我是PHP的新手。我正在尝试根据用户查询显示搜索结果。我的问题是我没有得到所有其他类似的搜索结果(只显示了确切的结果)。从安全的角度来看,这是我正在实施的正确方法吗?提前谢谢。
define('HOST','localhost');
define('USER','root');
define('PASSWORD_HOST','');
define('DATABASE','test');
if(defined('HOST') && defined('USER') && defined('PASSWORD_HOST') && defined('DATABASE')){
$conn = mysqli_connect(HOST, USER, PASSWORD_HOST, DATABASE);
}else{
die(connection_failed.mysqli_connection_error());
}
这是HTML
<div class="container">
<div class="row">
<div class="col-sm-12">
<form action="" method="POST">
<h4>Search By</h4>
<input type="text" name="delName"/>
<button type="submit" name="submit">search</button>
</form>
</div>
</div>
</div>
这是PHP
if(isset($_POST['submit'])){
$delName = "%{$_POST['delName']}%";
$stmt =$conn->prepare("SELECT id, delName, medName, contact1, contact2, address, pin, creditLimitDealer FROM dealerentrytable WHERE delName LIKE ?");
$stmt->bind_param("s", $delName);
$stmt->execute();
$stmt->bind_result($id, $delName, $medName, $contact1, $contact2,$address,$pin,$creditLimitDealer);
while ($stmt->fetch()) {
echo "<table>";
echo "<tr><td>ID: $id</td>";
echo "<td>delName: $delName</td>";
echo "<td>medName: $medName</td>";
echo "<td>contact1: $contact1</td>";
echo "<td>contact2: $contact2</td>";
echo "<td>address: $address</td>";
echo "<td>pin: $pin</td>";
echo "<td>creditLimitDealer: $creditLimitDealer</td></tr>";
echo "</table>";
}
$stmt->close();
}
?>