1. 首頁
  2. 問答
  3. PHP mysql $ _POST搜索問題

PHP mysql $ _POST搜索問題

2014-02-25 84 views
1

我無法讓我的搜索功能正常工作。我沒有看到任何PHP錯誤,但頁面刷新並重新顯示數據庫列。我希望它只顯示搜索查詢的結果。

例如,如果我搜索「邁克」我想在「Tech_Num」顯示所有米凱什,「Tech_F_Name」,「Tech_L_Name」和「Mobile_Num」。

代碼:

<?php 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

//Include the connection 
include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 

if (isset($_POST['searchquery'])) { 

    $result = mysqli_query($con, "SELECT * FROM tech_info"); 
    $search_term = $_POST['searchquery']; 
    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 
    $sql .= " OR Tech_L_Name = '{$search_term}'"; 
} 
?> 

<form action="test2.php" method="POST"> 
    Search: <input type="text" name="searchquery" /> 
    <input type="submit" name="searchname" value="Search Me"> 
</form> 

<table width="70%" cellpadding="5" cellspace="5"> 

    <tr> 
     <td><strong>Tech_Num</strong></td> 
     <td><strong>First Name</strong></td> 
     <td><strong>Last Name</strong></td> 
     <td><strong>Mobile Number</strong></td> 
    </tr> 

<?php 
while ($row = mysqli_fetch_array($result)) { 
    ?> 

     <tr> 
      <td><?php echo $row['Tech_Num']; ?> 
      <td><?php echo $row['Tech_F_Name']; ?> 
      <td><?php echo $row['Tech_L_Name']; ?> 
      <td><?php echo $row['Mobile_Num']; ?> 


<?php } ?> 

</table>

來源

2014-02-25 cableguy

+1

僅供參考,您可以[SQL注入](http://stackoverflow.com/q/60174) –

+1

您實際上並未運行整個查詢。 *在運行查詢之後,將where子句附加到查詢的部分會發生*。實際上,這三條線根本就什麼都不做。 –

回答

5 
<?php 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

//Include the connection 
include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 

if (isset($_POST['searchquery'])) { 
    $search_term = mysql_real_escape_string($_POST['searchquery']); 
    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 
    $sql .= " OR Tech_L_Name = '{$search_term}'"; 



} 
$result = mysqli_query($con, $sql); 
?>

你的東西是錯誤的順序,需要你使用它之前生成SQL查詢。

來源

2014-02-25 21:13:35

+1

我想補充一點,應該在這裏使用準備好的語句,或者您應該避免輸入以避免SQL注入 –

1

您的操作順序看起來不對。您應該先創建$ sql變量,然後將其發送到數據庫?喜歡的東西:

if (isset($_POST['searchquery'])) { 

    $search_term = $_POST['searchquery']; 

    $sql .= "WHERE Tech_F_Name = '{$search_term}'"; 

    $sql .= " OR Tech_L_Name = '{$search_term}'"; 

    $result = mysqli_query($con, $sql); 

}

此外,對於初學者來說,更換:

$search_term = $_POST['searchquery']; 


$search_term = mysql_real_escape_string($_POST['searchquery']);

來源

2014-02-25 21:14:45

0

我覺得你是如此的困惑這個腳本:-) 如果你想在搜索一些數據庫顏色,你試圖寫這樣的東西:

include "connect.php"; 

$sql = "SELECT * FROM tech_info "; 


if (isset($_POST['searchquery'])) { 


$search_term = $_POST['searchquery']; 

$sql .= "WHERE Tech_F_Name = '{$search_term}'"; 

$sql .= " OR Tech_L_Name = '{$search_term}'"; 

} 

$result = mysqli_query($con, $sql); 

while ($row = mysqli_fetch_array($result)) {}

來源

2014-02-25 21:19:09

相關問題

 相關問題