Php MySql查询使用2个提交按钮表单返回空白页面
MySql查询使用2个提交按钮表单返回空白页面。 运行此操作时获得一个没有错误的空白页。我能够显示整个数据库,但在搜索和显示匹配项时遇到困难 index.html页面:Php MySql查询使用2个提交按钮表单返回空白页面,php,mysql,Php,Mysql,MySql查询使用2个提交按钮表单返回空白页面。 运行此操作时获得一个没有错误的空白页。我能够显示整个数据库,但在搜索和显示匹配项时遇到困难 index.html页面: <form action="subjsearch.php" method="post"> <label>First Name:</label><input type="text" name ="firstname"><br><br>
<form action="subjsearch.php" method="post">
<label>First Name:</label><input type="text" name ="firstname"><br><br>
<label>Last Name:</label><input type="text" name ="lastname"><br><br>
<label>Age:</label><input type="text" name="age" size = "2"><br><br>
<label>Tattoo:</label><input type="text" name ="tattoo"><br><br>
<label>Moniker:</label><input type="text" name ="moniker"><br><br>
<input type="submit" name="submitBTN" value="Submit">
<input type="submit" name="searchBTN" value="Search">
<input type="reset" name="resetBTN" value="Reset">
</form>
名字:
姓氏:
年龄:
纹身:
名字对象:
<?php
include 'db.php';
if(isset($_POST['submitBTN'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
$tattoo = $_POST['tattoo'];
$moniker = $_POST['moniker'];
$query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
'$firstname',
'$lastname',
'$age',
'$tattoo',
'$moniker')";
if ($conn->query($query) === TRUE) {
echo "New record created successfully";
} elseif(isset($_POST['searchBTN'])){
$query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
$result = $conn->query($query);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>".$row["id"]."</td><td>".$row["firstName"]." ".$row["lastName"]."</td><td>".$row["age"]."</td><td>".$row["tats"]."</td><td>".$row["moniker"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
}
$conn->close();
}
?>
搜索不起作用,因为它位于if(isset($\u POST['submitBTN']){..}
块内。将if(isset($\u POST['searchBTN']){..}
块移到if(isset($\u POST['submitBTN']){..}
块之外
还对输入值进行了转义,以避免SQL注入。首选的方法是准备语句tho
更新代码:
<?php
include 'db.php';
$firstname = $conn->real_escape_string(isset($_POST['firstname']) ? $_POST['firstname'] : '');
$lastname = $conn->real_escape_string(isset($_POST['lastname']) ? $_POST['lastname'] : '');
$age = $conn->real_escape_string(isset($_POST['age']) ? $_POST['age'] : '');
$tattoo = $conn->real_escape_string(isset($_POST['tattoo']) ? $_POST['tattoo'] : '');
$moniker = $conn->real_escape_string(isset($_POST['moniker']) ? $_POST['moniker'] : '');
if (isset($_POST['submitBTN'])) {
$query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
'$firstname',
'$lastname',
'$age',
'$tattoo',
'$moniker')";
if ($conn->query($query) === true) {
echo "New record created successfully";
}
$conn->close();
}
if (isset($_POST['searchBTN'])) {
$query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
$result = $conn->query($query);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
// output data of each row
while ($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"] . "</td><td>" . $row["firstName"] . " " . $row["lastName"] . "</td><td>" . $row["age"] . "</td><td>" . $row["tats"] . "</td><td>" . $row["moniker"] . "</td></tr>";
}
echo "</table>";
}
else {
echo "0 results";
}
}
?>
error checking\display关闭后,打开它们以查看错误。在php页面顶部添加:ini_集('display_errors','On');ini_集('html_错误',0);错误报告(-1)
并可能在公开之前修复巨大的安全漏洞()搜索将不起作用,因为它位于$\u POST['submitBTN']块中
。将$\u POST['searchBTN']块移动到$\u POST['submitBTN']块外部。