php搜索功能不工作
我正在尝试做“按名称搜索用户”按钮来搜索用户的数据库,显示“结果错误”无法获取用户详细信息。我不知道哪部分出了问题。请帮帮我。我们将不胜感激。这是我的密码 manageruser.phpphp搜索功能不工作,php,mysqli,Php,Mysqli,我正在尝试做“按名称搜索用户”按钮来搜索用户的数据库,显示“结果错误”无法获取用户详细信息。我不知道哪部分出了问题。请帮帮我。我们将不胜感激。这是我的密码 manageruser.php <?php include("include/config.php"); $name = ""; $username = ""; $password = ""; $ic = ""; $contact = ""; $email = ""; $nationalit
<?php
include("include/config.php");
$name = "";
$username = "";
$password = "";
$ic = "";
$contact = "";
$email = "";
$nationality = "";
$program = "";
$firstintake = "";
function getPosts()
{
$posts = array();
$posts[0] = $_POST['name'];
$posts[1] = $_POST['username'];
$posts[2] = $_POST['password'];
$posts[3] = $_POST['ic'];
$posts[4] = $_POST['contact'];
$posts[5] = $_POST['email'];
$posts[6] = $_POST['nationality'];
$posts[7] = $_POST['program'];
$posts[8] = $_POST['firstintake'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM user WHERE u_name = $data[0]";
$search_Result = mysqli_query($link, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$name = $row['u_name'];
$username = $row['u_unm'];
$password = $row['u_pwd'];
$ic = $row['u_ic'];
$contact = $row['u_contact'];
$email = $row['u_email'];
$nationality = $row['u_national'];
$program = $row['u_program'];
$firstintake = $row['u_fintake'];
}
}
else
{
echo "No Data For This Name";
}
}
else
{
echo "Result Error";
}
}
?>
<fieldset>
<legend>Manage User</legend>
<form name="ManForm" method="post" action="manageuser.php">
<table>
<tr>
<td>Name:</td>
<td><input id="name" name="name" type="text" class="input" pattern="[A-Z\s]+"
title="Please enter capital letters" value="<?php echo $name; ?>">
<span>(Full name) *must capital letters</span></td>
</tr>
<tr>
<td>Username:</td>
<td><input id="username" name="username" type="text" class="input" value="<?php echo $username; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input id="password" name="password" type="password" class="input" value="<?php echo $password; ?>"></td>
</tr>
<tr>
<td>Identity card /Passport number:</td>
<td><input id="ic" name="ic" type="text" class="input" value="<?php echo $ic; ?>"></td>
</tr>
<tr>
<td>Contact number:</td>
<td><input id="contact" name="contact" type="text" class="input" value="<?php echo $contact; ?>"></td>
</tr>
<tr>
<td>Email:</td>
<td><input id="email" name="email" type="text" class="input" value="<?php echo $email; ?>"></td>
</tr>
<tr>
<td>Nationality:</td>
<td><input id="nationality" name="nationality" type="text" class="input" value="<?php echo $nationality; ?>"></td>
</tr>
<tr>
<td>Program:</td>
<td><input id="program" name="program" type="text" class="input" value="<?php echo $program; ?>"></td>
</tr>
<tr>
<td>First intake:</td>
<td><input id="firstintake" name="firstintake" type="text" class="input" value="<?php echo $firstintake; ?>"></td>
</tr>
</table>
<div>
<input type="submit" name="search" value=" Search User By Name">
<input type="submit" name="update" value=" Update User Details">
<input type="submit" name="delete" value=" Delete User ">
</div>
</form>
</fieldset>
<?php
$link= mysqli_connect("localhost","root","","course_registration_system");
?>
管理用户
姓名:
在查询中的搜索字符串周围使用引号,或者尝试使用此方法-
$search\u Query=“从用户中选择*,其中u\u name=”。“$data[0]” 这里的问题是您以错误的方式运行查询。
要运行查询,您应该使用准备好的语句
非常重要的是要理解,仅仅在变量周围添加引号是不够的,最终会导致无数问题,从语法错误到SQL注入。另一方面,由于预处理语句的本质,它是一种防弹的解决方案,不可能通过数据变量引入任何问题
因此,对于运行的每个查询,如果至少要使用一个变量,则必须用占位符替换它,然后准备查询,然后执行查询,分别传递变量
首先,您必须更改查询,添加占位符来代替变量。假设您的查询将变成这样
"SELECT * FROM user WHERE u_name = ?"
$stmt = $link->prepare("SELECT * FROM user WHERE u_name = ?");
$stmt->bind_param("s", $data[0]);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array())
{
然后您必须准备它、绑定变量并执行
所以你应该这样做
"SELECT * FROM user WHERE u_name = ?"
$stmt = $link->prepare("SELECT * FROM user WHERE u_name = ?");
$stmt->bind_param("s", $data[0]);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array())
{
显然你的查询失败了。这就是它输入结果错误的else块的原因。请尝试u\u name='{$data[1]}'
而不是u\u name=$data[0]
。字符串周围没有引号,因此查询失败。由于没有检查代码中的错误,您不知道发生了什么错误。永远不要假设代码总是能够完美地工作。用于从数据库中获取详细的错误消息。您还可以echo$search\u Query
查看其中的内容,然后粘贴到您的mysql FIDLE中。为什么这“工作正常”?代码转储不能得到好的答案。您应该解释这是如何以及为什么解决他们的问题的。你应该读,”