MySql查询使用2提交按钮表单返回空白页面。 当我运行它时,得到一个没有错误的空白页面。我能够显示整个数据库,但无法搜索和显示匹配项。
index.html页面:
<form action="subjsearch.php" method="post">
<label>First Name:</label><input type="text" name ="firstname"><br><br>
<label>Last Name:</label><input type="text" name ="lastname"><br><br>
<label>Age:</label><input type="text" name="age" size = "2"><br><br>
<label>Tattoo:</label><input type="text" name ="tattoo"><br><br>
<label>Moniker:</label><input type="text" name ="moniker"><br><br>
<input type="submit" name="submitBTN" value="Submit">
<input type="submit" name="searchBTN" value="Search">
<input type="reset" name="resetBTN" value="Reset">
</form>
行动页面:
<?php
include 'db.php';
if(isset($_POST['submitBTN'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
$tattoo = $_POST['tattoo'];
$moniker = $_POST['moniker'];
$query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
'$firstname',
'$lastname',
'$age',
'$tattoo',
'$moniker')";
if ($conn->query($query) === TRUE) {
echo "New record created successfully";
} elseif(isset($_POST['searchBTN'])){
$query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
$result = $conn->query($query);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>".$row["id"]."</td><td>".$row["firstName"]." ".$row["lastName"]."</td><td>".$row["age"]."</td><td>".$row["tats"]."</td><td>".$row["moniker"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
}
$conn->close();
}
?>
答案 0 :(得分:0)
搜索在if(isset($_POST['submitBTN'])) {..}块内无法正常工作。已将if(isset($_POST['searchBTN'])) {..}块移到if(isset($_POST['submitBTN'])) {..}块之外。
还转义输入值以避免SQL注入。首选方法是准备声明。
更新代码:
<?php
include 'db.php';
$firstname = $conn->real_escape_string(isset($_POST['firstname']) ? $_POST['firstname'] : '');
$lastname = $conn->real_escape_string(isset($_POST['lastname']) ? $_POST['lastname'] : '');
$age = $conn->real_escape_string(isset($_POST['age']) ? $_POST['age'] : '');
$tattoo = $conn->real_escape_string(isset($_POST['tattoo']) ? $_POST['tattoo'] : '');
$moniker = $conn->real_escape_string(isset($_POST['moniker']) ? $_POST['moniker'] : '');
if (isset($_POST['submitBTN'])) {
$query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
'$firstname',
'$lastname',
'$age',
'$tattoo',
'$moniker')";
if ($conn->query($query) === true) {
echo "New record created successfully";
}
$conn->close();
}
if (isset($_POST['searchBTN'])) {
$query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
$result = $conn->query($query);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
// output data of each row
while ($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"] . "</td><td>" . $row["firstName"] . " " . $row["lastName"] . "</td><td>" . $row["age"] . "</td><td>" . $row["tats"] . "</td><td>" . $row["moniker"] . "</td></tr>";
}
echo "</table>";
}
else {
echo "0 results";
}
}
?>