我试图获得一个人从html页面的输入中搜索员工ID的值,它将显示该员工ID 中所有已处理的采购
$name = $_GET["staffID"];
$sql = "SELECT orderID, orderDate, shippingDate, staffName FROM purchase
WHERE staffID = ".$name."
INNER JOIN staff ON purchase.staffID =
staff.staffID ORDER BY orderDate";
$results = mysqli_query($conn, $sql)
or die ('Problem with query' . mysqli_error());
当我放入WHERE语句时,我得到的错误是显而易见的,所以我不知道我是否正确地执行了WHERE语句。
如果没有where语句,它将向我显示表中所有员工ID的所有购买情况,这是正确的
<html>
</head>
<body>
<form id="staff" action="file.php" method="get">
<p>please fill in the following form</p>
<p>Staff ID: <input type="text" name="staffID"/>
</p>
<p><input type="submit" value="Submit">
<input type="reset" value="Reset"></p>
</form>
</body>
</html>
试试这个;)
$name = isset($_GET['staffID'])?$_GET['staffID']:'';
if(!empty($name) && $stmt = $conn->prepare('SELECT orderID, orderDate, shippingDate, staffName FROM purchase INNER JOIN staff ON purchase.staffID = staff.staffID WHERE staffID = ? ORDER BY orderDate')){
/**
* Here 1st parameter is data type of field s for string and i for integer;
* @todo update "s" as per data type of staffID field;
*/
$stmt->bind_param("s", $name);
/* execute query */
$stmt->execute();
/* Get result: */
$result = $stmt->get_result();
/* now you can fetch the results into an array - NICE */
while($row = $result->fetch_assoc()){
/**
* @todo use $row as per your requirement;
*/
}
/* close statement */
$stmt->close();
}
/* optional close connection */
$conn->close();
也防止SQL注入并检查$_GET['staffID']的空白值;
问题是您没有在名称变量周围放置分隔符:
$sql = "SELECT orderID, orderDate, shippingDate, staffName FROM purchase
INNER JOIN staff ON purchase.staffID =
staff.staffID ORDER BY orderDate
WHERE staffID = '".$name."' ";