当我点击提交按钮时,以下代码显示BLANK PAGE。我不知道什么是错的。 帮助检查..
以下代码:
// html代码
<form method="post" action="dutydata.php">
<input type="text" placeholder="provide unique code">
<input type="submit" name="verify">
</form>
// php代码
<?php
$conn = mysqli_connect("localhost", "root", "", "army_duty");
$set = $_POST['verify'];
if($set) {
$show = "SELECT * FROM profile where military_number = '$set' ";
$result = mysqli_query($conn, $show);
while ($row = mysqli_fetch_array(result)) {
echo $row['military_number'];
echo $row['first_name'];
echo $row['last_name'];
echo $row['paygrade'];
echo $row['duty_status'];
echo $row['photo'];
echo "<br/>";
}
} else {
echo "Military Number not found";
}
?>
答案 0 :(得分:1)
首先,您输入的代码需要一个名称:
<input type="text" name="code" placeholder="provide unique code">
这是您将在查询中使用的内容,因为$_POST['verify']不包含您想要使用的任何值。
其次,您需要在查询中使用$_POST['code']号码:
$code = $_POST['code'];
if($set) {
$show = "SELECT * FROM profile where military_number = '$code' ";
确保检查错误:
$result = mysqli_query($conn, $show) or die(mysqli_error($conn));
如果您想知道查询是否返回了某些内容,请测试结果。由于您只获得一条记录,因此可以跳过while()循环:
if($result) {
$row = mysqli_fetch_array($result);
echo $row['military_number'];
echo $row['first_name'];
echo $row['last_name'];
echo $row['paygrade'];
echo $row['duty_status'];
echo $row['photo'];
echo "<br/>";
} else {
echo "Military Number not found";
}
Little Bobby说 your script is at risk for SQL Injection Attacks. 了解prepared的MySQLi语句。即使escaping the string也不安全!