PHP,MySQL - 简单搜索不需要的结果

时间:2017-10-04 11:08:14

标签: php mysql

我的本​​地网站上有一个基本的搜索选项,它为MySQL中的每个用户使用唯一的8位用户编号并且它可以工作(例如:如果用户编号与用户匹配,它将显示与该用户相关的所有记录用户编号)它只是在搜索结束时得到不需要的结果,而不想要的结果是,例如我搜索具有以下no 12345678的用户并且用户退出它将显示结果但是让我说我​​做了搜索12345677并且用户不存在我将收到消息User fount但没有显示数据。

搜索表单代码:

<form action="search.php" method="GET">
   <input type="text" name="query" placeholder="Student Number" autofocus/>
   <input type="submit" value="Search" />
</form>

的search.php 

include_once("config.php");
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
 if(empty($result)) {

 //  } else{

echo "<center><table border='0' id='3'>";
echo "<tr id='2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='loan4'><br />";
echo "<td><center><h1>No Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
echo "<br/>OR</a>";
echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
echo "</center></td>";
echo "</tr>";
echo "</table></center>";}

  else{  
?>
    <table width='95%' border='0' id='loan1'>

    <tr id='loan2'>
        <td width="120">User No.</td>
        <td width="130">Full Name</td>
        <td width="90">Amount</td>
        <td width="100">aken</td>
        <td width="100">Due</td>
        <td width="248">Notes</td>
        <td width="120" align="center">Options</td>

    </tr>


    <?php 

    while($res = mysql_fetch_array($result)) {  

        echo "<tr id='4'>";
        echo "<td>".$res['userno']."</td>";
        echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>";
        echo "<td>".$res['loana']."</td>";
        echo "<td>".$res['datet']."</td>";
        echo "<td>".$res['dated']."</td>";
        echo "<td>".$res['notes']."</td>";  
        echo "</tr>";   
    }

     echo "<center><table border='0' id='loan3'>";
echo "<tr id='loan2'>";
echo "<td><center>System Message</center></td></tr>";
echo "<tr id='4'><br />";
echo "<td><center><h1>Record Found</h1>";
echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";

我也试过!empty,但没有快乐,非常感谢任何帮助。

3 个答案:

答案 0 :(得分:1)

$ result可能不完全为空。

尝试使用mysql_num_rows()。

示例:

    if (mysql_num_rows($result)==0) { 
       //PERFORM ACTION
    }

答案 1 :(得分:1)

使用mysql_num_rows()修复当前代码,如下所示: - 

<?php
include_once("config.php");
$query = $_GET['query']; 
$result = mysql_query("SELECT * FROM loan WHERE userno=$query");
 if(mysql_num_rows($result) >0) {
?>
    <table width='95%' border='0' id='loan1'>

    <tr id='loan2'>
        <td width="120">User No.</td>
        <td width="130">Full Name</td>
        <td width="90">Amount</td>
        <td width="100">aken</td>
        <td width="100">Due</td>
        <td width="248">Notes</td>
        <td width="120" align="center">Options</td>

    </tr>


    <?php 

    while($res = mysql_fetch_array($result)) {  

        echo "<tr id='4'>";
        echo "<td>".$res['userno']."</td>";
        echo "<td><a href=\"receipt.php?id=$res[id]\" target=\"_blank\">".$res['name']."&nbsp;".$res['surname']."</a></td>";
        echo "<td>".$res['loana']."</td>";
        echo "<td>".$res['datet']."</td>";
        echo "<td>".$res['dated']."</td>";
        echo "<td>".$res['notes']."</td>";  
        echo "</tr>";   
    }
}else{
        echo "<center><table border='0' id='3'>";
        echo "<tr id='2'>";
        echo "<td><center>System Message</center></td></tr>";
        echo "<tr id='loan4'><br />";
        echo "<td><center><h1>No Record Found</h1>";
        echo "<br/><a href='index.php' class='button button1 link'>Go back</a>";
        echo "<br/>OR</a>";
        echo "<br/><a href='add_new_loan.php' class='button button1 link'>Add New Loan</a>";
        echo "</center></td>";
        echo "</tr>";
        echo "</table></center>";
}?>

注意: -

停止使用deprecated+removed mysql_* library。使用mysqli_*PDO以及prepared statements来阻止SQL INJECTION

REFREENCE: -

mysqli_* with prepared statements

PDO with prepared statements

答案 2 :(得分:1)

首先需要停止使用mysql_*函数,从PHP 7用户mysqli_*或带有预准备语句的PDO开始,它们将被折旧并完全删除。

请参阅以下链接:

Why shouldn't I use mysql_* functions in PHP?

然后使用预准备语句来阻止sql注入。

How can I prevent SQL injection in PHP?

按照上面的链接使用准备好的陈述。

这就是你的代码的外观:

<强>的config.php 

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
?>

<强>的search.php 

<?php


include_once("config.php");
$query = $_GET['query']; 

$sql = "SELECT * FROM loan WHERE userno= $query "; // use prepared statements from the link I provided above

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    //Records found print the table
    //OUTPUT THE TABLE AND HEADINGS HERE BEFORE THE LOOP
    while($row = $result->fetch_assoc()) {
        //fetch and output each data of row to your table td's

    }


}else{

//user data not found print message

}
相关问题
最新问题