1. 首頁
  2. 問答
  3. PHP:變量顯示值,即使提交按鈕沒有被點擊

PHP:變量顯示值,即使提交按鈕沒有被點擊

2016-07-28 64 views
0

該場景是必須搜索代碼,並且如果代碼存在,結果將從MySQL DB中顯示,否則顯示消息「對不起,但沒有找到結果「顯示。也許沒有重新輸入您的EVR:或仔細檢查您的輸入。」PHP:變量顯示值,即使提交按鈕沒有被點擊

然而,搜索還送之前,已經出現該錯誤消息。

我在做什麼錯?

<?php 
    $no_results = NULL; 
    $query = (isset($_POST['query']) ? $_POST['query'] : null); 

    $raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error()); 

    if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following 

     while($results = mysql_fetch_array($raw_results)){    
      $evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>'; 
      $surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>'; 
      $othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>'; 
      $ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>'; 

     } 
    } 
    else { // if there is no matching rows do following 
     $no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';   
    } 

?>

,並在同一個文件,在HTML當結果出現:

<form action="index.php" method="POST" class="search"> 
     <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12"> 
      <div class="form-group"> 
       <input type="text" name="query" class="form-control" placeholder="Enter Your EVR No." required/> 
       <button type="submit" id="form-submit" value="Search" class="btn-submit btn btn-big dark-blue-bordered-btn">Submit</button> 
      </div> 
     </div> 
     <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12"> 
      <?php 
       if($no_results!="") // Two times Doule Quotation marks that is, and != means "not equal to". So we mean to say if $code is not equal to empty 
       { 
        echo $no_results; 
       } 
       else { echo " "; }

我曾嘗試isset()函數,空(),但錯誤信息仍顯示,即使搜尋未麻德。

我錯過了什麼?

來源

2016-07-28 SQDawq

+2

**停止**使用不推薦的'mysql_ *'API。使用'mysqli_ *'或'PDO' – Jens

+0

$ _POST ['query']最可能是空的。因此SQL查詢失敗。創建一個圍繞整個SQL的if子句,將它添加到$ query行之前。如果設置$ _POST ['query']並且post ['query']的strlen不爲空,繼續。 – Janno

+0

是的,直到提交按鈕被點擊。可以做什麼來防止這種情況? – SQDawq

回答

0

它很粗糙,但那樣做。 原因是頁面加載時,您的搜索框是空的,正在執行查詢,返回0行的NULL。

<?php 
$no_results = NULL; 
$query = (isset($_POST['query']) ? $_POST['query'] : null); 

if ($query) { 
    $raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error()); 

    if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following 

    while($results = mysql_fetch_array($raw_results)){    
     $evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>'; 
     $surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>'; 
     $othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>'; 
     $ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>'; 

    } 
    } 
    else{ // if there is no matching rows do following 
    $no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';   
} 
}

?>

來源

2016-07-28 12:25:04 cedzz

+0

我認爲最好是檢查'$ _POST ['query']'是否存在,然後簡單地寫'$ query = $ _POST ['query']'(以我的方式)。那麼我們有1,而不是2 – Danielius

+0

謝謝。這工作得很好。 – SQDawq

0 
<?php 
$no_results = NULL; 
if (isset($_POST['query']) && strlen($_POST['query']) > 0) { 
$query = (isset($_POST['query']) ? $_POST['query'] : null); 

$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error()); 

if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following 

    while($results = mysql_fetch_array($raw_results)){    
     $evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>'; 
     $surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>'; 
     $othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>'; 
     $ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>'; 

    } 
} 
else{ // if there is no matching rows do following 
    $no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';   
} 
} else { 
    //no query value 
}

?>

來源

2016-07-28 12:25:31 Janno

+0

謝謝。點擊提交按鈕後,有沒有辦法在表單中保留EVR號碼? – SQDawq

+0

將停止使用不推薦使用的函數,並將更新到MySQLi。謝謝 – SQDawq

+0

是的。 在您的HTML文件中: class =「form-control」placeholder =「輸入您的EVR號碼」 required /> – Janno

0 
<?php 
if(isset($_POST['query'])) { 
$no_results = ''; 
$query = mysql_real_escape_string($_POST['query']);//added some security 

    $raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error()); 

    if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following 

     while($results = mysql_fetch_array($raw_results)){    
      $evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>'; 
      $surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>'; 
      $othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>'; 
      $ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>'; 

     } 
    } 
    else{ // if there is no matching rows do following 
     $no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';   
    } 
} 
?>

這應該是最好的選擇...停止使用mysql_ *函數使用PDO或MySQLi的。您的代碼IS VULNERABLE以sql注入

來源

2016-07-28 12:26:56 Danielius

相關問題

 相關問題