我有这个php表单,使用分配给每个用户的跟踪号(每个用户不同的跟踪)搜索我的数据库中的特定用户,并且该表单假设显示我正在搜索的特定用户但它结束显示所有数据库
这是php代码
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "class";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT ctracking, cname, cemail, crport, cdport, clocation, cdestination FROM demo";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "ctracking: " . $row["ctracking"]. " - Name: " . $row["cname"]. " - Email: " . $row["cemail"]. " - Port: " . $row["crport"]. " - Dport: " . $row["cdport"]." - Location: " . $row["clocation"]. " - Destination: " . $row["cdestination"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
这是html表单代码
<html>
<head>
<title> Static Page</title>
</head>
<body>
<form action="making.php" method="post" />
<h1>Britchi Tracking</h1>
<p>
Costumers Name (required) <br/>
<input type="text" name="search" placeholder="Emmanuel John"' . '" size="70"/>
</p>
<p><input type="submit" name="csearch" value="Search"></p>
</form>
<form action="http://localhost/wordpress">
<input type="submit" value="Go to Home Page">
</form
</body>
</html>
我希望代码显示特定用户的所有细节而不是所有数据库
答案 0 :(得分:0)
您需要接收变量
$track_num=$_POST['search'];
并在您的查询中应用。
$sql = "SELECT ctracking, cname, cemail, crport, cdport, clocation, cdestination FROM demo WHERE ctracking='$track_num'";
注意:您的代码是对sql注入攻击使用预处理语句开放的。