使用PHP驗證Form數據庫與MYSQL數據庫的比較

Question

我正在嘗試做我認爲是一件簡單的事情，但事實證明這相當困難。我想要做的就是提供一個1字段的表單，允許用戶輸入一個唯一的ID並點擊提交。如果唯一標識符與數據庫中的某個ID相匹配，那麼它們將被定向到一個頁面。如果ID不匹配，我希望它告訴「ID不匹配，再試一次」或類似的東西。

我已經看過無數的涉及登錄表單的教程，但是這比我需要的多一點，每次我試圖簡化它以成爲我所需要的，它都不起作用。我已經嘗試了很多不同的代碼。這是我現在擁有的。

更新的代碼：

<form name="enterclient" method="post"> 
<label for="clientid">Enter your client id</label><br /> 
<input name="clientid" id="clientid"><br /><br /> 
<input type="submit" value="Submit" name="submit" id="submit"> 
</form> 

<?php global $current_user; 
    get_currentuserinfo(); 
$host = 'myhost'; 
$username = 'myuser'; 
$pass = 'mypass'; 
$database = 'mydb'; 
$link = mysqli_connect($host,$username,$pass, $database); 

$clientid = $_REQUEST['clientid']; 

if ($link) { 

    if(isset($_POST['submit'])) { 
    if (empty ($clientid)) { 
    //if username field is empty echo below statement 
     echo "you must enter your unique username <br />"; 
    } 
    $query = "SELECT * FROM wp_locations WHERE client = '". mysqli_real_escape_string($link,$clientid) ."'" ; 
    $result = mysqli_query($link, $query) or die("Unable to query"); 
    $option = ""; 
    while($row=mysqli_fetch_array($result, MYSQLI_BOTH)) { 
    $option .= "<option value='{$row['client']}'>{$row['client']}</option>"; 
    } 
} 

else { 
}//close else 

if ($result) { 
print $option; 
    echo "query successful"; 
    header('location: http://www.google.com'); 
} 
else { 
    echo"query fail"; 
} 


}//end of initial if $db_found 

else { 
    print "Database NOT Found "; 
} 

// disconnect from the database 
mysql_close();?> 

更新的輸出： 當我到初始頁面，還在說「查詢失敗」，我猜這是因爲$的clientid可是沒有一個值尚未。

當我在框中輸入某些內容時，無論它是什麼，它都會返回「查詢成功」。我希望它只在輸入匹配數據庫值時才能成功返回。

如果我輸入一個我知道的值匹配數據庫值，它會給我一個該數據庫值的列表，但是它存在多次，並且說查詢成功。

重要的是要注意重定向似乎從來沒有工作。

Answer 1

看看你的代碼，它被縮進後：

if ($db_found) { 
    if(isset($_POST['submit'])) { 
     //if username field is empty echo below statement 
     if (empty ($clientid)){ 
      echo "you must enter your unique username <br />"; 
     } 
    } else { 
     $query = "SELECT * FROM wp_locations WHERE client = '". mysqli_real_escape_string($clientid) ."'" ; 
     $result = mysqli_query($query) or die("Unable to query"); 
     $option = ""; 
     while($row=mysql_fetch_array($result)) { 
      $option .= "<option value='{$row['client']}'>{$row['client']}</option>"; 
     } 
    } 
    if ($result){ 
     print $option; 
     echo "query successfull"; 
     header('location: http://www.google.com'); 
    } else { 
     echo"query fail"; 
    } 
//end of initial if $db_found 
} else { 
    print "Database NOT Found "; 
} 

現在你可以很容易地看到你只有在形式不提交的表單查詢。我很確定這不是你想要的。是嗎？？？？

你想類同：

if ($db_found) { 
    if(isset($_POST['submit'])) { 
     //if username field is empty echo below statement 
     if (empty ($clientid)){ 
      echo "you must enter your unique username <br />"; 
     } 
     $query = "SELECT * FROM wp_locations WHERE client = '". mysqli_real_escape_string($clientid) ."'" ; 
     $result = mysqli_query($query) or die("Unable to query"); 
     $option = ""; 
     while($row=mysql_fetch_array($result)) { 
      $option .= "<option value='{$row['client']}'>{$row['client']}</option>"; 
     } 
     if ($result){ 
      print $option; 
      echo "query successfull"; 
      header('location: http://www.google.com'); 
     } else { 
      echo"query fail"; 
     } 
    } 
//end of initial if $db_found 
} else { 
    print "Database NOT Found "; 
} 

但你仍然需要使用mysql_*與mysqli_*擴展混合的問題，只使用mysqli_*然後需要看函數現在使用例如mysqi_query正確的參數至少需要兩個參數。看看這些引用：

• http://us2.php.net/manual/en/mysqli-result.fetch-array.php
• http://us2.php.net/manual/en/mysqli.real-escape-string.php
• http://us2.php.net/manual/en/mysqli.query.php

SOLUTION：下面應該是可行的解決方案我沒有測試代碼，但它應該是你正在找。通常我不會去做這個事情，但是我今天早上感覺很慷慨。

<form name="enterclient" method="post"> 
<label for="clientid">Enter your client id</label><br /> 
<input name="clientid" id="clientid"><br /><br /> 
<input type="submit" value="Submit" name="submit" id="submit"> 
</form> 

<?php 

global $current_user; 
get_currentuserinfo(); 
$host = 'myhost'; 
$username = 'myuser'; 
$pass = 'mypass'; 
$database = 'mydb'; 
//connect to MySQL database 
$link = mysqli_connect($host,$username,$pass, $database); 
//if not connected kill page and throw error 
if (!$link) { 
    die('Connect Error (' . mysqli_connect_errno() . ') ' 
      . mysqli_connect_error()); 
} 
//check if form submitted and clientid is not empty 
if(isset($_POST['clientid']) && !empty($_POST["clientid"]))){ 
    //escape clientid to use in query 
    $clientid = mysqli_real_escape_string($link,$_POST['clientid']); 
    //form query 
    $query = "SELECT client FROM wp_locations WHERE client = '$clientid'"; 
    //run query on server and if not successful then kill page and throw error 
    $result = mysqli_query($link, $query) or die(mysqli_error($link)); 
    //set variable to fill with database data and print 
    $option = ""; 
    //check if any rows were returned from database 
    if(mysqli_num_rows($result)>0){ 
     //for each row that was returned set $row equal to an array of values for that row 
     while($row=mysqli_fetch_array($result)) { 
      //set $option with values from the database as there is only possible one value use = instead of .= 
      $option = "<option value='{$row['client']}'>{$row['client']}</option>"; 
     } 
     //print the option 
     print $option; 
     //show that the query was successful 
     print "query successful"; 
     //set redirect to happen in 5 seconds 
     $redirect = "http://www.google.com"; 
     $wait = 5; // seconds to wait 
     print "You will be redirected to $redirect in $wait seconds." 
     print "<span style='display:none'><meta http-equiv='Refresh' content='$wait; URL=$redirect'></span>"; 
    } else { 
     //show that the query was successful but that the client was not found 
     print "query successful but client not found please try again"; 
    } 
    //free the MySQL result set 
    mysqli_free_result($result); 
} else { 
    //the form was either not submitted or submitted with an empty value. 
    print "Please complete and submit the form above."; 
} 
//close the connection to the MySQL server 
mysqli_close($link); 

?>