Home>

Hello, make a table filter here ktg.megusto.kz., and you need to somehow correct the filter, I already tried everything, and I did not find anything, now the code is

Require_ONCE "Core /db_config.php";
if (ISSET ($ _ get ['submit'])) {
$ fields= array ('Order_user', 'Method', 'Data_From', 'Data_TO');
$ Conditions= Array ();
Foreach ($ Fields AS $ Field) {
    If (ISset ($ _ Get [$ Field]) &
&
 $ _Get [$ field]!= '') {
        $ Conditions []= "` $ field` Like '%. " $ _Get [$ field]. "%" ";
    }
}
$ SQL= "SELECT * from` ktg_base` ";
if (Count ($ Conditions) >
 0) {
    $ SQL.= "WHERE". implode ('and', $ Conditions);
}
} ELSE {
$ SQL= "SELECT * from` ktg_base` Where del= 0 ";
}
$ result= $ mysqli->
Query ($ SQL) or DIE (Mysqli_error ($ SQL));
While ($ row= mysqli_fetch_assoc ($ result)) {
Echo '<
TR Data-id= "'. $ row [' id '].'" >
';
Echo '<
TD >
'. $ Row ['id']. '≪
/TD >
';
Echo '<
TD >
'. $ row ['Order_user]. '≪
/TD >
';
Echo '<
TD >
'. $ Row ['Organizator']. '≪
/TD >
';
Echo '<
TD >
'. $ Row ['Name']. '≪
/TD >
';
Echo '<
TD >
'. $ Row ['Method']. '≪
/TD >
';
Echo '<
TD >
'. $ Row ['Data_From']. '≪
/TD >
';
Echo '<
TD >
'. $ Row ['Data_TO']. '≪
/TD >
';
Echo '<
TD >
'. $ row ['Status']. '≪
/TD >
';
Echo '<
/TR >
';
}

How should everything work, but it works somehow it is not clear how to do it right? There are all 3 seletes, and one search field over the entire table.

At least the first walled Kulkhacker breaks your site and removes everything from the database. Because in the fields arbitrary SQL request will write. Use the PHP.NET/Manual/RUMYSQLi-STMT.Bind-Param.php bied variables of PHP.net/manual/ru/mysqli-stmt.bind-param.php

Mike2021-05-23 00:39:46

Well, on this link you can see ktg.megusto.kz, how the filter works, as it is not clear

pavlikmd2021-05-23 00:39:46
  • Answer # 1

    did this

    if (ISSET ($ _ get ['submit'])) {
                        $ Action= $ _Get ['action'];
                        $ search= $ _Get ['Order_user'];
                        $ p_from= $ _Get ['Data_From'];
                        $ p_to= $ _get ['data_to'];
                        $ Method= $ _Get ['Method'];
                        If ($ _ get ['Order_user']!== "") {
                            $ sql= "select * from` ktg_base` Where confat (`name`,` Order_user`, `Organizator`,` Method`, `data_from`,` data_to`, `status`) Like '%." $ search. " % '";
                        } ELSE {
                            $ Fields= Array ('Method', 'Data_From', 'Data_TO');
                            $ Conditions= Array ();
                            Foreach ($ Fields AS $ Field) {
                                If (ISset ($ _ Get [$ Field]) &
    &
     $ _Get [$ field]!= '' &
    &
     $ _Get [$ field]!= '0') {
                                    $ Conditions []= "` $ field` Like '%. " $ _Get [$ field]. "%" ";
                                }
                            }
                            $ SQL= "SELECT * from` ktg_base` ";
                            if (Count ($ Conditions) &gt;
     0) {
                                $ SQL.= "WHERE". implode ('and', $ Conditions);
                            }
                        }
                    } ELSE {
                        $ SQL= "SELECT * from` ktg_base` Where del= 0 ";
                    }
    
  • Answer # 2

    did this

    if (ISSET ($ _ get ['submit'])) {
                        $ Action= $ _Get ['action'];
                        $ search= $ _Get ['Order_user'];
                        $ p_from= $ _Get ['Data_From'];
                        $ p_to= $ _get ['data_to'];
                        $ Method= $ _Get ['Method'];
                        If ($ _ get ['Order_user']!== "") {
                            $ sql= "select * from` ktg_base` Where confat (`name`,` Order_user`, `Organizator`,` Method`, `data_from`,` data_to`, `status`) Like '%." $ search. " % '";
                        } ELSE {
                            $ Fields= Array ('Method', 'Data_From', 'Data_TO');
                            $ Conditions= Array ();
                            Foreach ($ Fields AS $ Field) {
                                If (ISset ($ _ Get [$ Field]) &
    &
     $ _Get [$ field]!= '' &
    &
     $ _Get [$ field]!= '0') {
                                    $ Conditions []= "` $ field` Like '%. " $ _Get [$ field]. "%" ";
                                }
                            }
                            $ SQL= "SELECT * from` ktg_base` ";
                            if (Count ($ Conditions) &gt;
     0) {
                                $ SQL.= "WHERE". implode ('and', $ Conditions);
                            }
                        }
                    } ELSE {
                        $ SQL= "SELECT * from` ktg_base` Where del= 0 ";
                    }