在php中运行两个查询

时间:2018-06-01 11:48:58

标签: php html

我需要帮助尝试使下面的PHP代码工作。代码在Users表上搜索User。在进行搜索时,我想在另一个名为scan的表中插入搜索的时间戳。这样做的目的是创建一个包含表扫描的报告,因为我希望每次搜索用户时都能看到。

但是,除了第二个查询之外,一切都有效。任何人都可以帮我确定下面的PHP代码有什么问题,我该如何使它工作?同样,我想使第二个查询(INSERT INTO)工作并将搜索到的数据插入scan表。

 <?php
    // initalize the variables 
    $osha      = "";
    $firstname = "";
    $lastname  = "";
    $company   = "";
    $trade     = "";

    // php code to search data in mysql database and set it in input text
    if(isset($_POST['search']))
    {
        // connect to mysql
        $dbc = mysqli_connect("127.0.0.1", "root", "root","demodb");

        // id to search
        $user_id = mysqli_real_escape_string($dbc, $_POST['user_id']);

        $query = "SELECT * FROM Users WHERE user_id = '$user_id' LIMIT 1";
        $rs    = mysqli_query($dbc, $query);
        if (mysqli_num_rows($rs) == 1)
        {
          $row       = mysqli_fetch_array($rs);
          $osha      = $row['osha'];
          $firstname = $row['firstname'];
          $lastname  = $row['lastname'];
          $company   = $row['company'];
          $trade     = $row['trade'];

          $query     = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) VALUES (" .
            "'" . $user_id . "', '" .
            "'" . mysqli_real_escape_string($dbc, $osha     ) . "', '" .
            "'" . mysqli_real_escape_string($dbc, $firstname) . "', '" .
            "'" . mysqli_real_escape_string($dbc, $lastname ) . "', '" .
            "'" . mysqli_real_escape_string($dbc, $company  ) . "', '" .
            "'" . mysqli_real_escape_string($dbc, $trade    ) . "')";
          mysqli_query($dbc, $query);
        }
        else
        {
          echo "Undefined ID";
        }
    }    
    ?>

    <!DOCTYPE html>

    <html>

        <head>

            <title> PHP FIND DATA </title>

            <meta charset="UTF-8">

            <meta name="viewport" content="width=device-width, initial-scale=1.0">

        </head>

        <body>

        <form action="barcode.php" method="post">

        Id:<input type="text" name="user_id"><br><br>

        Osha #:<input type="text" name="osha" value="<?= htmlspecialchars($osha) ?>"><br><br>

            First Name:<input type="text" name="firstname" value="<?= htmlspecialchars($firstname) ?>"><br>
    <br>

            Last Name:<input type="text" name="lastname" value="<?= htmlspecialchars($lastname) ?>"><br><br>

        Company:<input type="text" name="company" value="<?= htmlspecialchars($company) ?>"><br><br>

        Trade:<input type="text" name="trade" value="<?= htmlspecialchars($trade) ?>"><br><br>

        <input type="submit" name="search" value="Find">

               </form>

        </body>

    </html>

添加表定义

Users

| Users | CREATE TABLE `Users` (
  `user_id` int(6) unsigned NOT NULL AUTO_INCREMENT,
  `osha` int(50) DEFAULT NULL,
  `firstname` varchar(30) NOT NULL,
  `lastname` varchar(30) NOT NULL,
  `company` varchar(50) DEFAULT NULL,
  `trade` varchar(50) DEFAULT NULL,
  `email` varchar(50) DEFAULT NULL,
  `picture` varchar(50) DEFAULT NULL,
  `reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=98819 DEFAULT CHARSET=latin1 |

scan

| scan  | CREATE TABLE `scan` (
  `user_id` int(6) unsigned NOT NULL DEFAULT '0',
  `osha` int(50) DEFAULT NULL,
  `firstname` varchar(30) NOT NULL,
  `lastname` varchar(30) NOT NULL,
  `company` varchar(50) DEFAULT NULL,
  `trade` varchar(50) DEFAULT NULL,
  `email` varchar(50) DEFAULT NULL,
  `picture` varchar(50) DEFAULT NULL,
  `reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |

3 个答案:

答案 0 :(得分:2)

您插入的数据少于声明要插入的字段。字段&#39;电子邮件&#39;没有值。和&#39;图片&#39;。至少这可能是你遇到问题的原因。

答案 1 :(得分:2)

您的查询会在值上显示2个单引号。

试试这个。

<?xml version="1.0" encoding="utf-8" ?>
<connectionStrings>
  <add name="connString" connectionString="yourConnectionstringhere"/>
</connectionStrings>

我还建议使用mysql参数进行良好实践

答案 2 :(得分:0)

未经测试,但在查看此内容时,每个mysqli_real_escape_string行末尾都会有大量额外的,不需要的引号:

 <?php
    // initalize the variables 
    $osha      = "";
    $firstname = "";
    $lastname  = "";
    $company   = "";
    $trade     = "";

    // php code to search data in mysql database and set it in input text
    if(isset($_POST['search']))
    {
        // connect to mysql
        $dbc = mysqli_connect("127.0.0.1", "root", "root","demodb");

        // id to search
        $user_id = mysqli_real_escape_string($dbc, $_POST['user_id']);

        $query = "SELECT * FROM Users WHERE user_id = '$user_id' LIMIT 1";
        $rs    = mysqli_query($dbc, $query);
        if (mysqli_num_rows($rs) == 1)
        {
          $row       = mysqli_fetch_array($rs);
          $osha      = $row['osha'];
          $firstname = $row['firstname'];
          $lastname  = $row['lastname'];
          $company   = $row['company'];
          $trade     = $row['trade'];

          $query     = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) VALUES (" .
            "'" . $user_id . "'," .
            "'" . mysqli_real_escape_string($dbc, $osha     ) . "', " .
            "'" . mysqli_real_escape_string($dbc, $firstname) . "', " .
            "'" . mysqli_real_escape_string($dbc, $lastname ) . "', " .
            "'" . mysqli_real_escape_string($dbc, $company  ) . "', " .
            "'" . mysqli_real_escape_string($dbc, $trade    ) . "')";
          mysqli_query($dbc, $query);
        }
        else
        {
          echo "Undefined ID";
        }
    }    
    ?>
相关问题
最新问题