Question

我正在编写代码来从数据库中获取数据，但它会继续标记错误：

注意：未定义的变量：单词in 第7行的C：\ xampp \ htdocs \ Zubby \ admin \ updateword.php

<?php 

if(isset($_POST['submit']))
    $word = $_POST['word'];

    include '../include/config.php' ;
    $sql = "SELECT FROM word WHERE word = $word";

    $fetch = mysqli_query($connect, $sql);
    if ($fetch) {
        echo $word;
    }else{
        echo "No such word exists in the database";
    }

?>

<form name="word-Add" method="POST" action="">
    <input type="text" name="word" placeholder="  Type the Word "><br><br><br><br>
    <input type="submit" name="submit" id="submit" value="Search Word"><br><br><br><br>

</form>

Answer 1

尝试

<?php 

if(isset($_POST['submit']))
{
    $word = $_POST['word'];

    include '../include/config.php' ;
    $sql = "SELECT * FROM word WHERE word = '".$word."'";

    $fetch = mysqli_query($connect, $sql);
    if ($fetch) {
        echo $word;
    }else{
        echo "No such word exists in the database";
    }
}

?>

<form name="word-Add" method="POST" action="">
    <input type="text" name="word" placeholder="  Type the Word "><br><br><br><br>
    <input type="submit" name="submit" id="submit" value="Search Word"><br><br><br><br>

</form>

请注意，您的代码非常不安全！切勿在查询中直接使用用户输入！更好地使用准备好的陈述：http://php.net/manual/en/pdo.prepared-statements.php

可能是错误的原因是什么？

1 个答案: