改进我的SQL数据库表单PHP代码

时间:2013-03-08 10:02:33

标签: php sql

有人可以查看我的代码我终于在2天后开始工作并且从这里获得了很多帮助 - 谢谢!

我想对它进行一些调整 -

  • 对于交易ID,如果我搜索交易ID中的任何字母,我会显示记录 - 我只希望它显示一条记录,如果输入了完整的交易ID并且匹配了记录中的记录数据库。交易ID示例:87K07228GD157974M

  • 如果你想要检索你的代码,你必须输入你的姓名,电子邮件和交易日期,这是完美的但是时间也包含在日期中但我不希望任何人必须输入时间以及日期即.... 您目前必须输入:2013-03-07 01:39:23 - 但我想以DD / MM / YY的格式输入 - 这可能吗?

我也不知道代码是否也是安全的,任何建议都会受到赞赏。 谢谢,

这是代码:

findme.html 

<html>

<head>
<title>Search</title>
</head>

<body bgcolor=#ffffff>

<h2>Search Transaction ID</h2>

<form name="search" method="post" action="findme.php">
Seach for: <input type="text" name="find" /> 


<input type="submit" name="search" value="Search" />
</form>
OR

<h2>Search Name, E-Mail & Transaction Date</h2>

<form name="search" method="post" action="findme1.php">
Full Name (on paypal account) <input type="text" name="name" /> <br><br>
Paypal E-Mail Address <input type="text" name="email" />  <br><br>
Transaction Date - DD/MM/YY <input type="text" name="date" /> 


<input type="submit" name="search" value="Search" /><br><br>
If searching via Name, E-Mail & Transaction date, all fields must be completed to     obtain your code.
</form>

</body>

</html>

findme.php 

<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>

<?php

echo "<h2>Search Results:</h2><p>";

//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}

// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password!") or                 die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());

// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");

//And we display the results
while($result = mysql_fetch_array( $iname ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " "; 
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): </b> " .$find;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}

//This counts the number or results - and if there wasn't any it gives them a little     message explaining that
$anymatches=mysql_num_rows($iname);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the     correct details have been entered...<br><br>";
}


?> 


</body>
</html>

findme1.php 

<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>

<?php

echo "<h2>Search Results:</h2><p>";

//If they did not enter a search term we give them an error
if ($name == "")
if ($email == "")
{
echo "<p>Please enter Full Name, E-Mail Address & Transaction Date EXACTLY how they     appear on your PayPal Account...";
exit;
}

// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password") or         die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());

// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$name = mysql_query("SELECT * FROM ibn_table WHERE iemail = '$email' AND iname =     '$name' AND itransaction_date = '$date'");

//And we display the results
while($result = mysql_fetch_array( $name ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " "; 
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): " .$name;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}

//This counts the number or results - and if there wasn't any it gives them a little     message explaining that
$anymatches=mysql_num_rows($name);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the     correct details have been entered...<br><br>";
}


?> 


</body>
</html>

我的数据库中的字段是:

iname
iemail
itransaction_id
ipaymentstatus
itransaction_date

谢谢!

1 个答案:

答案 0 :(得分:2)

如交易ID评论中所述,您有: $iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");

LIKE %$find%$find的任何部分相匹配,这就是您获得单字母结果的原因。将其更改为:

$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id = '$find'");

对于日期问题,您可以决定从用户那里获取的内容,例如:

如果你采取:

$date = "12-11-2012"; //(dd-mm-yyyy)

$split = explode("-", $date);

然后您可以使用它来生成SQL日期/时间格式:

$sql_date = date("Y-m-d h:i:s", mktime(0, 0, 0, (int) $split[1], (int) $split[0], (int) $split[2]))

并在sql查询中:

transaction_date LIKE '$sql_date%'

最后不要使用mysql_*它已被弃用。而是使用mysqli

相关问题
最新问题