1. 首頁
  2. 問答
  3. PHP,MySQL - 簡單的搜索帶有不想要的結果

PHP,MySQL - 簡單的搜索帶有不想要的結果

2017-10-04 34 views
0

我在本地站點上有一個基本的搜索選項,它在MySQL中爲每個用戶使用唯一的8位數字用戶號碼,它起作用(例如:如果用戶號碼與用戶匹配將顯示與該用戶號碼相關的所有記錄),只是當搜索結束時我得到了不想要的結果,而不希望的結果是,例如,如果我搜索的用戶的搜索結果爲12345678,並且用戶退出,它將會顯示結果,但可以說我做了搜索12345677和用戶不存在我會得到消息用戶來源,但沒有數據顯示。PHP,MySQL - 簡單的搜索帶有不想要的結果

搜索表單代碼:

<form action="search.php" method="GET"> 
    <input type="text" name="query" placeholder="Student Number" autofocus/> 
    <input type="submit" value="Search" /> 
</form>

的search.php

include_once("config.php"); 
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query"); 
if(empty($result)) { 

// } else{ 

echo "<center><table border='0' id='3'>"; 
echo "<tr id='2'>"; 
echo "<td><center>System Message</center></td></tr>"; 
echo "<tr id='loan4'><br />"; 
echo "<td><center><h1>No Record Found</h1>"; 
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>"; 
echo "<br/>OR</a>"; 
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>"; 
echo "</center></td>"; 
echo "</tr>"; 
echo "</table></center>";} 

    else{ 
?> 
    <table width='95%' border='0' id='loan1'> 

    <tr id='loan2'> 
     <td width="120">User No.</td> 
     <td width="130">Full Name</td> 
     <td width="90">Amount</td> 
     <td width="100">aken</td> 
     <td width="100">Due</td> 
     <td width="248">Notes</td> 
     <td width="120" align="center">Options</td> 

    </tr> 


    <?php 

    while($res = mysql_fetch_array($result)) { 

     echo "<tr id='4'>"; 
     echo "<td>".$res['userno']."</td>"; 
     echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>"; 
     echo "<td>".$res['loana']."</td>"; 
     echo "<td>".$res['datet']."</td>"; 
     echo "<td>".$res['dated']."</td>"; 
     echo "<td>".$res['notes']."</td>"; 
     echo "</tr>"; 
    } 

    echo "<center><table border='0' id='loan3'>"; 
echo "<tr id='loan2'>"; 
echo "<td><center>System Message</center></td></tr>"; 
echo "<tr id='4'><br />"; 
echo "<td><center><h1>Record Found</h1>"; 
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";

而且我已經試過!empty但沒有喜悅,任何幫助是極大的讚賞。

來源

2017-10-04 Cluster

+3

1.停止使用'已棄用+已刪除的mysql_ *庫'。使用'mysqli_ *'或'PDO'代替它。你必須使用'mysql_ *'的'num_rows()'來檢查數據是否來臨。使用'prepared statements'來防止'SQL INJECTION'(新庫有這些) –

+0

'Accounting' +'mysql_ *'+'SQL Injection' =有問題 –

回答

1

使用mysql_num_rows()像下面修復當前的代碼: -

<?php 
include_once("config.php"); 
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query"); 
if(mysql_num_rows($result) >0) { 
?> 
    <table width='95%' border='0' id='loan1'> 

    <tr id='loan2'> 
     <td width="120">User No.</td> 
     <td width="130">Full Name</td> 
     <td width="90">Amount</td> 
     <td width="100">aken</td> 
     <td width="100">Due</td> 
     <td width="248">Notes</td> 
     <td width="120" align="center">Options</td> 

    </tr> 


    <?php 

    while($res = mysql_fetch_array($result)) { 

     echo "<tr id='4'>"; 
     echo "<td>".$res['userno']."</td>"; 
     echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>"; 
     echo "<td>".$res['loana']."</td>"; 
     echo "<td>".$res['datet']."</td>"; 
     echo "<td>".$res['dated']."</td>"; 
     echo "<td>".$res['notes']."</td>"; 
     echo "</tr>"; 
    } 
}else{ 
     echo "<center><table border='0' id='3'>"; 
     echo "<tr id='2'>"; 
     echo "<td><center>System Message</center></td></tr>"; 
     echo "<tr id='loan4'><br />"; 
     echo "<td><center><h1>No Record Found</h1>"; 
     echo "<br/><a href='index.php' class='button button1 link'>Go back</a>"; 
     echo "<br/>OR</a>"; 
     echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>"; 
     echo "</center></td>"; 
     echo "</tr>"; 
     echo "</table></center>"; 
}?>

注意。使用mysqli_*PDO以及prepared statements以防止從SQL INJECTION

REFREENCE: -

mysqli_* with prepared statements

PDO with prepared statements

來源

2017-10-04 11:19:50

1

$結果可能不完全是空的。

嘗試使用mysql_num_rows()。使用deprecated+removed mysql_* library

停止 - :

例子:

if (mysql_num_rows($result)==0) { 
     //PERFORM ACTION 
    }

來源

2017-10-04 11:16:04 Neyxo

1

你需要停止使用mysql_*功能的第一件事情,他們正在貶值,作爲PHP 7用戶mysqli_*或PDO預處理語句的完全去除。

請參見下面的鏈接:

Why shouldn't I use mysql_* functions in PHP?

然後利用準備好的語句來防止SQL注入。

How can I prevent SQL injection in PHP?

按照上面的鏈接使用準備好的語句。

這是你的代碼應該是什麼樣子:

的config.php

<?php 
$servername = "localhost"; 
$username = "username"; 
$password = "password"; 
$dbname = "myDB"; 

// Create connection 
$conn = new mysqli($servername, $username, $password, $dbname); 
// Check connection 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 
?>

搜索。php

<?php 


include_once("config.php"); 
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above 

$result = $conn->query($sql); 

if ($result->num_rows > 0) { 
    //Records found print the table 
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP 
    while($row = $result->fetch_assoc()) { 
     //fetch and output each data of row to your table td's 

    } 


}else{ 

//user data not found print message 

}

來源

2017-10-04 11:23:42

相關問題

 相關問題