我创建了一个下拉菜单,但出了点问题。当我选择基本数字时,它似乎不保存数据。我在文本框中放了一个值,例如2012456824,然后数据出来了,但是当我没有输入值时,数据也会出来。
导致这种情况的原因是什么?
dropdownmenu.html
<form action="searchbook2.php" method="post">
<font color=black>Search By : </font>
<select name="choose">
<option selected="selected">-Please Choose-</option>
<option value="matricNo">Matric No.</option>
<option value="bookAccession">Accession No.</option>
</select>
<input type="text" name="search">
<input type="submit" name="submit" value="search" style="background:#996699"><br><br>
</form>
searchbook2.php
<?php
echo "<center><br><br>";
$choose = $_POST['choose'];
if($choose == 'matricNo'){
$search = $_POST['search'];
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.book_Title, b.book_Status
FROM book b
INNER JOIN patrons p
ON b.patron_ID = p.patron_ID
WHERE b.patron_ID LIKE '%$search%'");
if(mysql_num_rows($sql) > 0) {
while($data = mysql_fetch_array($sql)) {
$patron_ID = $data['patron_ID'];
echo "<br><br><table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Loan Item</td></tr>";
echo "<td width='200'> Patron Id : </td><td width='473'>".$data['patron_ID']."</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>".$data['patron_Name']."</td>";
echo "</tr><tr>";
echo "<td> Book Accession : </td><td>".$data['book_Accession']."</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>".$data['book_Title']."</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>".$data['book_Status']."</td>";
echo "</tr><tr>";
echo '<td colspan="2" align=center><a href="bookDetail.php?patron_ID=' . $data['patron_ID'] . '"
onClick="javascript:return confirm(\'Do you want see this information ?\')">Click Here</a></td>';
echo "</tr>";
echo "</table>";
echo "<br><Br><br>";
}
}
}else if($choose == 'bookAccession'){
$search = $_POST['search'];
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.ISBN, b.book_Title, b.book_Author, b.book_Status, b.book_Year,
b.book_Category
FROM book b
INNER JOIN patrons p
ON b.book_Accession = p.book_Accession
WHERE b.book_Accession LIKE '%$search%'");
if(mysql_num_rows($sql) > 0) {
while($data = mysql_fetch_array($sql)) {
$book_Accession = $data['book_Accession'];
echo "<table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Book Information</td></tr>";
echo "<td width='200'> Accession No. : </td><td width='473'>".$data['book_Accession']."</td>";
echo "</tr><tr>";
echo "<td> Patron Id : </td><td>".$data['patron_ID']."</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>".$data['patron_Name']."</td>";
echo "</tr><tr>";
echo "<td> Book Isbn : </td><td>".$data['ISBN']."</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>".$data['book_Title']."</td>";
echo "</tr><tr>";
echo "<td> Book Author : </td><td>".$data['book_Author']."</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>".$data['book_Status']."</td>";
echo "</tr><tr>";
echo "<td> Book Year : </td><td>".$data['book_Year']."</td>";
echo "</tr><tr>";
echo "<td> Book Category : </td><td>".$data['book_Category']."</td>";
}
echo "</table>";
echo "<br><br>";
}
}
else{
echo "Sorry the data you have been search is not available";
}
?>
答案 0 :(得分:0)
我认为您的问题是您没有验证$_POST['search']。因此,如果它是空的,那么您的查询将是这样的:WHERE b.patron_ID LIKE '%%'"什么将返回您数据库中的所有记录。
if (!empty($search)) {
//Show the table
} else {
echo 'Plase provide a search condition!';
}
使用mysql_real_escape_string转义你的字符串,如果你这样做是为了避免SQL注入,但是如果使用mysqli_ *函数或PDO则最好,因为不推荐使用mysql_ *函数。
更新:
你走了。
<?php
echo "<center><br><br>";
$choose = $_POST['choose'];
if ($choose == 'matricNo') {
$search = mysql_real_escape_string($_POST['search']);
if (!empty($search)) { //<---- HERE IS A CHECK
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.book_Title, b.book_Status
FROM book b
INNER JOIN patrons p
ON b.patron_ID = p.patron_ID
WHERE b.patron_ID LIKE '%$search%'");
if (mysql_num_rows($sql) > 0) {
while ($data = mysql_fetch_array($sql)) {
$patron_ID = $data['patron_ID'];
echo "<br><br><table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Loan Item</td></tr>";
echo "<td width='200'> Patron Id : </td><td width='473'>" . $data['patron_ID'] . "</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>" . $data['patron_Name'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Accession : </td><td>" . $data['book_Accession'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>" . $data['book_Title'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>" . $data['book_Status'] . "</td>";
echo "</tr><tr>";
echo '<td colspan="2" align=center><a href="bookDetail.php?patron_ID=' . $data['patron_ID'] . '"
onClick="javascript:return confirm(\'Do you want see this information ?\')">Click Here</a></td>';
echo "</tr>";
echo "</table>";
echo "<br><Br><br>";
}
}
} else {
//This happens if no search criteria given
echo "Please provide a search condition";
}
} else if ($choose == 'bookAccession') {
$search = mysql_real_escape_string($_POST['search']);
if (!empty($search)) { //<---- HERE IS A CHECK
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.ISBN, b.book_Title, b.book_Author, b.book_Status, b.book_Year,
b.book_Category
FROM book b
INNER JOIN patrons p
ON b.book_Accession = p.book_Accession
WHERE b.book_Accession LIKE '%$search%'");
if (mysql_num_rows($sql) > 0) {
while ($data = mysql_fetch_array($sql)) {
$book_Accession = $data['book_Accession'];
echo "<table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Book Information</td></tr>";
echo "<td width='200'> Accession No. : </td><td width='473'>" . $data['book_Accession'] . "</td>";
echo "</tr><tr>";
echo "<td> Patron Id : </td><td>" . $data['patron_ID'] . "</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>" . $data['patron_Name'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Isbn : </td><td>" . $data['ISBN'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>" . $data['book_Title'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Author : </td><td>" . $data['book_Author'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>" . $data['book_Status'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Year : </td><td>" . $data['book_Year'] . "</td>";
echo "</tr><tr>";
echo "<td> Book Category : </td><td>" . $data['book_Category'] . "</td>";
}
echo "</table>";
echo "<br><br>";
}
} else {
//This happens if no search criteria given
echo "Please provide a search condition";
}
} else {
echo "Sorry the data you have been search is not available";
}
?>
答案 1 :(得分:0)
我已编辑代码以检查$_POST['search']是否为空。
<?php
echo "<center><br><br>";
if($_POST['search']!=null)// This line checks if your POST parameter search is null or not.
{
$choose = $_POST['choose'];
if($choose == 'matricNo'){
$search = $_POST['search'];
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.book_Title, b.book_Status
FROM book b
INNER JOIN patrons p
ON b.patron_ID = p.patron_ID
WHERE b.patron_ID LIKE '%$search%'");
if(mysql_num_rows($sql) > 0) {
while($data = mysql_fetch_array($sql)) {
$patron_ID = $data['patron_ID'];
echo "<br><br><table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Loan Item</td></tr>";
echo "<td width='200'> Patron Id : </td><td width='473'>".$data['patron_ID']."</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>".$data['patron_Name']."</td>";
echo "</tr><tr>";
echo "<td> Book Accession : </td><td>".$data['book_Accession']."</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>".$data['book_Title']."</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>".$data['book_Status']."</td>";
echo "</tr><tr>";
echo '<td colspan="2" align=center><a href="bookDetail.php?patron_ID=' . $data['patron_ID'] . '"
onClick="javascript:return confirm(\'Do you want see this information ?\')">Click Here</a></td>';
echo "</tr>";
echo "</table>";
echo "<br><Br><br>";
}
}
}else if($choose == 'bookAccession'){
$search = $_POST['search'];
$sql = mysql_query("SELECT b.book_Accession, b.patron_ID, p.patron_Name, b.ISBN, b.book_Title, b.book_Author, b.book_Status, b.book_Year,
b.book_Category
FROM book b
INNER JOIN patrons p
ON b.book_Accession = p.book_Accession
WHERE b.book_Accession LIKE '%$search%'");
if(mysql_num_rows($sql) > 0) {
while($data = mysql_fetch_array($sql)) {
$book_Accession = $data['book_Accession'];
echo "<table width='486' height='314' border='1' cellpadding='0' cellspacing='0' >";
echo "<tr><td colspan=2 align=center bgcolor=gray>Book Information</td></tr>";
echo "<td width='200'> Accession No. : </td><td width='473'>".$data['book_Accession']."</td>";
echo "</tr><tr>";
echo "<td> Patron Id : </td><td>".$data['patron_ID']."</td>";
echo "</tr><tr>";
echo "<td> Patron Name : </td><td>".$data['patron_Name']."</td>";
echo "</tr><tr>";
echo "<td> Book Isbn : </td><td>".$data['ISBN']."</td>";
echo "</tr><tr>";
echo "<td> Book Title : </td><td>".$data['book_Title']."</td>";
echo "</tr><tr>";
echo "<td> Book Author : </td><td>".$data['book_Author']."</td>";
echo "</tr><tr>";
echo "<td> Book Status : </td><td>".$data['book_Status']."</td>";
echo "</tr><tr>";
echo "<td> Book Year : </td><td>".$data['book_Year']."</td>";
echo "</tr><tr>";
echo "<td> Book Category : </td><td>".$data['book_Category']."</td>";
}
echo "</table>";
echo "<br><br>";
}
}
else{
echo "Sorry the data you have been search is not available";
}
}
else
{
echo 'Search keyword is blank';
}
?>