PHP MySQL通过html <input>搜索并显示行

我有一个HTML表单,如:</ p>

 &lt; form  action =“get-row.php”method =“post”&gt;

&lt; input type =“text”name =“mess_username”/&gt;
&lt; input type =“submit”name =“submit”/&gt;
&lt; / form&gt;
</ code> </ pre>

我的“get-row.php”就像:</ p>

  $ button = $ _POST ['submit']; 
$ search = $ _POST ['mess_username'];

if(!$ button){
echo“你没有提交关键字”;
}
else {
if(strlen($ search)&lt; = 1) {
echo“搜索词太短”;
}
其他{
echo“您搜索了&lt; b&gt; $ search&lt; / b&gt;&lt; hr size ='1'&gt;”;
}
}
</ code> </ pre>

我现在成功获取了我搜索过的值。 我的下一个方法是从我的数据库中搜索$ search。 我想尝试:</ p>

  mysql_connect(“server”,“user”,“pass”); 
mysql_select_db(“my_db”);
</ code> </ pre>

当前的最终“ok”代码:</ p>

  $ sql =“SELECT * FROM messbd WHERE mess_username ='$ search'”; \  n $ run = mysql_query($ sql); 

$ foundnum = mysql_num_rows($ run);

if($ foundnum == 0){
echo“抱歉,&lt; b&gt没有匹配的结果 ; $ search&lt; / b&gt;“;
}
else {
echo”$ foundnum results found!&lt; p&gt;“;

while($ runrows = mysql_fetch_assoc($ run)){
$ mess_username = $ runrows ['mess_username'];
$ mess_email = $ runrows ['mess_email'];
$ android_app = $ runrows ['android_app'];

echo“$ mess_username&lt; br&gt; $ mess_email &lt; br&gt; $ android_app“;
}
}
</ code> </ pre>

问题是,我收到的消息是”没有匹配的结果!“ 那么那里的修正是什么呢?</ p>

问题现在解决了 代码在上面更新。 谢谢。</ p>
</ div>

展开原文

原文

I have an HTML form like:

<form  action = "get-row.php"  method = "post" >                  
<input type = "text"  name = "mess_username" />
<input type = "submit" name = "submit" />
</form>

And my "get-row.php" is like :

$button = $_POST ['submit'];
$search = $_POST ['mess_username'];

if (!$button) {
    echo "you didn't submit a keyword";
}
else {
    if (strlen($search) <= 1) {
        echo "Search term too short";
    }
    else {
        echo "You searched for <b> $search </b> <hr size='1' >";
    }
}

I am now successfully getting the value I have searched for. My next approach is to search the $search from my Database. I am trying like:

mysql_connect("server", "user", "pass");
mysql_select_db("my_db");

My Final "ok" Code after currection :

$sql = " SELECT * FROM messbd WHERE mess_username= '$search' ";
$run = mysql_query($sql);

$foundnum = mysql_num_rows($run);

if ($foundnum == 0) {
    echo "Sorry, there are no matching result for <b> $search </b>";
}
else {
    echo "$foundnum results found !<p>";

    while ($runrows = mysql_fetch_assoc($run)) {
        $mess_username = $runrows ['mess_username'];
        $mess_email = $runrows ['mess_email'];
        $android_app = $runrows ['android_app'];

        echo " $mess_username  <br> $mess_email <br> $android_app ";
    }
}

The problem is, I am getting the message that, "There are no matching results!" So what will be the correction there?

The problem is solved now & The code is updated above. Thanks.

drm16022
drm16022 是$搜索结果一个字符串?看起来像是“关键字”。
接近 5 年之前 回复
doujia7779
doujia7779 尝试使用mysql_error检查错误,或者只是检查$foundnumvriable中包含的内容。如果你的查询都没问题-我想你必须添加你的数据库结构来提问。在查询$sql上也使用mysql_real_escape_string,我认为手册文章php.net/manual/en/set.mysqlinfo.php可能对你有用。
接近 5 年之前 回复
doulan2827
doulan2827 是!messbd是我的数据库的名称。谢谢。
接近 5 年之前 回复
dqz7636
dqz7636 可能只是你的数据库的名称是什么?我想你可能意味着messdb?
接近 5 年之前 回复

3个回答



由于 $ search </ code>结果将是一个字符串,因此您需要在查询中引用该变量。 我很确定你在数据库中寻找一个字符串,看到 echo“你没有提交关键字”; </ code>和 mess_username </ code>是用户的“名字” ”。 </ p>

  WHERE mess_username ='$ search'“; 
</ code> </ pre>

假设完全匹配。如果你正在寻找 对于类似于你的搜索的东西,假设你正在寻找“足球”并想找到“足球”,然后使用LIKE。</ p>

展开原文

原文

Since your $search results will be a string, then you need to quote that variable in your query. I'm pretty sure that you're looking for a string in your database, seeing echo "you didn't submit a keyword"; and mess_username being a user's "name".

WHERE mess_username='$search' ";

assuming an exact match. If you're looking for something that resembles your search, say you're looking for "foot" and want to find "football", then use LIKE.

Also add or die(mysql_error()) to mysql_query() just in case there may be errors, and it seems that there would be, when not quoting a string in a query's variable.

Footnotes:

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.


Plus, it's best to use a conditional empty() against your input.

I.e.:

if(!empty($_POST[ 'mess_username' ])){
...
}

should someone just click without entering anything, which could throw you an error.

dtid30526
dtid30526 感谢输入Ray。 干杯。
接近 5 年之前 回复
duandan4680
duandan4680 确保在搜索参数周围使用%。 选择'大卫!' 像'%D%v%';
接近 5 年之前 回复
dongxi3859
dongxi3859 你非常欢迎拉哈特,欢呼
接近 5 年之前 回复
dougou2937
dougou2937 刚收到我的回答! 非常感谢大家和@Fred! 在哪里mess_username ='$ search'“;
接近 5 年之前 回复



您错过引用搜索词</ p>

  $ sql ='SELECT * FROM  messbd WHERE mess_username =“'。mysql_real_escape_string($ search)。'”'; 
</ code> </ pre>

但是mysql扩展名已弃用</ strong>,应该是 由PDO或mysqli取代。 以下是PDO和预处理语句的示例:</ p>

  $ options = array(PDO :: ATTR_ERRMODE =&gt; PDO :: ERRMODE_EXCEPTION); 
$ dbh = new PDO( 'mysql:host = server; dbname = my_db','user','pass',$ options);

$ sql ='SELECT * FROM messbd WHERE mess_username =?';
$ sth = $ pdo- &gt; prepare($ sql);
$ sth-&gt; execute(array($ search));
//没有确定工作的rowCount,所以fetch all和count
$ rows = $ sth-&gt; fetchAll(PDO :: FETCH_ASSOC)
if(!$ rows){
echo“对不起,&lt; b&gt; $ search&lt; / b&gt;”没有匹配的结果;
}其他{
echo count( $ rows)。 “找到了结果!&lt; p&gt;”;

\ t \ foreach($ rows as $ row){
$ mess_username = $ row ['mess_username'];
$ mess_email = $ row ['mess_email'];
$ android_app = $ row ['android_app'];
echo“$ mess_username&lt; br&gt; $ mess_email&lt; br&gt; $ android_app”;
}
}
</ code> </ pre>
</ div>

展开原文

原文

You missed to quote your search term

$sql = 'SELECT * FROM messbd WHERE mess_username="' . mysql_real_escape_string($search) . '"';

But the mysql extension is deprecated and should be replaced by either PDO or mysqli. Here is an example with PDO and prepared statement:

$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
$dbh = new PDO('mysql:host=server;dbname=my_db', 'user', 'pass', $options);

$sql = 'SELECT * FROM messbd WHERE mess_username=?';
$sth = $pdo->prepare($sql);
$sth->execute(array($search));
// there is no sure working rowCount, so fetch all and count
$rows = $sth->fetchAll(PDO::FETCH_ASSOC)
if (!$rows) {
    echo "Sorry, there are no matching result for <b> $search </b>";
} else {
    echo count($rows) . " results found !<p>";
    foreach ($rows as $row) {
        $mess_username = $row['mess_username'];
        $mess_email    = $row['mess_email'];
        $android_app   = $row['android_app'];
        echo "$mess_username<br>$mess_email<br>$android_app";
    }
}

dongqiongzheng0615
dongqiongzheng0615 很好用于PDO ;-)
接近 5 年之前 回复



使用此查询,mysql将搜索针对var的relarive值的$ search输入。 尝试使用单引号。</ p>
</ div>

展开原文

原文

With this query mysql will search for $search input insted for the relarive value of the var. Try to use single quotes.

dongzhi6927
dongzhi6927 是! 你是对的!
接近 5 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐