row["name"]; 
 
$photo = $row["pp_main_photo"]; 
 
$bannato = '7'; 
 

 

 
?> 
 
<div class="list_item"> 
 
<?php 
 
// name 
 

 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '" ><h2>' . $Name . '</h2></a>'; 
 

 
// foto 
 
if(empty($photo)) { if(in_array($GroupID, $IDgroup)) { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/search_femmina.png"/></a>'; } 
 
elseif ($bannato == $GroupID) { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/ban.png"/></a>'; } 
 
else { 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/file/search_maschio.png"/></a>'; } } 
 
else{ 
 
echo '<a href="http://www.ilfree.it/index.php?/profile/' . $GETID . '-' . $Name . '" title="Visualizza il profilo di ' . $Name . '"><img src="http://www.ilfree.it/uploads/profile_photos/' . $photo . '"/></a>'; 
 
} 
 

 

 

 

 

 

 

 

 
?> 
 

 

 

 

 

 

 
    
 
      
 

 

 
      
 

 
      
 
      </div> 
 
     <?php } ?> 
 
     </div> </div> 
 
     <?php echo $pagination->createLinks(); ?> 
 
    <?php } ?> 
 

 
</div> 
 

 
<style> 
 

 
body { 
 
    background: #e7e7e7 url(http://carpanelli-art.com/wp-content/themes/pacifico/images/bgs/bg_i_4.jpg) repeat; 
 
    font-family: "FS Albert Light", "Myriad Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; 
 
} 
 
.GET-wrapper { 
 
    padding: 10px; 
 
    background: #fdfdfd; 
 
    width: 70%; 
 
    margin: 0 auto; 
 
    border-radius: 6px; 
 
} 
 
.list_item { 
 
    position: relative; 
 
    float: left; 
 
    border: 4px solid #f1f1f1; 
 
    margin: 4px; 
 
} 
 
.list_item:hover { 
 
     border: 4px solid #d6e9ff; 
 

 
} 
 
.list_item a { 
 
    text-decoration: none; 
 
    color: #b1b1b1; 
 
    font-size: 10px; 
 
    text-align: center; 
 

 
} 
 
.list_item a:hover { 
 
     color: #8a8a8a; 
 
} 
 
.list_item img { 
 
    width: 200px; 
 
    height: 220px; 
 
    display: list-item; 
 
} 
 

 
.list_item h2 { 
 
    position: relative; 
 
    margin: 0; 
 
    background: #f4f5f9; 
 
    border-bottom: 1px solid #f1f1f1; 
 
    color: #3f4752; 
 
    text-shadow: -1px -1px 0 #fff; 
 
} 
 
#GETs_content { 
 
    width: 70%; 
 
     margin: 0 auto; 
 
} 
 
.GETs_list {display: inline-block;} 
 
div.pagination { 
 
    font-family: "Lucida Sans", Geneva, Verdana, sans-serif; 
 
    padding:20px; 
 
    margin:7px; 
 
    display: inline-block; 
 
} 
 
div.pagination a { 
 
    margin: 2px; 
 
    padding: 0.5em 0.64em 0.43em 0.64em; 
 
    background-color: #ee4e4e; 
 
    text-decoration: none; 
 
    color: #fff; 
 
} 
 
div.pagination a:hover, div.pagination a:active { 
 
    padding: 0.5em 0.64em 0.43em 0.64em; 
 
    margin: 2px; 
 
    background-color: #de1818; 
 
    color: #fff; 
 
} 
 
div.pagination span.current { 
 
    padding: 0.5em 0.64em 0.43em 0.64em; 
 
    margin: 2px; 
 
    background-color: #f6efcc; 
 
    color: #6d643c; 
 
} 
 
div.pagination span.disabled { 
 
    display:none; 
 
} 
 
</style> 
 
      <!-- JavaScript --> 
 
     <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> 
 

 
<script> 
 
function searchFilter(page_num) { 
 
    page_num = page_num?page_num:0; 
 
    var keywords = $('#keywords').val(); 
 
    var keyname = $('#keyname').val(); 
 
    var sortBy = $('#sortBy').val(); 
 
    $.ajax({ 
 
     type: 'GET', 
 
     url: 'getData.php', 
 
     data:'page='+page_num+'&keyname='+keyname+'&keywords='+keywords+'&sortBy='+sortBy, 
 
     beforeSend: function() { 
 
      $('.loading-overlay').show(); 
 
     }, 
 
     success: function (html) { 
 
      $('#GETs_content').html(html); 
 
      $('.loading-overlay').fadeOut("slow"); 
 
     } 
 
    }); 
 
} 
 
</script> 
 
</body> 
 
</html>

私はあなたの助けを心配しています

+0

テストします。http://www.ilfree.it/test/ –

答えて

0

すべての条件節を含む配列を作成し、その配列を適切なSQLのwhere節にフォーマットすることができます。ただし、SQLへの入力をエスケープしておらず、SQLインジェクション攻撃の影響を受けやすいことに言及する必要があります。非常に単純なクエリビルダーのサンプルコードをいくつか紹介します。

$start = !empty($_GET['page'])?$_GET['page']:0; 
$limit = 25; 

# Build array of orderings 
$orderQueries = []; 
if (isset($_GET['sortBy']) && !empty($_GET['sortBy'])) { 
    $sortBy = $_GET['sortBy']; 
    $orderQueries[] = "name $sortBy"; 
} else { 
    $orderQueries[] = "name DESC"; 
} 

# Build array of conditionals 
$whereQueries = []; 
if (isset($_GET['name']) && !empty($_GET['name'])) { 
    $name = $_GET['name']; 
    $whereQueries[] = "name LIKE '%$name%'"; 
} 
if (isset($_GET['age']) && !empty($_GET['age'])) { 
    $age = $_GET['age']; 
    $whereQueries[] = "age = $age"; 
} 
if (isset($_GET['keywords']) && !empty($_GET['keywords'])) { 
    $keywords = $_GET['keywords']; 
    $whereQueries[] = "member_group_id LIKE '$keywords'"; 
} 

# Construct "WHERE ..." part of query 
$whereSQL = 'WHERE '; 
$firstLoop = true; 
foreach ($whereQueries as $q) { 
    if (!$firstLoop) { # Avoid prepending "AND" on the first loop 
     $firstLoop = false; 
     $q = " AND $q"; 
    } 
    $whereSQL .= $q; 
} 

# Construct "ORDER BY ..." part of query 
$orderSQL = 'ORDER BY '; 
$firstLoop = true; 
foreach ($orderQueries as $q) { 
    if (!$firstLoop) { 
     $firstLoop = false; 
     $q = ", $q"; # Avoid prepending "," on the first loop 
    } 
    $orderSQL .= " $q" 
} 
$query = $db->query("SELECT * FROM ILFREE_core_members $whereSQL $orderSQL LIMIT $start,$limit"); 
+0

解析エラー:構文エラー、予期しない '}' /web/htdocs/www.ilfree.it/home/test/getData.phpでon line 52 –

+0

Warning:/web/htdocs/www.ilfree.it/home/test/getData.phpのforeach()で無効な引数が37行目に指定されました 警告:/ web /にあるforeach()の引数が無効です。 htdocs/www.ilfree.it/home/test/getData.php 47行 –

+0

ok私はその方法を変更しました: –

関連する問題