我正在尝试"按名称按钮搜索用户"搜索用户的数据库,显示"结果错误"无法获取用户详细信息。我不知道哪个部分出了问题。请帮我。我们将不胜感激。这是我的代码。
manageruser.php
<?php
include("include/config.php");
$name = "";
$username = "";
$password = "";
$ic = "";
$contact = "";
$email = "";
$nationality = "";
$program = "";
$firstintake = "";
function getPosts()
{
$posts = array();
$posts[0] = $_POST['name'];
$posts[1] = $_POST['username'];
$posts[2] = $_POST['password'];
$posts[3] = $_POST['ic'];
$posts[4] = $_POST['contact'];
$posts[5] = $_POST['email'];
$posts[6] = $_POST['nationality'];
$posts[7] = $_POST['program'];
$posts[8] = $_POST['firstintake'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM user WHERE u_name = $data[0]";
$search_Result = mysqli_query($link, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$name = $row['u_name'];
$username = $row['u_unm'];
$password = $row['u_pwd'];
$ic = $row['u_ic'];
$contact = $row['u_contact'];
$email = $row['u_email'];
$nationality = $row['u_national'];
$program = $row['u_program'];
$firstintake = $row['u_fintake'];
}
}
else
{
echo "No Data For This Name";
}
}
else
{
echo "Result Error";
}
}
?>
<fieldset>
<legend>Manage User</legend>
<form name="ManForm" method="post" action="manageuser.php">
<table>
<tr>
<td>Name:</td>
<td><input id="name" name="name" type="text" class="input" pattern="[A-Z\s]+"
title="Please enter capital letters" value="<?php echo $name; ?>">
<span>(Full name) *must capital letters</span></td>
</tr>
<tr>
<td>Username:</td>
<td><input id="username" name="username" type="text" class="input" value="<?php echo $username; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input id="password" name="password" type="password" class="input" value="<?php echo $password; ?>"></td>
</tr>
<tr>
<td>Identity card /Passport number:</td>
<td><input id="ic" name="ic" type="text" class="input" value="<?php echo $ic; ?>"></td>
</tr>
<tr>
<td>Contact number:</td>
<td><input id="contact" name="contact" type="text" class="input" value="<?php echo $contact; ?>"></td>
</tr>
<tr>
<td>Email:</td>
<td><input id="email" name="email" type="text" class="input" value="<?php echo $email; ?>"></td>
</tr>
<tr>
<td>Nationality:</td>
<td><input id="nationality" name="nationality" type="text" class="input" value="<?php echo $nationality; ?>"></td>
</tr>
<tr>
<td>Program:</td>
<td><input id="program" name="program" type="text" class="input" value="<?php echo $program; ?>"></td>
</tr>
<tr>
<td>First intake:</td>
<td><input id="firstintake" name="firstintake" type="text" class="input" value="<?php echo $firstintake; ?>"></td>
</tr>
</table>
<div>
<input type="submit" name="search" value=" Search User By Name">
<input type="submit" name="update" value=" Update User Details">
<input type="submit" name="delete" value=" Delete User ">
</div>
</form>
</fieldset>
的config.php
<?php
$link= mysqli_connect("localhost","root","","course_registration_system");
?>
答案 0 :(得分:0)
这里的问题是你的查询方式错误。
要运行查询,您应该使用预备声明。
理解简单地在变量周围添加引号是不够的非常重要,并且最终会导致无数问题,从语法错误到SQL注入。另一方面,由于预处理语句的本质,它是一种防弹解决方案,无法通过数据变量引入任何问题。
因此,对于您运行的每个查询,如果要使用至少一个变量,则必须用占位符替换它,然后准备查询,然后执行它,分别传递变量。
首先,您必须更改查询,添加占位符代替变量。假设您的查询将变为这样
"SELECT * FROM user WHERE u_name = ?"
然后你必须准备它,绑定变量,然后执行
所以你应该这样做
$stmt = $link->prepare("SELECT * FROM user WHERE u_name = ?");
$stmt->ind_param("s", $data[0]);
$stmt->execute();
$result = $stmt->get_result();
while($row = mysqli_fetch_array($result))
{
答案 1 :(得分:-2)
在查询中使用搜索字符串周围的引号,或者尝试使用 -
$ search_Query =“SELECT * FROM user WHERE u_name ='”。$ data [0]。“'”;