大家好我试图通过PHP选项在网页上显示结果搜索我的代码如下
<?php
include 'db.php';
$tbl_name="socio";
if(isset($_POST['search'])){
$input = $_GET['stYear'];
$sql = "SELECT * FROM socio where year='$input'";
$res = mysqli_query($con, $sql) or die($sql);
while($row = mysqli_fetch_array($res))
{
echo $row['socio'];
}
mysqli_close($con);
}
?>
错误
注意:未定义的索引:第9行的C:\ Apache24 \ htdocs中的stYear
答案 0 :(得分:0)
您尚未验证输入。因此这个问题。 验证并消毒!
in_array($_POST['stYear'], ['2014-15', '2015-16', '2016-17', '2017-18', '2018-19'])此外,如果您只打算使用表单中提供的年份,则可以通过添加<?php
include 'db.php';
if(isset($_POST['search'])) {
$_POST['stYear'] = array_key_exists('stYear', $_POST) && in_array($_POST['stYear'], ['2014-15', '2015-16', '2016-17', '2017-18', '2018-19']) ? $_POST['stYear'] : null;
if (empty($_POST['stYear'])) {
exit('Invalid year given');
}
$sql = "SELECT * FROM socio WHERE year ='$input'";
$res = mysqli_query($con, $sql) or die($sql);
while ($row = mysqli_fetch_array($res)) {
echo 'You selected '.$input;
}
mysqli_close($con);
}
将其列入白名单。
示例如下:
{{1}}