学生将他的证书输入来自:
<form action="index.php" id="courseform" method="post">
Enter Your First Name: <input type="text" name="fname"><br><br>
Enter Your Last Name: <input type="text" name="lname"><br><br>
Enter Your Student Number: <input type="text" name="student_nr"><br><br>
<input type="submit">
</form>
我的学生记录表格如下:
Database changed
mysql> explain student;
+-----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| id | char(6) | NO | PRI | NULL | |
| firstname | varchar(30) | NO | | NULL | |
| lastname | varchar(30) | NO | | NULL | |
| email | varchar(50) | YES | | NULL | |
+-----------+-------------+------+-----+---------+-------+
4 rows in set (0.05 sec)
如何验证输入到表单中的3个值'fname','lname'和'id'(= student_nr)是否有效,即:存在于表中?
我尝试了以下操作,但没有奏效:
<?php
include 'parameter_conn.php';
$link = mysqli_connect("$server","$user","$pass","$db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}else {
echo "Connection Successful" . "<br>";
}
if (isset($_POST['fname'],$_POST['lname'],$_POST['student_nr'])) {
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$student_nr = $_POST["student_nr"];
}
$result_student = mysqli_query($link, "SELECT * FROM student");
$rows_student = mysqli_num_rows($result_student);
if($fname === $result_student['firstname'] && $lname === $result_student['lastname'] && $student_nr === $result_student['id']) {
echo 'found';
} else {
echo 'not found';
}
答案 0 :(得分:-1)
您可以在sql语句中使用where clouse,只需检查是否有匹配的行。请注意下面是非常不安全的,并且倾向于SQL注入(https://en.wikipedia.org/wiki/SQL_injection),但它说明了目的。考虑使用PDO
$fname = $POST['fname'];
$email = $POST['email'];
// .. all other fields
$sql = "SELECT id, firstname, lastname, email FROM studentsTable WHERE firstname='".$fname."' AND lastname='".$lname."' AND email='".$email."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// match found
} else {
// no match
}