我正忙着使用PHP脚本。
这就是我想要的: -人们可以输入其邮政编码。如果他们的邮政编码在table1中而不是..如果他们的邮政编码在table2中而不是...如果他们的邮政编码不在所有表中... -我可以插入带有其他数据示例名称的邮政编码。
但是我不知道如何构建它。我在互联网上进行搜索,试图获得所拥有的东西。但是,在其他表中进行搜索的功能却并非如此。它对我不起作用
这就是我所拥有的:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Plusgas - Postcode invoeren</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="bootstrap/bootstrap.min.css">
<link href="https://fonts.googleapis.com/css?family=Courgette" rel="stylesheet">
<script src="bootstrap/bootstrap.min.js"></script>
<style>
body{
font-family: Courgette;
}
.submit{
background-color: purple;
color:white;
text-size:24px;
padding: 6px;
border-radius: 5px;
border:1px solid white;
font-size: 24px;
}
.submit:hover{
background-color: white;
color: purple;
box-shadow: 0px 0px 20px white;
}
h1{
font-size: 14px;
}
td,th{
padding: 4px;
text-align: center;
}
</style>
</head>
<?php
$servername = "localhost";
$username="*";
$password="*";
$dbname="*";
$id="";
$postcode="";
$provincie="";
$website="";
$contactpersoon="";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
//connect to mysql database
try{
$conn =mysqli_connect($servername,$username,$password,$dbname);
}catch(MySQLi_Sql_Exception $ex){
echo("error in connecting");
}
//get data from the form
function getData()
{
$data = array();
$data[1]=$_POST['postcode'];
$data[2]=$_POST['provincie'];
$data[3]=$_POST['website'];
$data[4]=$_POST['contactpersoon'];
return $data;
}
//search
if(isset($_POST['search']))
{
$info = getData();
$search_query="SELECT * FROM postcodes WHERE id = '$info[0]'";
$search_result=mysqli_query($conn, $search_query);
if($search_result)
{
if(mysqli_num_rows($search_result))
{
while($rows = mysqli_fetch_array($search_result))
{
$id = $rows['id'];
$postcode = $rows['postcode'];
$provincie = $rows['provincie'];
$website = $rows['website'];
$contactpersoon = $rows['contactpersoon'];
}
}else{
echo("no data are available");
}
} else{
echo("result error");
}
}
//insert
if(isset($_POST['insert'])){
$info = getData();
$insert_query="INSERT INTO `postcodes`(`postcode`, `provincie`, `website`, `contactpersoon`) VALUES ('$info[1]','$info[2]','$info[3]','$info[4]')";
try{
$insert_result=mysqli_query($conn, $insert_query);
if($insert_result)
{
if(mysqli_affected_rows($conn)>0){
echo("Postcode is toegevoegd");
}else{
echo("Postcode is niet toegevoegd");
}
}
}catch(Exception $ex){
echo("error inserted".$ex->getMessage());
}
}
?>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-lg-4">
<form method ="post" action="">
<h1>ID nummer (voor filterern)</h1>
<input type="number" name="id" class="form-control" placeholder="ID No. /Automatic Number Genrates" value="<?php echo($id);?>" disabled>
<div class="form-group row">
<div class="col-xs-6">
<h1>Postcode</h1>
<input type="text" name="postcode" class="form-control" placeholder="Postcode" value="<?php echo($postcode);?>" required>
</div>
<div class="col-xs-6">
<h1>Provinicie</h1>
<input type="text" name="provincie" class="form-control" placeholder="Provinicie" value="<?php echo($provincie);?>" required>
</div>
</div>
<h1>Website</h1>
<select name="website" class="form-control" value="<?php echo($website);?>">
<option value="websiteZH">Website Zuid-Holland</option>
<option value="websiteNH">Website Noord-Holland</option>
<option value="websiteZL">Website Zeeland</option>
<option value="websiteUT">Website Utrecht</option>
</select>
</div>
<div class="col-xs-6">
<h1>Contactpersoon</h1>
<input type="text" name="contactpersoon" class="form-control" placeholder="Contactpersoon" value="<?php echo($contactpersoon);?>" required>
</div>
</div>
<div>
<input type="submit" class="btn btn-success btn-block btn-lg" name="insert" value="Add">
</div>
</form>
</div>
<div class="col-lg-8">
<h2>Student Data</h2>
<?php
$servername = "localhost";
$username = "*";
$password = "*";
$dbname = "*";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id,postcode,provincie,website,contactpersoon FROM postcodes";
$result = $conn->query($sql);
echo "<table border='1'>
<tr>
<th>Search ID</th>
<th>Postcode</th>
<th>Provinicie</th>
<th>Website</th>
<th>Contactpersoon</th>
</tr>";
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['postcode'] . "</td>";
echo "<td>" . $row['provincie'] . "</td>";
echo "<td>" . $row['website'] . "</td>";
echo "<td>" . $row['contactpersoon'] . "</td>";
echo "</tr>";
}
} else {
echo "0 results";
}
$conn->close();
?>
</div>
</div>
</body>
</html>
答案 0 :(得分:0)
我不确定要实现什么,出了什么问题,但是我可以肯定地看到一个问题-您的函数getData()返回索引为1..4的数组。然后在搜索部分得到它,然后搜索$ info [0],并且永远不会设置它。
第二个-这是危险的编码方式。如果有人要使用您的代码,则可以使用SQL注入。不用说,即使有人迷惑,也可以使用'(撇号)并崩溃SQL查询。您应该始终转义传递给查询的数据,即使用real_escape_string()或准备好的语句。