0
第二次你好。mysqli準備好聲明搜索表單
最近,我問了一個問題,我們清理了一些醜陋的代碼我一直在炮製和得到的幫助,我很快要求。感謝那!
原題線程是在這裏:PHP - Search database and return results on the same page
我很快就被引導到使用準備好的聲明中的mysqli什麼,而不是我一直在做,以避免SQL注入和這樣。我知道這個建議會以我的方式出現,所以並不奇怪。所以我做了一些更多的挖掘,並相應地重新編寫了原始代碼。但現在我已經打破了這個形式。
任何人都願意看看我失蹤的東西嗎?我是新來的,我在互聯網上搜索並沒有幫助我自己調試。
<!DOCTYPE html>
<html>
<head>
<title>Client Search Results</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<form id="contact" action="" method="post">
<fieldset>
<h4>Search For Client</h4>
<input name="search" placeholder="Enter Name Here" type="text">
</fieldset>
<fieldset>
<button type="submit">Search</button>
</fieldset>
</form>
</div>
<div class='container'>
<form id='contact' action='edit.php' method='post'>
<fieldset>
<h4>Search Results</h4>
<select size="5" style="width:100%" name='id' >
<?php
// Include database communication info
include("../../comm/com.php");
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Search
$search = "%{$_POST['search']}%";
$stmt = $db->prepare("SELECT client_id, firstname, lastname, city, state FROM client WHERE firstname LIKE ?");
$stmt->bind_param("s", $search);
$stmt->execute();
$stmt->store_result();
$numRows = $stmt->num_rows;
$stmt->bind_result($client_id, $firstname, $lastname, $city, $state);
if($result > 0) {
while ($stmt->fetch()) {
echo "<option value='$client_id'>$firstname $lastname - $city, $state</option>";
}
}
$stmt->close();
?>
</select>
</fieldset>
<fieldset>
<button type='submit' name='submit'>View Selection</button>
</fieldset>
</form>
<div>
</body>
</html>