如何显示来自 mySQL 的正确数据?
Posted
技术标签:
【中文标题】如何显示来自 mySQL 的正确数据?【英文标题】:How do I display correct data from mySQL? 【发布时间】:2018-12-03 10:03:27 【问题描述】:我正在尝试查询数据库并显示结果。查询基于来自 html 表单的信息。但是,当我在表单中输入一个名称(例如 john)时,该表有 2 个具有该名称的条目,我得到 0 个结果。不知道是什么问题。
这里是html表单:
<form action="cust_details_search.php" method="post">
Name :
<input type="text" name="name_search" id="name_search" >
Email :
<input type="email" name="email_search" id ="email_search" >
Phone no. :
<input type="phone" name="phone_search" id="phone_search" >
Address :
<input type="text" name="address_search" id="address_search" >
City :
<input type="text" name="city_search" id="city_search" >
State :
<input type="text" name="state_search" id="state_search" >
<br> <br>
Country :
<input type="text" name="country_search" id="country_search">
Product Enquired for :
<input type="text" name="prod_search" id="prod_search">
<input type="submit" value="Submit">
</form>
还有php文件:
<?php
$server = "127.0.0.1";
$dbUsername = "root";
$dbPassword = "";
//create connection
$dbconn = new mysqli($server, $dbUsername, $dbPassword, $dbname);
$name_search = $_POST['name_search'];
$email_search = $_POST['email_search'];
$phone_search = $_POST['phone_search'];
$address_search = $_POST['address_search'];
$city_search = $_POST['city_search'];
$state_search = $_POST['state_search'];
$country_search = $_POST['country_search'];
$prod_search = $_POST['prod_search'];
$run_query = mysqli_query($dbconn,
"SELECT *
FROM CustomerDetails
WHERE (Name LIKE '%.$name_search.%')
OR (`Phone no.` LIKE '%.$phone_search.%')
OR (`Address` LIKE '%.$address_search.%')
OR (`City` LIKE '%.$city_search.%')
OR (`State` LIKE '%.$state_search.%')
OR (`Country` LIKE '%.$country_search.%')
OR (`Product Enq. For` LIKE '%.$prod_search.%')
OR (`Email` LIKE '%.$email_search.%')");
?>
<html>
<head>
<title>Search Resutls</title>
<style>
body
background-color: rgb(131,41,54);
h1 color:#FFFFFF
h2 color:#FFFFFF
p color:#FFFFFF
</style>
</head>
<body>
<center>
<h2> Customer Details </h2>
<table style="width:100%">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Phone no. </th>
<th>Address </th>
<th>City </th>
<th>State </th>
<th>Country</th>
<th>Product Enquired for </th>
<th>Follow up details </th>
</tr>
</thead>
<tbody>
<?php
while($result = mysqli_fetch_assoc($run_query))
?>
<tr>
<td><?php echo $result['Name'] ?> </td>
<td><?php echo $result['Email'] ?></td>
<td><?php echo $result['Phone no.'] ?></td>
<td><?php echo $result['Address'] ?></td>
<td><?php echo $result['City'] ?></td>
<td><?php echo $result['State'] ?></td>
<td><?php echo $result['Country'] ?></td>
<td><?php echo $result['Product Enq. For'] ?></td>
<td><?php echo $result['Follow Up'] ?></td>
</tr>
<?php ?>
</tbody>
</table>
</center>
</body>
</html>
感谢任何帮助。提前谢谢!
【问题讨论】:
点有什么用?LIKE '%.$name_search.%') 去掉点,像这样:LIKE '%$name_search%')
【参考方案1】:
您正在使用 PHP 连接符 .,但您不需要在双引号字符串中。 $variables 会自动扩展为双引号字符串,因此请尝试
$run_query = mysqli_query($dbconn,
"SELECT *
FROM CustomerDetails
WHERE (Name LIKE '%$name_search%')
OR (`Phone no` LIKE '%$phone_search%')
OR (`Address` LIKE '%$address_search%')
OR (`City` LIKE '%$city_search%')
OR (`State` LIKE '%$state_search%')
OR (`Country` LIKE '%$country_search%')
OR (`Product Enq For` LIKE '%$prod_search%')
OR (`Email` LIKE '%$email_search%')");
您的某些列名中还有. 吗?我假设这些列名实际上不包含点。但是,如果这样做,我建议您通过编辑架构来删除它们。
您的脚本对SQL Injection Attack 开放 甚至if you are escaping inputs, its not safe! 在
MYSQLI_或PDOAPI 中使用prepared parameterized statements
【讨论】:
+1。还值得一提的是,虽然他不需要在双引号字符串中这样做,但如果他做得正确,它仍然可以工作:"...LIKE '%".$name_search."%')..."
@HtmHell 在我看来,这只会使字符串复杂 10 倍,而当查询变得复杂时几乎无法调试
当然,但我的意思是他应该明白,字符串中的点不会进行连接,只有当他先添加另一个引号/双引号时以上是关于如何显示来自 mySQL 的正确数据?的主要内容,如果未能解决你的问题,请参考以下文章