解析查詢參數的輸入字段值

Question

我可以將輸入字段的值解析爲查詢參數以獲取同一表單中選擇字段的值嗎？

的代碼如下：

<FORM ACTION="login.php" METHOD=get> 

    <label for="email">Email: </label> 
    <input id="email" name="email" type="text" ><br> 

    <label for="pin">Password: </label> 
    <input id="pin" name="pin" type="password" ><br> 

    <label for="company">Company</label> 
      <select name="Company" id="company"> 
      <option>Select Company:</option> 
      <?php 
       $conn= new mysqli($servername,$username,$password,$db); 
       if ($conn->connect_error) { 
        die("Connection failed: " . $conn->connet_error); 
       } 
       $email = isset($_GET['email'])?$_GET['email']:""; 
       $sql="select company from accounts WHERE email = '$email';"; 
       $results = mysqli_query($conn, $sql); 
       if ($results->num_rows > 0){ 
        while ($row = mysqli_fetch_array($results)){ 
         echo "<option value=\"company1\">" .$row['company'] . "</option>"; 
        } 
       } 
      ?> 
      </select> 

    <input class="submit_btn" type="submit" value="Login"></input><br> 
    <a id="cust-nopin" href="javascript:;"><p class="text_centered_pass">Click here if you don't have a password</p></a> 

</FORM> 

那是不可能的？

Answer 1

在這種情況下你最好的選擇將是阿賈克斯。

表單頁面：

<form action="login.php" method=get> 

    <label for="email">Email: </label> 
    <input id="email" name="email" type="text" ><br> 

    <label for="pin">Password: </label> 
    <input id="pin" name="pin" type="password" ><br> 

    <label for="company">Company</label> 
    <select name="Company" id="company"> 
     <option value="">Select Company:</option> 
    </select> 

    <input class="submit_btn" type="submit" value="Login"></input><br> 
    <a id="cust-nopin" href="javascript:void(0);"><p class="text_centered_pass">Click here if you don't have a password</p></a> 

</form> 

現在JQuery的部分：

$(function() { 
     $(document).on("change, blur, keydown", "#email", function() { 
      $.ajax({ 
       url: 'path/to/ajaxfile.php', 
       type: 'GET', 
       dataType: 'json', 
       data: {email: $(this).val()}, 
      }) 
      .done(function(response) { 
       if (response.status) { 
        var html = '<option value="">Select Company:</option>' + response.html; 
        $("#company").html(html); 
       } else { 
        console.log(status.message); 
       } 
      }) 
      .fail(function(data) { 
       alert("Something went wrong please try again later."); 
       console.log(data.responseText); 
      }); 

     }); 
    }); 

然後路徑/到/ ajaxfile.php：

$conn = new mysqli($servername,$username,$password,$db); 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connet_error); 
} 

if (! empty($_GET['email'])) { 
    $email = mysqli_real_escape_string($conn, $_GET['email']); 
    $sql = "SELECT company FROM accounts WHERE email = '$email'"; 
    $results = mysqli_query($conn, $sql); 
    if ($results->num_rows > 0){ 
     $html = ""; 
     while ($row = mysqli_fetch_array($results)){ 
      $html .= '<option value="' . $row['company'] . '">' . $row['company'] . '</option>'; 
     } 
     echo json_encode(array("status" => true, "html" => $html)); 
    } else { 
     echo json_encode(array("status" => false, "message" => "There is no company with that email address.")); 
    } 
} else { 
    echo json_encode(array("status" => false, "message" => "No email is there to lookup.")); 
} 

這會幫助你實現你在做什麼...

我希望它有幫助。

Answer 2

當然，您可以使用輸入字段的值作爲查詢的參數。這是一種非常普遍的情況。

您的查詢不起作用，因爲您在單引號內包含了$email變量。所以這應該工作：

$sql="select company from accounts WHERE email = $email"; 

（在最後的分號是不需要的）。

但

使用用戶輸入查詢數據庫的這種方式是一種不好的做法，因爲它使你的代碼容易SQL Injection。

爲了防範SQL注入，建議使用Prepared Statements

所以，你應該查詢數據庫這樣的：

$sql="select company from accounts WHERE email = ?"; 
$stmt = $conn->prepare($sql); 
$stmt->bind_param("s", $email); 
$stmt->execute();