Create Query with Mysql

Question

Create Query with Mysql

Asked 3 years, 7 months ago

Viewed 31 times

-2

I’m having a problem, I have a search form with two inputs, and I want to build a query that will query either by employee number or by sector code. how to query? follows the code below. I thank you.

<div class="main-panel">
<div class="content-wrapper">
    <div class="row">
        <div class="col-12">
            <div class="card">
                <div class="card-body">
                    <h4 class="card-title">Escala de Funcionarios</h4>
                    <form class="forms-sample" name="frmBusca" method="POST">
                        <div class="form-row">
                            <div class="form-group col-md-2">
                                <label for="Cod"> </label>
                                <input type="text" class="form-control" placeholder="Código do setor" name="cod">
                            </div>
                            <div class="form-group col-md-2">
                                <label for="Cod"> </label>
                                <input type="text" class="form-control" placeholder="Numero do Funcionario" name="numero">
                            </div>
                            <div class="form-group col-md-1">
                                <label for="Cod"> </label>
                                <input type="submit" name="SendPesqUser" class="btn-primary" value="Pesquisar">
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
        <div class="col-lg-12 stretch-card">
            <div class="card">
                <div class="card-body">
                    <h4 class="card-title">Escala:</h4>
                    <table class="table table-bordered">
                        <thead>
                            <tr>
                                <th scope="col">numero</th>
                                <th scope="col">cargo</th>
                                <th scope="col">Nome Funcional</th>
                                <th scope="col">Setor</th>
                                <th scope="col">Nome Setor</th>
                                <th scope="col">Escala</th>
                                <th scope="col">Horário</th>
                                <th scope="col">Intervalo</th>
                                <th scope="col">Obs. Escala</th>
                            </tr>
                        </thead>
                        <tbody>
                            <?php
                                include_once  '../banco.php';                                          
                                $SendPesqUser = filter_input(INPUT_POST,'SendPesqUser',FILTER_SANITIZE_STRING);
                                if($SendPesqUser){ 
                                $pdo = Banco::conectar();
                                $codigo = filter_input(INPUT_POST,'cod',FILTER_SANITIZE_STRING);
                                $sql = "SELECT * FROM escalaservico2 WHERE proprio LIKE '%$codigo%'";    
                                }

                                foreach($pdo->query($sql)as $row)
                                {
                                    echo '<tr>';
                                    echo '<td width=50 scope="row">'. $row['numero'] . '</td>';
                                    echo '<td width=40>'. $row['cargo'] . '</td>';
                                    echo '<td>'. $row['nome_funcional'] . '</td>';
                                    echo '<td width=35>'. $row['proprio'] . '</td>';
                                    echo '<td>'. $row['nome_proprio'] . '</td>';
                                    echo '<td>'. $row['escala'] . '</td>';
                                    echo '<td>'. $row['horario'] . '</td>';
                                    echo '<td>'. $row['intervalo'] . '</td>';
                                    echo '<td>'. $row['obsescala'] . '</td>';                                             
                                    echo '</tr>';
                                }                                           
                            ?>
                        </tbody>
                    </table>
                </div>
            </div>
        </div>
    </div>
</div>

1 answer

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.

by Érycson Nóbrega • **101** points · Answer 1 · 2021-04-01T13:32:04+00:00

For security reasons, use Pdo->prepare(), as follows:

<?php
$stmt = $pdo->prepare('SELECT * FROM escalaservico2 WHERE numero_funcionario LIKE ? OR codigo_setor LIKE ?');
$stmt->execute(["%{$codigo}%", "%{$codigo}%"]);

foreach ($stmt->fetchAll() as ...

Then change number and sector code for the fields you want.