0
我有MySQL數據庫與表名'用戶'。我想根據「身份證號碼」搜索數據。例如:如果我想搜索ID爲14的ID,它應顯示ID = 14的所有記錄(姓,名,性別,國家,電子郵件等)。搜索並顯示結果與數據庫
這裏是我的代碼:
data.php
<?php
require_once ('connect.php');
if(isset($_POST['done']))
{
$FirstName = $_POST['firstname'];
$LastName = $_POST['lastname'];
$DateofBirth =$_POST['dateofbirth'];
$Email = $_POST['email'];
$Gender = $_POST['gender'];
$Country = $_POST['country'];
$Website = $_POST['website'];
$Bio = $_POST['bio'];
$CreateSql="INSERT INTO `user` (`First Name`, `Last Name`, `Gender`,`Date of Birth`, `Country`, `Email`, `Website`, `Bio`,`Created Date`)
VALUES ('$FirstName', '$LastName', '$Gender','$DateofBirth', '$Country', '$Email', '$Website', '$Bio',NOW())";
$insert = mysqli_query($connection,$CreateSql) or die(mysqli_error($connection));
if($insert)
{
echo 'Data Inserted';
}else
{
echo 'mysqli_error()';
}
}
//header ("refresh:2; url=index.php");
?>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>View Data</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<table width="1200" class="table-bordered" border="1" cellpadding="1" cellspacing="5">
<tr>
<th><center>ID</center></th>
<th><center>First Name</center></th>
<th><center>Last Name</center></th>
<th><center>Gender</center></th>
<th><center>Date of Birth</center></th>
<th><center>Registration Date</center></th>
<th><center>Action</center></th>
</tr>
<?php
$select = "SELECT * FROM `user` ";
$record = mysqli_query($connection,$select);
while($data = mysqli_fetch_array($record))
{
?>
<tr>
<td><center><?php echo $data['ID']; ?></center></center></td>
<td><center><?php echo $data['First Name']; ?></center></td>
<td><center><?php echo $data['Last Name']; ?></center></td>
<td><center><?php echo $data['Gender']; ?></center></td>
<td><center><?php echo $data['Date of Birth']; ?></center></td>
<td><center><?php echo $data['Created Date']; ?></center></td>
<td><center><a href="view.php?ID=<?php echo $data['ID']; ?>">View</a>
<a href="search.php?ID=<?php echo $data['ID']; ?>">Search</a>
<a href="edit.php?ID=<?php echo $data['ID']; ?>"><span class="glyphicon glyphicon-edit" aria-hidden="true">Edit</span></a>
<a href="delete.php?ID=<?php echo $data['ID']; ?>"><span class="glyphicon glyphicon-remove" aria-hidden="true">Delete</span></a></center></td>
<tr>
<?php
}
?>
</table>
<br>
<div class="row">
<div class="col-md-12">
<center><a href="index.php"><input type="submit" name="done" class="btn btn-success btn-send" value="Add User"></a></center>
<a href="search.php?ID=<?php echo $data['ID']; ?>"><input type="submit" name="search" class="btn btn-success btn-send" value="Search ID"></a>
<input type="text" name="search" value="<?php echo $data['ID']; ?>"
的search.php
<?php
require_once ('connect.php');
$ID = $_GET['ID'];
?>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>View Data</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<table width="1200" border="2" cellpadding="1" cellspacing="1">
<tr>
<th><center>ID</center></th>
<th><center>First Name</center></th>
<th><center>Last Name</center></th>
<th><center>Email</center></th>
<th><center>Gender</center></th>
<th><center>Date of Birth</center></th>
<th><center>Country</center></th>
<th><center>Website</center></th>
<th><center>Bio </center></th>
<th><center>Registration Date</center></th>
</tr>
<?php
$search = mysqli_query($connection,"SELECT * FROM `user` WHERE `ID` = '$ID' ");
while($data= mysqli_fetch_array($search))
{
?>
<tr>
<td><center><?php echo $data['ID']; ?></center></center></td>
<td><center><?php echo $data['First Name']; ?></center></td>
<td><center><?php echo $data['Last Name']; ?></center></td>
<td><center><?php echo $data['Email']; ?></center></td>
<td><center><?php echo $data['Gender']; ?></center></td>
<td><center><?php echo $data['Date of Birth']; ?></center></td>
<td><center><?php echo $data['Country']; ?></center></td>
<td><center><?php echo $data['Website']; ?></center></td>
<td><center><?php echo $data['Bio']; ?></center></td>
<td><center><?php echo $data['Created Date']; ?></center></td>
<tr>
<?php
if($search)
{
echo 'Record Found';
}else
{
echo 'mysqli_error()';
}
}
?>
</table>
</body>
</html>
與上面的代碼我得到這樣的輸出:它顯示選定沒有記錄ID。 
[小博](http://bobby-tables.com/)說** [你的腳本是SQL注入攻擊的風險](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)**。瞭解[Prepared Statements](http:// en .wikipedia.org/wiki/Prepared_statement)[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。甚至** [轉義字符串](http:// stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)**不安全! – GrumpyCrouton
一些明智的代碼縮進將是一個好主意。 它可以幫助我們閱讀代碼,更重要的是它可以幫助您調試代碼**。 [快速瀏覽編碼標準](http://www.php-fig.org/psr/psr-2/)爲您帶來的好處。 您可能會被要求在幾周/幾個月內修改此代碼,最後您會感謝我。 – GrumpyCrouton