我正在尝试创建一个执行以下操作的脚本:
这是我目前的代码
HTML表单:
<form action="state.php" method="post">
CharacterName: <input type="text" name="charname">
<input type="submit">
</form>
PHP代码:
$host=localhost;
$username=test;
$password=test;
$db=cq;
$con=mysqli_connect("$host","$username","$password","$db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM cq_user WHERE charname='name'");
while($row = mysqli_fetch_array($result))
{
echo $row['level'] . " " . $row['money'];
echo "<br>";
}
什么阻止我,当我测试我的脚本时它只显示一些像“);?&gt;
答案 0 :(得分:0)
您需要使用$char = $_POST['charname'];从$ _POST获取字符名称,然后至少使用mysqli_real_escape_string清理数据,并将其传递给SQL WHERE charname='{$char}'
答案 1 :(得分:0)
简单(此查询不安全):
$cn = $_POST['charname'];
$result = mysqli_query($con,"SELECT * FROM cq_user WHERE charname='" . $cn . "'");
另外,您可以echo $_POST['charname'];查看是否从表单中获取了值。如果这样做,请直接尝试查询数据库以查看它输出的内容