Question

请问我的代码有什么问题，我试图按如下方法从数据库中获取搜索数据

学生数据如下

注册编号：全名：系：课程：级别：组。

在HTML搜索页上

<html> 
<h2> Enter your matric number to connect to others studying your course </h2>
<form action="demo.php" method="post">
<b> ReG </b><input type="text" Name="find">
<input type="submit"  value="Submit" />

</form>
</html>

PHP侧面

<table border="1">
<tr>
<th>Student Full Name</th>
<th> Faculty</th>
<th> Program</th>
<th> Entry Year</th>
<th> Study Group</th>
<th> Group Members Contact</th>
<th> Group Leader Contacts</th>
</tr>



<?php 

$conn=mysqli_connect("localhost", "root", "", "student");
// Check connection
if($conn=== false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

 $q = $_POST['find'];


if ($q == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}
$sql = "SELECT * FROM study_circle WHERE matric LIKE $q ";
$result = mysqli_query($conn, $sql);

if ($result)
 {
  while($row = mysql_fetch_array($result))
 {





        echo "<tr>";
        echo  "<td>";

    echo  $row['full_name'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['faculty'];
    echo "</td>";
    echo  "<td>";
    echo  $row['program'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['entry_year'];
    echo "</td>";
    echo  "<td>";
    echo  $row['study_group'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['group_members'];
    echo  "</td>";
    echo "<td>";
    echo  $row['group_leader'];
    echo  "</td>";
    echo  "</tr>";
    echo  "<br/>";




    }
} else {
    echo "0 results";
}

mysqli_close($conn);
?>

每次尝试时，即使我已填充数据库，也会带来空结果

现在它在我的Localhost系统上，请任何有经验的人提供帮助，这对Programming来说是新手。我将很乐意解决此问题

Answer 1

您的代码在这里误解了false值的含义：

if ($result)
{
    //...
} else {
    echo "0 results";
}

false中的$result值并不表示搜索未找到任何内容，而是表示查询失败并出现错误。要获取错误，请使用mysqli_error：

if ($result)
{
    //...
} else {
    echo "There was an error: " . mysqli_error($conn);
}

在这种情况下，该错误是您的SQL代码中的可能语法错误，因为您是直接将用户输入连接到SQL代码。这也称为SQL injection vulnerability。有一些不错的信息可帮助您开始使用correcting that here，尤其是如何使用query parameters with the LIKE operator here。最简单的是，您将要使用带有查询参数的预处理语句，而不是像现在那样使用字符串插值。

Answer 2

尝试在搜索字符串的开头和结尾添加通配符：

$sql = "SELECT * FROM study_circle WHERE matric LIKE '%$q%'";

Answer 3

您将需要获取搜索数据的行数。这将确保记录是否存在例如。

$rowcount = mysqli_num_rows($result);

，然后执行if语句。

请参见下面的代码。

<?php 

$conn=mysqli_connect("localhost", "root", "", "student");
// Check connection
if($conn=== false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

 $q = $_POST['find'];


if ($q == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}
$sql = "SELECT * FROM study_circle WHERE matric LIKE $q ";
$result = mysqli_query($conn, $sql);
$rowcount = mysqli_num_rows($result);

if( $rowcount ){

$row = mysql_fetch_array($result);





        echo "<tr>";
        echo  "<td>";

    echo  $row['full_name'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['faculty'];
    echo "</td>";
    echo  "<td>";
    echo  $row['program'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['entry_year'];
    echo "</td>";
    echo  "<td>";
    echo  $row['study_group'];
    echo  "</td>";
    echo  "<td>";
    echo  $row['group_members'];
    echo  "</td>";
    echo "<td>";
    echo  $row['group_leader'];
    echo  "</td>";
    echo  "</tr>";
    echo  "<br/>";


    exit;
}else{
 echo "0 results";

}
}


mysqli_close($conn);
?>

PHP / MYSQL搜索表单显示空结果

3 个答案: