通过php

时间:2015-11-12 16:25:31

标签: php html

我有五个文本框与我自己的sql数据库中自己的字段相关联。我想要做的是根据用户在文本框中输入的内容从mysql数据库中获取数据。下面是我的HTML编码。

<html>
    <form method="POST" action="t14.php">                        
        Device IP<input type="text" name="D_ip"  size="7%"/><br/>
        Device Name<input type="text" name="name" size="22%" /><br/>
        Interface<input type="text" name="state" size="22%"/> <br/>
        <input type="submit" name="submit" value="Filter"/>                 
    </form>
</html>

我想通过匹配文本框中的所有字段文本来检索数据。如果任何文本框为空,则应跳过。我尝试了以下PHP编码。但它没有用。任何人都知道是什么原因。

    <html>

    <?php
        $servername = "localhost";
        $username = "root";
        $password = "901230358v";
        $dbname = "my";

        // Create connection
        $conn = new mysqli($servername, $username, $password, $dbname);
        // Check connection
        if ($conn->connect_error) {
            die("Connection failed: " . $conn->connect_error);
        } 

if(isset($_POST['submit'])){

            $name = (!empty($_POST['D_ip']) ? mysql_real_escape_string($_POST['D_ip']) : false);
            $total_marks = (!empty($_POST['name']) ? mysql_real_escape_string($_POST['name']) : false);
            $rank = (!empty($_POST['state']) ? mysql_real_escape_string($_POST['state']) : false);

            $sql = "SELECT * FROM 'details' WHERE 1=1";

            if($name){
                $sql.=" AND 'IP' = ".$name;
            }

            if($total_marks){
                $sql.=" AND 'Name' = ".$total_marks;
            }

            if($rank){
                $sql.=" AND 'State' = ".$rank;
            }

            $result = $conn->query($sql); 

            if ($result->num_rows > 0) {
                // output data of each row
                while($row = $result->fetch_assoc()) {
                    echo "ip: " . $row["IP"]. " - Name: " . $row["Name"]. " -State: " . $row["State"]. "<br>";
                }
            } 
            else {
                echo "0 results";
            }
            $conn->close();
    } 
    ?>
    </html>

1 个答案:

答案 0 :(得分:0)

你有引用问题。不应引用表和列名称(如果需要,可以将它们放在反引号中,或者如果需要,可以将它们包含在特殊字符或保留字中)。必须引用字符串值。

您还在混合API - 如果您使用的是mysqli,则必须使用mysqli_real_escape_string,而不是mysql_real_escape_string

if(isset($_POST['submit'])){

    $name = (!empty($_POST['D_ip']) ? $conn->real_escape_string($_POST['D_ip']) : false);
    $total_marks = (!empty($_POST['name']) ? $conn->real_escape_string($_POST['name']) : false);
    $rank = (!empty($_POST['state']) ? $conn->real_escape_string($_POST['state']) : false);

    $sql = "SELECT * FROM details WHERE 1=1";

    if($name){
        $sql.=" AND IP = '".$name."'";
    }

    if($total_marks){
        $sql.=" AND Name = '".$total_marks."'";
    }

    if($rank){
        $sql.=" AND `State` = '".$rank."'";
    }

    $result = $conn->query($sql) or die ($conn->error);

    if ($result->num_rows > 0) {
        // output data of each row
        while($row = $result->fetch_assoc()) {
            echo "ip: " . $row["IP"]. " - Name: " . $row["Name"]. " -State: " . $row["State"]. "<br>";
        }
    } 
    else {
        echo "0 results";
    }
    $conn->close();
}