我是PHP和HTML的新手。按下提交按钮后,我尝试使用已存在于用户MySQL表中的数据填充字段(这可行)。我还想将使用SELECT获得的相同数据插入到另一个名为scan的SQL表中。
<?php
// php code to search data in mysql database and set it in input text
if(isset($_POST['search']))
{
// id to search
$user_id = $_POST['user_id'];
// connect to mysql
$connect = mysqli_connect("127.0.0.1", "root", "root","demodb");
// mysql search query
$query = "SELECT * FROM Users WHERE user_id = $user_id LIMIT 1";
$query = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) SELECT user_id, osha, firstname, lastname, company, trade, email, picture FROM Users WHERE user_id = $user_id LIMIT 1";
$result = mysqli_query($connect, $query);
// if id exist
// show data in inputsi
if(mysqli_num_rows($result) > 0)
{
while ($row = mysqli_fetch_array($result))
{
$osha = $row['osha'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$company = $row['company'];
$trade = $row['trade'];
}
}
// if the id not exist
// show a message and clear inputs
else {
echo "Undifined ID";
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
}
mysqli_free_result($result);
mysqli_close($connect);
}
// in the first time inputs are empty
else{
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
}
?>
<!DOCTYPE html>
<html>
<head>
<title> PHP FIND DATA </title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="barcode.php" method="post">
Id:<input type="text" name="user_id"><br><br>
Osha #:<input type="text" name="osha" value="<?php echo $osha;?>"><br><br>
First Name:<input type="text" name="firstname" value="<?php echo $firstname;?>"><br>
<br>
Last Name:<input type="text" name="lastname" value="<?php echo $lastname;?>"><br><br>
Company:<input type="text" name="company" value="<?php echo $company;?>"><br><br>
Trade:<input type="text" name="trade" value="<?php echo $trade;?>"><br><br>
<input type="submit" name="search" value="Find">
</form>
</body>
</html>
但似乎我只能在PHP中运行一个查询。我尝试集成mysqli_multi_query,但我不断收到以下错误&#34; mysqli_num_rows()期望参数1为mysqli_result&#34;。
如何运行两个查询,同时使用数据填充字段。
添加表定义
用户表
| Users | CREATE TABLE `Users` (
`user_id` int(6) unsigned NOT NULL AUTO_INCREMENT,
`osha` int(50) DEFAULT NULL,
`firstname` varchar(30) NOT NULL,
`lastname` varchar(30) NOT NULL,
`company` varchar(50) DEFAULT NULL,
`trade` varchar(50) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`picture` varchar(50) DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=98819 DEFAULT CHARSET=latin1 |
扫描表
| scan | CREATE TABLE `scan` (
`user_id` int(6) unsigned NOT NULL DEFAULT '0',
`osha` int(50) DEFAULT NULL,
`firstname` varchar(30) NOT NULL,
`lastname` varchar(30) NOT NULL,
`company` varchar(50) DEFAULT NULL,
`trade` varchar(50) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`picture` varchar(50) DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
答案 0 :(得分:3)
您使用新值覆盖变量$query,而不是先执行查询。虽然你的代码有很多问题,但是这样说:
$_POST['user_id'],请阅读SQL注入攻击。请参阅下面的重写代码。
<?php
// initalize the variables
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
// php code to search data in mysql database and set it in input text
if(isset($_POST['search']))
{
// connect to mysql
$dbc = mysqli_connect("127.0.0.1", "root", "root","demodb");
// id to search
$user_id = mysqli_real_escape_string($dbc, $_POST['user_id']);
$query = "SELECT * FROM Users WHERE user_id = '$user_id' LIMIT 1";
$rs = mysqli_query($dbc, $query);
if (mysqli_num_rows($rs) == 1)
{
$row = mysqli_fetch_array($rs);
$osha = $row['osha'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$company = $row['company'];
$trade = $row['trade'];
$query = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) VALUES (" .
"'" . $user_id . "', '" .
"'" . mysqli_real_escape_string($dbc, $osha ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $firstname) . "', '" .
"'" . mysqli_real_escape_string($dbc, $lastname ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $company ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $trade ) . "')";
mysqli_query($dbc, $query);
}
else
{
echo "Undefined ID";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title> PHP FIND DATA </title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="barcode.php" method="post">
Id:<input type="text" name="user_id"><br><br>
Osha #:<input type="text" name="osha" value="<?= htmlspecialchars($osha) ?>"><br><br>
First Name:<input type="text" name="firstname" value="<?= htmlspecialchars($firstname) ?>"><br>
<br>
Last Name:<input type="text" name="lastname" value="<?= htmlspecialchars($lastname) ?>"><br><br>
Company:<input type="text" name="company" value="<?= htmlspecialchars($company) ?>"><br><br>
Trade:<input type="text" name="trade" value="<?= htmlspecialchars($trade) ?>"><br><br>
<input type="submit" name="search" value="Find">
</form>
</body>
</html>
答案 1 :(得分:1)
首先,不要在查询中直接使用变量。出于安全考虑,现在强烈建议您准备一天。
所以,像这样更改你的查询,当你同时一个接一个地执行两个查询时,有必要将变量命名为不同的名称,否则后者将覆盖前一个:
$query1 = "SELECT * FROM Users WHERE user_id = ? LIMIT 1";
$query2 = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) SELECT user_id, osha, firstname, lastname, company, trade, email, picture FROM Users WHERE user_id = ? LIMIT 1";
然后创建如下所示的预备语句:
$stmt = mysqli_stmt_init($connect);
$stmt2 = mysqli_stmt_init($connect);
mysqli_stmt_prepare($stmt, $query1);
mysqli_stmt_prepare($stmt2, $query2);
mysqli_stmt_bind_param($stmt, "s", $user_id);
mysqli_stmt_bind_param($stmt2, "s", $user_id);
然后执行查询:
mysqli_stmt_execute($stmt);
mysqli_stmt_execute($stmt2);
最后,您可以得到$query1的结果:
$result = mysqli_stmt_get_result($stmt);