我正在尝试创建一个查询mysql数据库中信息的下拉菜单。我已经有了这个工作,现在在@jeroen的帮助下,我想我现在已经将所选对象传递给了namesearch16.php。该网页位于: http://swapabook.hostei.com/search16.php
没有错误,但我希望它输出数据库中与查询匹配的行。
我用字符串返回: array(1){[“select1”] => & string(4)“book”}
我有一种感觉,问题是我的声明,我回复了错误的东西。顺便说一句,我的表有5个字段,我想要返回其中4个字样,如精选书,作者,流派,书中的电子邮件
初始文件的代码如下:
<form action="namesearch16.php" method="post">
Name of Book
<?php
mysql_connect("mysql1x.000webhost.com","a4425533_swapabo","xxxxx") or die("Connection Failed");
mysql_select_db('a4425533_swapabo')or die("Connection Failed");
$query = "SELECT * FROM book";
$result = mysql_query($query);
?>
<select name="select1">
<?php
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
?>
<option value="<?php echo $line['book'];?>"> <?php echo $line['book'];?> </option>
<?php
}
?>
</select>
<input type="submit">
</form>
根据@jeroen的输入将第二个文件更改为以下文件:
<?php
$con=mysqli_connect('mysql1x.000webhost.com','a4425533_swapabo','xxxx','a4425533_swapabo');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$namequery="SELECT * FROM book WHERE book = ?";
$namestmt = mysqli_prepare($con, $namequery);
mysqli_stmt_bind_param($namestmt, "s", $_POST['select1']);
var_dump($_POST);
mysqli_stmt_execute($namestmt);
if ($result = mysqli_query($con, $namequery)) {
while($row = mysqli_fetch_array($result))
{
echo $row['book'];
echo "<br>";
echo "got as far as the while loop";
}
}
?>
答案 0 :(得分:0)
$_POST似乎没有book元素,因此您需要更改:
$result = mysqli_query($con,"SELECT * FROM book WHERE book = '$_POST[book]'");
为:
$result = mysqli_query($con,"SELECT * FROM book WHERE book = '$_POST[select1]'");
但是,您需要确保没有SQL注入问题,因此您的查询应该看起来像:
SELECT * FROM book WHERE book = ?
然后准备查询并将$_POST['select1']值绑定到该查询,例如参见this section in the manual。
修改:您的修改存在一些问题(除了拼写错误...):只需按照from the manual步骤操作:
$_POST变量:mysqli_stmt_bind_param($namestmt, "s", $_POST['select1']); 你需要摆脱这一行,因为这意味着要对数据库进行另一次查询:
$result = mysqli_query($con,$namequery);