我正在制作一个网页,用来显示数据库中的数据。数据库存储在MySQL中,我正在PHP中制作网页。我的PHP代码是
<form action="list_projects.php" method="post">
<p>Choose Search Type: <br /></p>
<select name="searchtype">
<option value="partNo">Part Number</option>
<option value="pname">Part Name</option>
<option value="color">Part Colour</option>
<option value="weight">Part Weight</option>
<option value="city">City</option>
</select>
<br />
<p>Enter Search Term: </p>
<br />
<input name="searchterm" type="text" size="20"/>
<br />
<input type="submit" name="submit" value="Search"/>
</form>
<?php
$searchtype=$_POST['searchtype'];
$searchterm=trim($_POST['searchterm']);
if (!$searchtype || !$searchterm) {
echo 'No search details. Go back and try again.';
exit;
}
$query = "select * from project where ".$searchtype." like '%".$searchterm."%'";
var_dump($query);
$result = mysqli_query($link,$query);
$num_results = mysqli_num_rows($result);
echo "<p>Number of projects found: ".$num_results."</p>";
for ($i=0; $i <$num_results; $i++) {
$row = mysqli_fetch_assoc($result);
echo "<p><strong>".($i+1).". Part Number: ";
echo htmlspecialchars(stripslashes($row['partNo']));
echo "</strong><br />Part Name: ";
echo stripslashes($row['pname']);
echo "<br />Part Colour: ";
echo stripslashes($row['color']);
echo "<br />Part Weight: ";
echo stripslashes($row['weight']);
echo "<br />City";
echo stripcslashes($row['city']);
echo "</p>";
}
mysqli_free_result($result);
mysqli_close($link);
?>
但当我运行它时,我得到了string(49) "select * from project where projectNo like '%J1%'" Number of projects found:这个PHP脚本用于加载数据库中的不同项目,在调用该脚本的welcome.php脚本中,它连接到数据库,并且确实正确地连接到了数据库。
看起来您已经var转储了错误的变量。你可以试试这个:
$query = "SELECT * FROM project WHERE ".$searchtype." LIKE '%".$searchterm."%'";
$result = mysqli_query($link,$query) or die("Line ".__LINE__." Error found: ".mysqli_error($link)); // If there's an error, it should show here.
因为这很痛苦,我想重写你的代码,并向你展示应该如何这样做:
请注意,页面顶部引用了一个包含文件,您可以在该文件中设置数据库变量($link)。
<?php
//include "../../reference/to/mysql/login.php";
/***
* The below code block should be in your include file referenced above
***/
$link = mysqli_connect("localhost", "my_user", "my_password", "my_db");
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
/***
* End connection block
***/
/***
* Your data is POSTed so it can not be trusted and must at the
* very least be escaped using the below functions.
***/
$searchtype=mysqli_real_escape_String($link,$_POST['searchtype']);
$searchterm=mysqli_real_escape_String($link,$_POST['searchterm']);
$searchterm=trim($searchterm);
/***
* Because your $searchtype is a column reference you need to ensure
* it fits the allowed characters criteria for MySQL columns
***/
$searchtype = preg_replace("/[a-z0-9_]/i","",$searchtype);
请阅读MySQL手册中允许在列名中使用的字符。$也是允许的,但我将从这里删除它,因为您真的不应该将该符号用作列名字符。
if (!$searchtype || !$searchterm) {
echo 'No search details. Go back and try again.';
exit;
}
$query = "select * FROM project WHERE ".$searchtype." LIKE '%".$searchterm."%'";
$result = mysqli_query($link,$query) or die("Line ".__LINE__." Error: ".mysqli_error($link));
$num_results = mysqli_num_rows($result);
echo "<p>Number of projects found: ".$num_results."</p>";
$i = 0;
while ($row = mysqli_fetch_array($result)) {
$i++;
echo "<p><strong>".$i.". Part Number: ";
echo htmlspecialchars($row['partNo']);
echo "</strong><br />Part Name: ";
echo htmlspecialchars($row['pname']);
echo "<br />Part Colour: ";
echo htmlspecialchars($row['color']);
echo "<br />Part Weight: ";
echo htmlspecialchars($row['weight']);
echo "<br />City ";
echo htmlspecialchars($row['city']);
echo "</p>";
}
?>
希望您能在这里看到,我用做同样事情的while循环替换了您的for循环,每次从数据库中提取一行,并将其输出为标识符为$row的数组。
我还使用了mysqli_fetch_array而不是您的fetch_assoc。
我已经纠正了您的stripslashes函数中的拼写错误,但也用htmlspecialchars替换了stripshases,因为stripshase是一个古老且几乎无用的叛变函数,即使是远程现代数据库接口也不应该使用
您的问题还在于,此处编码的此页面尚未为其声明$link,需要在要连接到数据库的每个页面的顶部设置$link标识符。您需要记住,PHP不会记住跨页的标准变量,因此,仅仅因为您在welcome.php中设置了$link并不意味着它在本页中是已知的。
- 使用附加在查询末尾的
or die (mysqli_error($link));向您反馈发生的错误 - 您还必须养成使用PHP错误报告的习惯,以便在解决自己的问题方面取得进展
$link通常设置在一个PHP包含文件中,您只需在每个需要它的PHP页面的顶部调用该文件- 如果需要,详细介绍如何连接到MySQLi