我试图将其转到用户可以输入数据库中已有名称的位置。一旦他们选择" Go",我需要它来显示contact表中与用户输入的数据匹配的所有结果。我错过了什么吗?当我运行HTML时,PHP会运行,但会提供" 0结果"。我认为这可能是我的SELECT语句中的一些内容,但无法找到答案。代码如下......
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Module 3 | Course Project</title>
</head>
<body>
<h4>Ancestry Data Query</h4>
<form action="queryMyDatabase.php" method="post">
First Name: <input name="dataItem1" type="text" size="30" maxlength="30"><br><br>
Last Name: <input name="dataItem2" type="text" size="30" maxlength="30"><br><br>
<input value="Go" type="submit">
</form>
</body>
</html>
<?php
// Make a MySQL Connection
$servername = "localhost";
$username = "root";
$password = "bitnami admin password";
$dbname = "adventureworks";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$item1=$_POST["dataItem1"];
$item2=$_POST["dataItem2"];
$sql="SELECT * FROM `contact` WHERE FirstName = `$item1` AND LastName = `$item2`";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "First Name " . $row["FirstName"] . "<br>" . "Last Name " . $row["LastName"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
我的shell代码就是这个......
<?php
// Make a MySQL Connection
$servername = "localhost";
$username = "root";
$password = "yourApplicationPassword";
$dbname = "desiredDatabase";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("SELECT * FROM desiredTable WHERE desiredColumn1 = ? AND desiredColumn2 = ?");
$stmt->bind_param('ss', $_POST["dataItem1"] , $_POST["dataItem2"]);
$stmt->execute();
$result = $stmt->get_result();
$row_count= $result->num_rows;
echo "Query Results</br>-----------------------------<br><br>";
if($row_count>0){
while($row = mysqli_fetch_array($result))
{
echo $row['desiredColumn1']." ".$row['desiredColumn2']." ".$row['desiredColumn3']."-".$row['desiredColumn4']."-".$row['desiredColumn5']."</br>";
}
} else {
echo "0 results";
}
echo "<br>-----------------------------<br>";
$stmt->close();
$conn->close();
?>
但我仍然需要&#34; dataItem&#34;。
的变量$item1=$_POST["dataItem1"];
$item2=$_POST["dataItem2"];
答案 0 :(得分:2)
强烈推荐使用PDO来避免SQL注入。使用以下PHP代码修复您的错误以及使用PDO重写的代码。
<?php
// Make a MySQL Connectio
$servername = "localhost";
$username = "root";
$password = "bitnami admin password";
$dbname = "adventureworks";
$conn = new PDO("mysql:host=" . $servername . ";dbname=" . $dbname, $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$item1=$_POST["dataItem1"];
$item2=$_POST["dataItem2"];
$stmt = $conn->prepare("SELECT * FROM contact WHERE FirstName = :item1 AND LastName = :item2");
$stmt->execute(array(':item1'=>$item1, ':item2'=>$item2));
$userRow=$stmt->fetchAll(PDO::FETCH_ASSOC);
if($stmt->rowCount() >= 1) {
foreach($userRow as $row){
echo "First Name " . $row["FirstName"] . "<br>" . "Last Name " . $row["LastName"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
答案 1 :(得分:0)
将'替换为&#39; (仅限选择者)。
<?php
// Make a MySQL Connection
$servername = "localhost";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$item1=$_POST["dataItem1"];
$item2=$_POST["dataItem2"];
$sql="SELECT * FROM `contact` WHERE FirstName='$item1' AND LastName ='$item2'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "First Name " . $row["FirstName"] . "<br>" . "Last Name " . $row["LastName"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>