嗨,我的表单中的搜索没有带来MySQL数据库中表中的数据。
例如,我想搜索邮政编码并重新输入:姓名,地址,联系电话,邮政编码。
任何人都可以帮助我发现代码中的错误吗,因为这对PHP和MySQL来说是很新的
这是我来自phpmyadmin的表项
参考,名称,第1行,第2行,第3行,第4行,第5行,邮政编码,电话,手机,传真,电子邮件
形式
<td><form action="searchresults.php" method="post" name="form1" id="form1">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Find a Active Physio</strong></td>
</tr>
<tr>
<td width="100">Physio Reference</td>
<td width="301"><input name="PhysioReference" type="text" id="PhysioReference" /></td>
</tr>
<tr>
<td>Name of Physio</td>
<td><input name="Physio" type="text" id="Physio" /></td>
</tr>
<tr>
<td>Contact Number</td>
<td><input name="Number" type="text" id="Number" /></td>
</tr>
<tr>
<td>Address</td>
<td><input name="PhysiosAddress" type="text" id="PhysiosAddress" /></td>
</tr>
<tr>
<td>Postcode</td>
<td><input name="postcode" value="" type="text" id="postcode" />
<input type="submit" name="submit" value="Search" /></td>
</tr>
<tr>
<td>Physios Email</td>
<td><input name="PhysiosEmail" type="text" id="PhysiosEmail" /></td>
</tr>
<tr>
<td colspan="3" align="center"> </td>
</tr>
</table>
</form></td>
搜索结果
<?php
require_once('auth.php');
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="Physio"; // Table name
// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
if(!isset($_POST['postcode'])) {
header ("location:index.php");
}
$search_sql="SELECT * FROM `Physio` WHERE Postcode like '%".$_POST['postcode']."%'";
$search_query=mysql_query($search_sql);
$search_rs= mysql_num_rows($search_query) ;
echo "<p> Results </p>" ;
if ($search_rs > 0)
{
echo "<p>".$search_rs['Postcode'] ."</p>" ;
} else {
echo "NO Results found";
}
?>
您仅收到大量结果(请参见mysql_num_rows()手册页),而不是结果本身。使用mysql_fetch_array()代替:
$search_sql = "SELECT * FROM `Physio` WHERE Postcode like '%" . $_POST['postcode'] . "%'";
$search_query = mysql_query($search_sql);
$search_rs = mysql_fetch_array($search_query);
之后,您可以检查是否通过以下方式返回了某些内容:
if (!empty($search_rs))
{
// Results found
}
else
{
// Nothing found...
}
顺便说一句,$_POST
直接将值传递给SQL代码是一个巨大的安全问题,至少可以使用mysql_real_escape_string()使其逃逸。
编辑:要接收多个结果:
$search_sql = "SELECT * FROM `Physio` WHERE Postcode like '%" . $_POST['postcode'] . "%'";
$search_query = mysql_query($search_sql);
while ($search_rs = mysql_fetch_array($search_query))
{
echo $search_rs['Postcode'] . '<br>';
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句