场景是必须搜索代码,如果代码存在,结果将从MySQL DB中显示,否则显示消息“抱歉,但没有找到结果”。也许重新输入您的EVR编号:或仔细检查您的输入。“
但是,在进行搜索之前,已经显示错误消息。
我做错了什么?
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else { // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
?>
并在同一文件中,在HTML中显示结果:
<form action="index.php" method="POST" class="search">
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<div class="form-group">
<input type="text" name="query" class="form-control" placeholder="Enter Your EVR No." required/>
<button type="submit" id="form-submit" value="Search" class="btn-submit btn btn-big dark-blue-bordered-btn">Submit</button>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<?php
if($no_results!="") // Two times Doule Quotation marks that is, and != means "not equal to". So we mean to say if $code is not equal to empty
{
echo $no_results;
}
else { echo " "; }
我尝试了isset(),empty()但是即使没有进行搜索,错误信息仍会显示。
我错过了什么?
答案 0 :(得分:0)
它粗糙,但那样做。 原因是当加载页面时,您的搜索框为空并且正在执行查询,其中NULL返回0行。
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
if ($query) {
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
&GT;
答案 1 :(得分:0)
<?php
$no_results = NULL;
if (isset($_POST['query']) && strlen($_POST['query']) > 0) {
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
} else {
//no query value
}
&GT;
答案 2 :(得分:0)
echo -n "somevalue" | openssl sha512 -hmac "somekey"这应该是最好的选择...停止使用mysql_ *函数使用PDO或MySQLi。您的代码是 VULNERABLE 到sql-injection