如何在同一个html页面上显示PHP

时间:2018-01-10 16:08:03

标签: php html mysql mysqli

我有一个HTML表单,我可以使用PHP搜索MySQL数据库。运行PHP代码后,我在另一页上获得搜索结果。我想将搜索结果放在表单旁边的表格中。代码如下:

HTML:

int value; 

value = 12345;
Console.WriteLine(value.ToString("D"));
// Displays 12345
Console.WriteLine(value.ToString("D8"));
// Displays 00012345

value = -12345;
Console.WriteLine(value.ToString("D"));
// Displays -12345
Console.WriteLine(value.ToString("D8"));
// Displays -00012345

PHP:

 <form name="select"action="select.php" method="post">
 Name:
 <input type="submit" name="sub">
 </form>

2 个答案:

答案 0 :(得分:1)

最简单的选择是让php代码在同一页面上处理搜索请求并删除表单操作。

由于sql语句中嵌入了变量,因此表示您的代码容易受到SQL注入攻击。当您使用mysqli时,您应该可以轻松地将其翻译为使用prepared statements,如:

示例:

if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['name'] ) ) {

    $name = $_POST['name'];
    /*
        Better to select specific fields rather than all fields, 
        then bind those to specific result variables.
    */
    $sql='select `email`,`name`,`nbr` from `db` where `name`=?';
    $stmt=$con->prepare( $sql );

    if( $stmt ){

        $stmt->bind_param( 's', $name );
        $result=$stmt->execute();

        if( $result && $stmt->num_rows > 0 ){

            $stmt->store_result();
            $stmt->bind_result( $email, $name, $nbr );

            echo '<table>
                    <tr>
                        <th>Email</th>
                        <th>Name</th>
                        <th>nbr</th>
                    </tr>';

            while( $stmt->fetch() ){
                printf('
                    <tr>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                    </tr>', $email, $name, $nbr );
            }

            echo '</table>';
        }
    }
}

要使用ajax执行此操作,可能会沿着这些行(select.php具有上述代码或类似代码)

document.querySelector('sub').onclick=function(event){
    event.preventDefault()
    var _callback=function(r){
        document.querySelector('form[name="select"]').insertAdjacentHTML('afterend',r);
    }

    var xhr=new XMLHttpRequest();
    xhr.onreadystatechange=function(){
        if( this.status==200 && this.readyState==4 )_callback.call( this, this.response );
    }
    xhr.open( 'POST', 'select.php', true );
    xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
    xhr.send( 'name='+document.querySelector('name').value );
}

答案 1 :(得分:0)

search.php

<form name="select" action="" method="post">
 Name:
 <input type="submit" name="sub">
</form>

<?php

if(isset($_POST['sub'])){
$name = $_POST['name'];
$sql = "SELECT * FROM db where name ='$name'";
if($result = mysqli_query($conn, $sql)){
    if(mysqli_num_rows($result) > 0){ 
        echo "<table>";
        echo "<table border=1">;
        echo "<tr>";
        echo "<th>Email</th>";
        echo "<th>Name</th>";
        echo "<th>nbr</th>";
        echo "</tr>";
        while($row = mysqli_fetch_array($result)){ 
            echo "<tr>";
                echo "<td>" . $row['email'] . "</td>";
                echo "<td>" . $row['name'] . "</td>";
                echo "<td>" . $row['nbr'] . "</td>";

            echo "</tr>";
        }
        echo "</table>";
        mysqli_free_result($result);
}
?>