私はまだPHPにかなり慣れていないので、簡単なことを見落としている場合はご容赦ください。名またはユーザー名、都市、州、国、または電子メールアドレスの1つ以上の基準を入力して、メンバーを検索できるメンバー検索フォームを作成しようとしています。フォームは、単一のフィールドが入力された場合、または名前/ユーザー名フィールドに値がある場合にのみ複数のフィールドが入力された場合に機能します。それが論理的な問題だと仮定します。前もって感謝します。
if (!isset($_POST['fname']))
{
//If not isset -> set with dummy value
$_POST['fname'] = "undefine";
}
if (!isset($_POST['city']))
{
//If not isset -> set with dummy value
$_POST['city'] = "undefine";
}
if (!isset($_POST['state']))
{
//If not isset -> set with dummy value
$_POST['state'] = "undefine";
}
if (!isset($_POST['country']))
{
//If not isset -> set with dummy value
$_POST['country'] = "undefine";
}
if (!isset($_POST['email']))
{
//If not isset -> set with dummy value
$_POST['email'] = "undefine";
}
// DEFAULT QUERY STRING
$queryString = '';
if ($_POST['fname'] != '') {
$fname = $_POST['fname'];
$fname = stripslashes($fname);
$fname = strip_tags($fname);
$fname = preg_replace('#[^A-Za-z 0-9]#i', '', $fname);
$fname = mysql_real_escape_string($fname);
$queryString = "(firstname LIKE '%$fname%' OR username LIKE '%$fname%')";
} else {
$queryString = '';
}
if ($_POST['city'] != '') {
if (($_POST['fname'] != '') || ($_POST['state'] != '') || ($_POST['country'] != '') || ($_POST['email'] != '')){
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= " AND city='$city'";
} else {
$city = $_POST['city'];
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= "city='$city'";
}
} else {
$queryString .= '';
}
if ($_POST['state'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['country']) || ($_POST['email'])){
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= " AND state='$state'";
} else {
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= "state='$state'";
}
} else {
$queryString .= '';
}
if ($_POST['country'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['email'])) {
$country = $_POST['country'];
$queryString .= " AND country='$country'";
}
else {
$country = $_POST['country'];
$queryString .= "country='$country'";
}
} else {
$queryString .= '';
}
if ($_POST['email'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['country'])){
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$email = preg_replace('#[^A-Za-z 0-9,.@-]#i', '', $email);
$email = mysql_real_escape_string($email);
$queryString .= " AND email='$email'";
} else {
$email = $_POST['email'];
$queryString .= "email='$email'";
}
} else {
$queryString .= '';
}
////////////// QUERY THE MEMBER DATA USING THE $queryString variable's value
$sql = mysql_query("SELECT id, username, firstname, city, state, country FROM members WHERE $queryString AND emailactivated='1' ORDER BY id ASC");