Fatal编程技术网
  • php/
  • php搜索功能不工作

php搜索功能不工作

php

php搜索功能不工作,php,mysqli,Php,Mysqli,我正在尝试做“按名称搜索用户”按钮来搜索用户的数据库,显示“结果错误”无法获取用户详细信息。我不知道哪部分出了问题。请帮帮我。我们将不胜感激。这是我的密码 manageruser.php <?php include("include/config.php"); $name = ""; $username = ""; $password = ""; $ic = ""; $contact = ""; $email = ""; $nationalit

我正在尝试做“按名称搜索用户”按钮来搜索用户的数据库,显示“结果错误”无法获取用户详细信息。我不知道哪部分出了问题。请帮帮我。我们将不胜感激。这是我的密码

manageruser.php

<?php 
include("include/config.php");

   $name = "";
   $username = "";
   $password = "";
   $ic = "";
   $contact = "";
   $email = "";
   $nationality = "";
   $program = "";
   $firstintake = "";

   function getPosts()
   {
       $posts = array();
       $posts[0] = $_POST['name'];
       $posts[1] = $_POST['username'];
       $posts[2] = $_POST['password'];
       $posts[3] = $_POST['ic'];
       $posts[4] = $_POST['contact'];
       $posts[5] = $_POST['email'];
       $posts[6] = $_POST['nationality'];
       $posts[7] = $_POST['program'];
       $posts[8] = $_POST['firstintake'];
       return $posts;
   }

// Search
   if(isset($_POST['search']))
   {
       $data = getPosts();

       $search_Query = "SELECT * FROM user WHERE u_name = $data[0]";

       $search_Result = mysqli_query($link, $search_Query);

       if($search_Result)
       {
          if(mysqli_num_rows($search_Result))
          {
            while($row = mysqli_fetch_array($search_Result))
            {
                $name = $row['u_name'];
                $username = $row['u_unm'];
                $password = $row['u_pwd'];
                $ic = $row['u_ic'];
                $contact = $row['u_contact'];
                $email = $row['u_email'];
                $nationality = $row['u_national'];
                $program = $row['u_program'];
                $firstintake = $row['u_fintake'];
            }
          }
          else
          {
            echo "No Data For This Name";
          }
       }
       else
       {
        echo "Result Error";
       }
   }

?>

<fieldset>
<legend>Manage User</legend>
<form name="ManForm" method="post" action="manageuser.php">
<table>
    <tr>
        <td>Name:</td>
        <td><input id="name" name="name" type="text" class="input" pattern="[A-Z\s]+" 
        title="Please enter capital letters" value="<?php echo $name; ?>">
        <span>(Full name) *must capital letters</span></td>
    </tr>

    <tr>
        <td>Username:</td>
        <td><input id="username" name="username" type="text" class="input" value="<?php echo $username; ?>"></td>
    </tr>

    <tr>
        <td>Password:</td>
        <td><input id="password" name="password" type="password" class="input" value="<?php echo $password; ?>"></td>
    </tr>

    <tr>
        <td>Identity card /Passport number:</td>
        <td><input id="ic" name="ic" type="text" class="input" value="<?php echo $ic; ?>"></td>
    </tr>

    <tr>
        <td>Contact number:</td>
        <td><input id="contact" name="contact" type="text" class="input" value="<?php echo $contact; ?>"></td>
    </tr>

    <tr>
        <td>Email:</td>
        <td><input id="email" name="email" type="text" class="input" value="<?php echo $email; ?>"></td>
    </tr>

    <tr>
        <td>Nationality:</td>
        <td><input id="nationality" name="nationality" type="text" class="input" value="<?php echo $nationality; ?>"></td>
    </tr>

    <tr>
        <td>Program:</td>
        <td><input id="program" name="program" type="text" class="input" value="<?php echo $program; ?>"></td>
    </tr>

    <tr>
        <td>First intake:</td>
        <td><input id="firstintake" name="firstintake" type="text" class="input" value="<?php echo $firstintake; ?>"></td>
    </tr>
</table>

    <div>
        <input type="submit" name="search" value="  Search User By Name">
        <input type="submit" name="update" value="  Update User Details">
        <input type="submit" name="delete" value="  Delete User ">
    </div>

</form>
</fieldset>

<?php

    $link= mysqli_connect("localhost","root","","course_registration_system");

?>


管理用户
姓名:

在查询中的搜索字符串周围使用引号,或者尝试使用此方法-


$search\u Query=“从用户中选择*,其中u\u name=”。“$data[0]”
 这里的问题是您以错误的方式运行查询。

要运行查询,您应该使用准备好的语句

非常重要的是要理解,仅仅在变量周围添加引号是不够的,最终会导致无数问题,从语法错误到SQL注入。另一方面,由于预处理语句的本质,它是一种防弹的解决方案,不可能通过数据变量引入任何问题

因此,对于运行的每个查询,如果至少要使用一个变量,则必须用占位符替换它,然后准备查询,然后执行查询,分别传递变量

首先,您必须更改查询,添加占位符来代替变量。假设您的查询将变成这样


"SELECT * FROM user WHERE u_name = ?"



$stmt = $link->prepare("SELECT * FROM user WHERE u_name = ?");
$stmt->bind_param("s", $data[0]);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array())
{


然后您必须准备它、绑定变量并执行

所以你应该这样做


"SELECT * FROM user WHERE u_name = ?"



$stmt = $link->prepare("SELECT * FROM user WHERE u_name = ?");
$stmt->bind_param("s", $data[0]);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array())
{



显然你的查询失败了。这就是它输入结果错误的else块的原因。请尝试
u\u name='{$data[1]}'
而不是
u\u name=$data[0]
。字符串周围没有引号,因此查询失败。由于没有检查代码中的错误,您不知道发生了什么错误。永远不要假设代码总是能够完美地工作。用于从数据库中获取详细的错误消息。您还可以
echo$search\u Query
查看其中的内容,然后粘贴到您的mysql FIDLE中。为什么这“工作正常”?代码转储不能得到好的答案。您应该解释这是如何以及为什么解决他们的问题的。你应该读,”