我有一个HTML表单,我可以使用PHP搜索MySQL数据库。运行PHP代码后,我在另一页上获得搜索结果。我想将搜索结果放在表单旁边的表格中。代码如下:
HTML:
int value;
value = 12345;
Console.WriteLine(value.ToString("D"));
// Displays 12345
Console.WriteLine(value.ToString("D8"));
// Displays 00012345
value = -12345;
Console.WriteLine(value.ToString("D"));
// Displays -12345
Console.WriteLine(value.ToString("D8"));
// Displays -00012345
PHP:
<form name="select"action="select.php" method="post">
Name:
<input type="submit" name="sub">
</form>
答案 0 :(得分:1)
最简单的选择是让php代码在同一页面上处理搜索请求并删除表单操作。
由于sql语句中嵌入了变量,因此表示您的代码容易受到SQL注入攻击。当您使用mysqli
时,您应该可以轻松地将其翻译为使用prepared statements
,如:
示例:
if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['name'] ) ) {
$name = $_POST['name'];
/*
Better to select specific fields rather than all fields,
then bind those to specific result variables.
*/
$sql='select `email`,`name`,`nbr` from `db` where `name`=?';
$stmt=$con->prepare( $sql );
if( $stmt ){
$stmt->bind_param( 's', $name );
$result=$stmt->execute();
if( $result && $stmt->num_rows > 0 ){
$stmt->store_result();
$stmt->bind_result( $email, $name, $nbr );
echo '<table>
<tr>
<th>Email</th>
<th>Name</th>
<th>nbr</th>
</tr>';
while( $stmt->fetch() ){
printf('
<tr>
<td>%s</td>
<td>%s</td>
<td>%s</td>
</tr>', $email, $name, $nbr );
}
echo '</table>';
}
}
}
要使用ajax执行此操作,可能会沿着这些行(select.php
具有上述代码或类似代码)
document.querySelector('sub').onclick=function(event){
event.preventDefault()
var _callback=function(r){
document.querySelector('form[name="select"]').insertAdjacentHTML('afterend',r);
}
var xhr=new XMLHttpRequest();
xhr.onreadystatechange=function(){
if( this.status==200 && this.readyState==4 )_callback.call( this, this.response );
}
xhr.open( 'POST', 'select.php', true );
xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
xhr.send( 'name='+document.querySelector('name').value );
}
答案 1 :(得分:0)
search.php
<form name="select" action="" method="post">
Name:
<input type="submit" name="sub">
</form>
<?php
if(isset($_POST['sub'])){
$name = $_POST['name'];
$sql = "SELECT * FROM db where name ='$name'";
if($result = mysqli_query($conn, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<table border=1">;
echo "<tr>";
echo "<th>Email</th>";
echo "<th>Name</th>";
echo "<th>nbr</th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['nbr'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_free_result($result);
}
?>