从搜索表单中从mysql数据库中选择数据

时间:2019-06-11 09:13:29

标签: php mysql

我是新来的,还在学习。我有一个搜索页面,并希望使用输入来搜索mysql表并以表格形式显示结果以将记录更新回表中。

每次尝试运行它时,都会得到一个PHP通知:未定义的变量:/var/www/html/update.php在第106行的密码,引用者:http://172.20.10.161/search.php

在错误日志中。

非常感谢所有帮助。

我有Google并尝试了各种方法来解决此问题,我觉得这里缺少一些小东西。

下面是我的search.php页面中的代码

<?php

session_start();


if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
    header("location: login.php");
    exit;
}

?>

<form action="update.php" method="post">
   <div class="form-group">
       <label>Name</label>
       <input type="text" name="name" class="form-control" value="">
   </div>
   <div class="form-group">
       <input type="submit" class="btn btn-primary" value="Search">
   </div>
</form>

然后在我的页面上显示以下内容,并显示结果。

update.php

页面顶部

<?php
session_start();

if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
   header("location: login.php");
   exit;
}
?>

页面代码以运行查询

<?php

require_once "include/dbconf.php";

if(isset($_POST['Search']))
{
    $name=$_POST['name'];

    $sql = "SELECT (name, surname, email, username, password) from net_users WHERE name LIKE '%".$name."%'";
    $result  = mysqli_query($link, $sql) or die ('Something went wrong');

    while($row=mysqli_fetch_array($result))
    {
         $username  =$row['username'];
         $password  =$row['password'];
         $name      =$row['name'];
         $surname   =$row['surname'];
         $email     =$row['email'];
    }
}

mysqli_close($link);
?>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <div class="form-group">
         <label>Name</label>
         <input type="text" name="name" class="form-control" value="<?php echo $name; ?>">
    </div>
    <div class="form-group">
         <label>Surname</label>
         <input type="text" name="surname" class="form-control" value="<?php echo $surname; ?>">
    </div>
    <div class="form-group">
         <label>Email</label>
         <input type="email" name="email" class="form-control" value="<?php echo $email; ?>">
    </div>
    <div class="form-group">
         <label>Username</label>
         <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
    </div>
    <div class="form-group">
         <label>Password</label>
         <input type="text" name="password" class="form-control" value="<?php echo $password; ?>">
    /div>
    <div class="form-group">
        <input type="update" class="btn btn-primary" value="update">
    </div>
</form>

我希望在搜索$ name上提取所需的输入以搜索mysql db,并以更新页上的表单形式返回结果,以将信息更新回数据库中。

1 个答案:

答案 0 :(得分:0)

我建议对update.php进行一些更改。

<?php
session_start();

if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
   // Can everyone logged in update the system.  If not, filter it as required
   header("location: login.php");
   exit;
}
?>

使用程序dbconf.php-https://www.php.net/manual/en/mysqli.quickstart.dual-interface.php

提供以下连接文件MySQLi 

<?php 
/* 
Database credentials.
Assuming you are running MySQL server with default setting (user 'root' with no password)
*/ 
define('DB_SERVER', 'localhost'); 
define('DB_USERNAME', 'xxxxxxxx'); 
define('DB_PASSWORD', '**********'); 
define('DB_NAME', 'users');

/* Attempt to connect to MySQL database */ 
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); 
// Check connection 
if($link === false)
{
    die("ERROR: Could not connect. " . mysqli_connect_error());
} 
?>

搜索查询将需要考虑SQL注入-How can I prevent SQL injection in PHP?

<?php

require_once "include/dbconf.php";

// placeholder for the returned data
$data = array();

// Verify the search query is present
// Or handle empty 
if(isset($_POST['name']))
{
    // SQL injection - https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
    $name=$_POST['name'];

    // TODO: Verify that you need the password here
    // Generally passwords are not to be stored as plain text
    $sql = "SELECT (id, name, surname, email, username, password) from net_users WHERE name LIKE '?'";

    $stmt = mysqli_prepare($link, $sql);
    mysqli_stmt_bind_param($stmt, 's', $name);

    // Execute the query
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

    while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
    {
        // Copy the result to a local array
        // Each entry in $data will be an associative array of values
        $data[] = $row;
    }
} else {
    // TODO : Handle this more gracefully
    die('Search query missing');
}

mysqli_close($link);

if (empty($data))
{
    // TODO: No records matched, handle gracefully
    die('No records matched');
}
?>

一旦有了数据,就根据需要输出。请注意,我还选择了id列-由于所有其他字段都是可更新的,因此,如果所有字段都被更改,将无法识别记录。要变通解决此问题,您需要一个始终标识正在更新的记录的值。我选择了id列,但其他任何唯一的-不可更新的字段都可以。

<?php
foreach($data as $record)
{
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <input type="hidden" name="id" value="<?php echo $record['id']; ?>" />
    <div class="form-group">
         <label>Name</label>
         <input type="text" name="name" class="form-control" value="<?php echo $record['name']; ?>">
    </div>
    <div class="form-group">
         <label>Surname</label>
         <input type="text" name="surname" class="form-control" value="<?php echo $record['surname']; ?>">
    </div>
    <div class="form-group">
         <label>Email</label>
         <input type="email" name="email" class="form-control" value="<?php echo $record['email']; ?>">
    </div>
    <div class="form-group">
         <label>Username</label>
         <input type="text" name="username" class="form-control" value="<?php echo $record['username']; ?>">
    </div>
    <div class="form-group">
         <label>Password</label>
         <input type="text" name="password" class="form-control" value="<?php echo $record['password']; ?>">
    /div>
    <div class="form-group">
        <input type="update" class="btn btn-primary" value="update">
    </div>
</form>
<?php
}
?>
相关问题
最新问题