Fatal编程技术网
  • php/
  • PHP,MySQL-简单搜索,结果不需要

PHP,MySQL-简单搜索,结果不需要

php mysql

PHP,MySQL-简单搜索,结果不需要,php,mysql,Php,Mysql,我在我的本地站点上有一个基本的搜索选项,在MySQL中为每个用户使用唯一的8位用户号,它可以工作(例如:如果用户号与用户匹配,它将显示与该用户号关联的所有记录),当搜索结束时,我只会得到不想要的结果,不需要的结果是,例如,如果我搜索一个用户,其编号为12345678,用户退出,它将显示结果,但假设我搜索12345677,用户不存在,我将得到消息user fount,但不显示数据 搜索表格代码: <form action="search.php" method="GET"> &l

我在我的本地站点上有一个基本的搜索选项,在MySQL中为每个用户使用唯一的8位用户号,它可以工作(例如:如果用户号与用户匹配,它将显示与该用户号关联的所有记录),当搜索结束时,我只会得到不想要的结果,不需要的结果是,例如,如果我搜索一个用户,其编号为12345678,用户退出,它将显示结果,但假设我搜索12345677,用户不存在,我将得到消息user fount,但不显示数据

搜索表格代码:

<form action="search.php" method="GET">
   <input type="text" name="query" placeholder="Student Number" autofocus/>
   <input type="submit" value="Search" />
</form>
search.php

include_once("config.php");
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
 if(empty($result)) {

 //  } else{

echo "<center><table border='0' id='3'>";
echo "<tr id='2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='loan4'><br />";
echo "<td><center><h1>No Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
echo "<br/>OR</a>";
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
echo "</center></td>";
echo "</tr>";
echo "</table></center>";}

  else{  
?>
    <table width='95%' border='0' id='loan1'>

    <tr id='loan2'>
        <td width="120">User No.</td>
        <td width="130">Full Name</td>
        <td width="90">Amount</td>
        <td width="100">aken</td>
        <td width="100">Due</td>
        <td width="248">Notes</td>
        <td width="120" align="center">Options</td>

    </tr>


    <?php 

    while($res = mysql_fetch_array($result)) {  

        echo "<tr id='4'>";
        echo "<td>".$res['userno']."</td>";
        echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>";
        echo "<td>".$res['loana']."</td>";
        echo "<td>".$res['datet']."</td>";
        echo "<td>".$res['dated']."</td>";
        echo "<td>".$res['notes']."</td>";  
        echo "</tr>";   
    }

     echo "<center><table border='0' id='loan3'>";
echo "<tr id='loan2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='4'><br />";
echo "<td><center><h1>Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";

include_once(“config.php”);
$query=$\u GET['query'];
$result=mysql_query(“选择*FROM loan,其中userno=$query”);
if(空($result)){
//}其他{
回声“;
回声“;
回显“系统信息”;
回声“
”;
回显“未找到记录”;
回声“
”;
回声“
或”;
回声“
”;
回声“;
回声“;
回声“;}
否则{
?>
用户编号。
全名
数量
阿肯
应得的
笔记
选择权

$result可能不是完全空的

尝试使用mysql\u num\u rows()

例如:


    if (mysql_num_rows($result)==0) { 
       //PERFORM ACTION
    }



$result可能不是完全空的

尝试使用mysql\u num\u rows()

例如:


    if (mysql_num_rows($result)==0) { 
       //PERFORM ACTION
    }



使用如下所示的
mysql\u num\u rows()
修复当前代码:-


<?php
include_once("config.php");
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
 if(mysql_num_rows($result) >0) {
?>
    <table width='95%' border='0' id='loan1'>

    <tr id='loan2'>
        <td width="120">User No.</td>
        <td width="130">Full Name</td>
        <td width="90">Amount</td>
        <td width="100">aken</td>
        <td width="100">Due</td>
        <td width="248">Notes</td>
        <td width="120" align="center">Options</td>

    </tr>


    <?php 

    while($res = mysql_fetch_array($result)) {  

        echo "<tr id='4'>";
        echo "<td>".$res['userno']."</td>";
        echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>";
        echo "<td>".$res['loana']."</td>";
        echo "<td>".$res['datet']."</td>";
        echo "<td>".$res['dated']."</td>";
        echo "<td>".$res['notes']."</td>";  
        echo "</tr>";   
    }
}else{
        echo "<center><table border='0' id='3'>";
        echo "<tr id='2'>";
        echo "<td><center>System Message</center></td></tr>";
        echo "<tr id='loan4'><br />";
        echo "<td><center><h1>No Record Found</h1>";
        echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
        echo "<br/>OR</a>";
        echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
        echo "</center></td>";
        echo "</tr>";
        echo "</table></center>";
}?>




用户编号。
全名
数量
阿肯
应得的
笔记
选择权

使用如下所示的
mysql\u num\u rows()
修复当前代码:-


<?php
include_once("config.php");
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
 if(mysql_num_rows($result) >0) {
?>
    <table width='95%' border='0' id='loan1'>

    <tr id='loan2'>
        <td width="120">User No.</td>
        <td width="130">Full Name</td>
        <td width="90">Amount</td>
        <td width="100">aken</td>
        <td width="100">Due</td>
        <td width="248">Notes</td>
        <td width="120" align="center">Options</td>

    </tr>


    <?php 

    while($res = mysql_fetch_array($result)) {  

        echo "<tr id='4'>";
        echo "<td>".$res['userno']."</td>";
        echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>";
        echo "<td>".$res['loana']."</td>";
        echo "<td>".$res['datet']."</td>";
        echo "<td>".$res['dated']."</td>";
        echo "<td>".$res['notes']."</td>";  
        echo "</tr>";   
    }
}else{
        echo "<center><table border='0' id='3'>";
        echo "<tr id='2'>";
        echo "<td><center>System Message</center></td></tr>";
        echo "<tr id='loan4'><br />";
        echo "<td><center><h1>No Record Found</h1>";
        echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
        echo "<br/>OR</a>";
        echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
        echo "</center></td>";
        echo "</tr>";
        echo "</table></center>";
}?>




用户编号。
全名
数量
阿肯
应得的
笔记
选择权

首先,您需要停止使用
mysql\u*
函数,从PHP7用户
mysqli\u*
或PDO开始,它们将被折旧并完全删除,并带有准备好的语句

请参阅以下链接:



然后使用准备好的语句来防止sql注入



按照上面的链接使用准备好的语句

以下是代码的外观:

config.php


<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
?>



<?php


include_once("config.php");
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    //Records found print the table
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
    while($row = $result->fetch_assoc()) {
        //fetch and output each data of row to your table td's

    }


}else{

//user data not found print message

}






search.php


<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
?>



<?php


include_once("config.php");
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    //Records found print the table
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
    while($row = $result->fetch_assoc()) {
        //fetch and output each data of row to your table td's

    }


}else{

//user data not found print message

}



首先,您需要停止使用
mysql\u*
函数,从PHP7用户
mysqli\u*
或PDO开始,这些函数将被折旧并完全删除,并带有准备好的语句

请参阅以下链接:



然后使用准备好的语句来防止sql注入



按照上面的链接使用准备好的语句

以下是代码的外观:

config.php


<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
?>



<?php


include_once("config.php");
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    //Records found print the table
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
    while($row = $result->fetch_assoc()) {
        //fetch and output each data of row to your table td's

    }


}else{

//user data not found print message

}






search.php


<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
?>



<?php


include_once("config.php");
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    //Records found print the table
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
    while($row = $result->fetch_assoc()) {
        //fetch and output each data of row to your table td's

    }


}else{

//user data not found print message

}



1.停止使用
mysqli.*
PDO
而不是
mysqli.*
库。2.必须使用
mysql.*
库的
num_rows()
来检查是否有数据。3.使用
准备好的语句来防止
SQL注入
(新库有这些语句)
Accounting
+
mysql.*
+
SQL注入
=问题1.停止使用
已弃用+已删除的mysql.*库
。使用
mysqli.*
PDO
代替它。2.必须使用
num_rows()
mysql的
来检查数据是否存在。3.使用
准备好的语句
来防止
SQL注入
(新库中有这些)
会计
+
mysql*
+
SQL注入
=问题