1. 首页
  2. 问答
  3. PHP mysql $ _POST搜索问题

PHP mysql $ _POST搜索问题

2014-02-25 83 views
1

我无法让我的搜索功能正常工作。我没有看到任何PHP错误,但页面刷新并重新显示数据库列。我希望它只显示搜索查询的结果。

例如,如果我搜索“迈克”我想在“Tech_Num”显示所有米凯什,“Tech_F_Name”,“Tech_L_Name”和“Mobile_Num”。

代码:

<?php 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

//Include the connection 
include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 

if (isset($_POST['searchquery'])) { 

    $result = mysqli_query($con, "SELECT * FROM tech_info"); 
    $search_term = $_POST['searchquery']; 
    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 
    $sql .= " OR Tech_L_Name = '{$search_term}'"; 
} 
?> 

<form action="test2.php" method="POST"> 
    Search: <input type="text" name="searchquery" /> 
    <input type="submit" name="searchname" value="Search Me"> 
</form> 

<table width="70%" cellpadding="5" cellspace="5"> 

    <tr> 
     <td><strong>Tech_Num</strong></td> 
     <td><strong>First Name</strong></td> 
     <td><strong>Last Name</strong></td> 
     <td><strong>Mobile Number</strong></td> 
    </tr> 

<?php 
while ($row = mysqli_fetch_array($result)) { 
    ?> 

     <tr> 
      <td><?php echo $row['Tech_Num']; ?> 
      <td><?php echo $row['Tech_F_Name']; ?> 
      <td><?php echo $row['Tech_L_Name']; ?> 
      <td><?php echo $row['Mobile_Num']; ?> 


<?php } ?> 

</table>

来源

2014-02-25 cableguy

+1

仅供参考,您可以[SQL注入](http://stackoverflow.com/q/60174) –

+1

您实际上并未运行整个查询。 *在运行查询之后,将where子句附加到查询的部分会发生*。实际上,这三条线根本就什么都不做。 –

回答

5 
<?php 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

//Include the connection 
include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 

if (isset($_POST['searchquery'])) { 
    $search_term = mysql_real_escape_string($_POST['searchquery']); 
    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 
    $sql .= " OR Tech_L_Name = '{$search_term}'"; 



} 
$result = mysqli_query($con, $sql); 
?>

你的东西是错误的顺序,需要你使用它之前生成SQL查询。

来源

2014-02-25 21:13:35

+1

我想补充一点,应该在这里使用准备好的语句,或者您应该避免输入以避免SQL注入 –

1

您的操作顺序看起来不对。您应该先创建$ sql变量,然后将其发送到数据库?喜欢的东西:

if (isset($_POST['searchquery'])) { 

    $search_term = $_POST['searchquery']; 

    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 

    $sql .= " OR Tech_L_Name = '{$search_term}'"; 

    $result = mysqli_query($con, $sql); 

}

此外,对于初学者来说,更换:

$search_term = $_POST['searchquery']; 


$search_term = mysql_real_escape_string($_POST['searchquery']);

来源

2014-02-25 21:14:45

0

我觉得你是如此的困惑这个脚本:-) 如果你想在搜索一些数据库颜色,你试图写这样的东西:

include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 


if (isset($_POST['searchquery'])) { 


$search_term = $_POST['searchquery']; 

$sql .= "WHERE Tech_F_Name = '{$search_term}'"; 

$sql .= " OR Tech_L_Name = '{$search_term}'"; 

} 

$result = mysqli_query($con, $sql); 

while ($row = mysqli_fetch_array($result)) {}

来源

2014-02-25 21:19:09

相关问题

 相关问题