来自数据库的数据没有显示,HELP?

时间:2011-10-24 13:27:58

标签: php mysql

如何从我的数据库中获取数据以显示。我对PHP或mysql不是很熟悉。

我没有收到错误消息,但没有数据显示我做错了什么?

PHP 

<?php
if(strlen(trim($_POST['search'])) > 0) {

$search = "%" . $_POST["search"] . "%";
$searchterm = "%" . $_POST["searchterm"] . "%";

mysql_connect ("cust-mysql-123-03", "", "");
mysql_select_db ("weezycouk_641290_db1");
if (!empty($_POST["search_string"])) 
{ 

}  

$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%$search%' AND 
lastname      LIKE '%$searchterm%'";

$result = mysql_query ($query);
echo mysql_error();
if ($result) {
while ($row = mysql_fetch_assoc($result)) {

echo $row["name"];
echo $row["lastname"];
echo $row["email"];
} ?>


<?php echo $row["name"]; ?>
<br>
<?php echo $row["lastname"]; ?>
<br>
<?php echo $row["email"]; ?>


<?php
}
}
?>

谢谢!

2 个答案:

答案 0 :(得分:1)

应该是这样的:

<?php
if(strlen(trim($_POST['search'])) > 0) {

mysql_connect ("cust-mysql-123-03", "", "");
mysql_select_db ("weezycouk_641290_db1");

$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%" . mysql_real_escape_string($_POST['search']) . "%' AND lastname LIKE '%" . mysql_real_escape_string($_POST['searchstring']) . "%'";

$result = mysql_query ($query);
echo mysql_error();
if ($result) {
while ($row = mysql_fetch_assoc($result)) {

echo $row["name"];
echo $row["lastname"];
echo $row["email"];
} ?>


<?php echo $row["name"]; ?>
<br>
<?php echo $row["lastname"]; ?>
<br>
<?php echo $row["email"]; ?>


<?php
}
}
?>

mysql_real_escape_string是为了防止mysql注入,这是一个严重的风险。

答案 1 :(得分:0)

确保您正在执行的查询返回记录。您可以通过添加echo语句来检查这一点,该语句将在屏幕上打印查询。复制并再次运行数据库。你可以使用任何mysql前端工具(php myadmin,mysqlyog来运行查询。如果查询中有任何错误,你可以看到它。

$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%$search%' AND 
lastname      LIKE '%$searchterm%'";
//the below line will print the query on the screen
echo $query;

$result = mysql_query ($query);
相关问题
最新问题