PHP,MySQL-简单搜索,结果不需要
我在我的本地站点上有一个基本的搜索选项,在MySQL中为每个用户使用唯一的8位用户号,它可以工作(例如:如果用户号与用户匹配,它将显示与该用户号关联的所有记录),当搜索结束时,我只会得到不想要的结果,不需要的结果是,例如,如果我搜索一个用户,其编号为12345678,用户退出,它将显示结果,但假设我搜索12345677,用户不存在,我将得到消息user fount,但不显示数据 搜索表格代码:PHP,MySQL-简单搜索,结果不需要,php,mysql,Php,Mysql,我在我的本地站点上有一个基本的搜索选项,在MySQL中为每个用户使用唯一的8位用户号,它可以工作(例如:如果用户号与用户匹配,它将显示与该用户号关联的所有记录),当搜索结束时,我只会得到不想要的结果,不需要的结果是,例如,如果我搜索一个用户,其编号为12345678,用户退出,它将显示结果,但假设我搜索12345677,用户不存在,我将得到消息user fount,但不显示数据 搜索表格代码: <form action="search.php" method="GET"> &l
<form action="search.php" method="GET">
<input type="text" name="query" placeholder="Student Number" autofocus/>
<input type="submit" value="Search" />
</form>
search.php
include_once("config.php");
$query = $_GET['query'];
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
if(empty($result)) {
// } else{
echo "<center><table border='0' id='3'>";
echo "<tr id='2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='loan4'><br />";
echo "<td><center><h1>No Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
echo "<br/>OR</a>";
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
echo "</center></td>";
echo "</tr>";
echo "</table></center>";}
else{
?>
<table width='95%' border='0' id='loan1'>
<tr id='loan2'>
<td width="120">User No.</td>
<td width="130">Full Name</td>
<td width="90">Amount</td>
<td width="100">aken</td>
<td width="100">Due</td>
<td width="248">Notes</td>
<td width="120" align="center">Options</td>
</tr>
<?php
while($res = mysql_fetch_array($result)) {
echo "<tr id='4'>";
echo "<td>".$res['userno']."</td>";
echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']." ".$res['surname']."</a></td>";
echo "<td>".$res['loana']."</td>";
echo "<td>".$res['datet']."</td>";
echo "<td>".$res['dated']."</td>";
echo "<td>".$res['notes']."</td>";
echo "</tr>";
}
echo "<center><table border='0' id='loan3'>";
echo "<tr id='loan2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='4'><br />";
echo "<td><center><h1>Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
include_once(“config.php”);
$query=$\u GET['query'];
$result=mysql_query(“选择*FROM loan,其中userno=$query”);
if(空($result)){
//}其他{
回声“;
回声“;
回显“系统信息”;
回声“
”;
回显“未找到记录”;
回声“
”;
回声“
或”;
回声“
”;
回声“;
回声“;
回声“;}
否则{
?>
用户编号。
全名
数量
阿肯
应得的
笔记
选择权
$result可能不是完全空的
尝试使用mysql\u num\u rows()
例如:
if (mysql_num_rows($result)==0) {
//PERFORM ACTION
}
$result可能不是完全空的
尝试使用mysql\u num\u rows()
例如:
if (mysql_num_rows($result)==0) {
//PERFORM ACTION
}
使用如下所示的mysql\u num\u rows()
修复当前代码:-
<?php
include_once("config.php");
$query = $_GET['query'];
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
if(mysql_num_rows($result) >0) {
?>
<table width='95%' border='0' id='loan1'>
<tr id='loan2'>
<td width="120">User No.</td>
<td width="130">Full Name</td>
<td width="90">Amount</td>
<td width="100">aken</td>
<td width="100">Due</td>
<td width="248">Notes</td>
<td width="120" align="center">Options</td>
</tr>
<?php
while($res = mysql_fetch_array($result)) {
echo "<tr id='4'>";
echo "<td>".$res['userno']."</td>";
echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']." ".$res['surname']."</a></td>";
echo "<td>".$res['loana']."</td>";
echo "<td>".$res['datet']."</td>";
echo "<td>".$res['dated']."</td>";
echo "<td>".$res['notes']."</td>";
echo "</tr>";
}
}else{
echo "<center><table border='0' id='3'>";
echo "<tr id='2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='loan4'><br />";
echo "<td><center><h1>No Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
echo "<br/>OR</a>";
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
echo "</center></td>";
echo "</tr>";
echo "</table></center>";
}?>
用户编号。
全名
数量
阿肯
应得的
笔记
选择权
使用如下所示的mysql\u num\u rows()
修复当前代码:-
<?php
include_once("config.php");
$query = $_GET['query'];
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
if(mysql_num_rows($result) >0) {
?>
<table width='95%' border='0' id='loan1'>
<tr id='loan2'>
<td width="120">User No.</td>
<td width="130">Full Name</td>
<td width="90">Amount</td>
<td width="100">aken</td>
<td width="100">Due</td>
<td width="248">Notes</td>
<td width="120" align="center">Options</td>
</tr>
<?php
while($res = mysql_fetch_array($result)) {
echo "<tr id='4'>";
echo "<td>".$res['userno']."</td>";
echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']." ".$res['surname']."</a></td>";
echo "<td>".$res['loana']."</td>";
echo "<td>".$res['datet']."</td>";
echo "<td>".$res['dated']."</td>";
echo "<td>".$res['notes']."</td>";
echo "</tr>";
}
}else{
echo "<center><table border='0' id='3'>";
echo "<tr id='2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='loan4'><br />";
echo "<td><center><h1>No Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
echo "<br/>OR</a>";
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
echo "</center></td>";
echo "</tr>";
echo "</table></center>";
}?>
用户编号。
全名
数量
阿肯
应得的
笔记
选择权
首先,您需要停止使用mysql\u*
函数,从PHP7用户mysqli\u*
或PDO开始,它们将被折旧并完全删除,并带有准备好的语句
请参阅以下链接:
然后使用准备好的语句来防止sql注入
按照上面的链接使用准备好的语句
以下是代码的外观:
config.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
include_once("config.php");
$query = $_GET['query'];
$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above
$result = $conn->query($sql);
if ($result->num_rows > 0) {
//Records found print the table
//OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
while($row = $result->fetch_assoc()) {
//fetch and output each data of row to your table td's
}
}else{
//user data not found print message
}
search.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
include_once("config.php");
$query = $_GET['query'];
$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above
$result = $conn->query($sql);
if ($result->num_rows > 0) {
//Records found print the table
//OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
while($row = $result->fetch_assoc()) {
//fetch and output each data of row to your table td's
}
}else{
//user data not found print message
}
首先,您需要停止使用mysql\u*
函数,从PHP7用户mysqli\u*
或PDO开始,这些函数将被折旧并完全删除,并带有准备好的语句
请参阅以下链接:
然后使用准备好的语句来防止sql注入
按照上面的链接使用准备好的语句
以下是代码的外观:
config.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
include_once("config.php");
$query = $_GET['query'];
$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above
$result = $conn->query($sql);
if ($result->num_rows > 0) {
//Records found print the table
//OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
while($row = $result->fetch_assoc()) {
//fetch and output each data of row to your table td's
}
}else{
//user data not found print message
}
search.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
include_once("config.php");
$query = $_GET['query'];
$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above
$result = $conn->query($sql);
if ($result->num_rows > 0) {
//Records found print the table
//OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
while($row = $result->fetch_assoc()) {
//fetch and output each data of row to your table td's
}
}else{
//user data not found print message
}
1.停止使用mysqli.*
或PDO
而不是mysqli.*
库。2.必须使用mysql.*
库的num_rows()
来检查是否有数据。3.使用准备好的语句来防止SQL注入(新库有这些语句)Accounting
+mysql.*
+SQL注入
=问题1.停止使用已弃用+已删除的mysql.*库
。使用mysqli.*
或PDO
代替它。2.必须使用num_rows()mysql的
来检查数据是否存在。3.使用准备好的语句
来防止SQL注入
(新库中有这些)会计
+mysql*
+SQL注入
=问题