PHP SQL搜索页面返回一个错误 [英] PHP SQL Search Page returns an error
问题描述
< html>
< head>
< title>搜寻< / title>
< style type =text / css>
table {
background-color:#FCF;
}
th {
width:150px;
text-align:left;
}
< / style>
< / head>
< body>
< h1>搜寻< / h1>
< form method =postaction =search.php>
< input type =hiddenname =submittedvalue =true/>
< label>搜索|类别:
< select name =category>
< option value =fname> FName< / option>
< option value =lname> LName< / option>
< / select>
< / label>
< label>搜索条件:< input type =textname =criteria/>< / label>
< input type =submit/>
< / form>
$ b if(isset($ _ POST ['submitted'])){
//连接到DB
包括('connect.php');
$ category = $ _POST ['category'];
$ criteria = $ _POST ['criteria'];
$ query =SELECT * FROM people WHERE category ='$ category';
$ result = mysqli_query($ dbcon,$ query)或die('Error');
echo< table>;
回显< thead>;
回显< tr>;
echo< th> First Name< / th>;
echo< th> Last Name< / th>;
回声< / tr>;
回显< / thead>;
回声< tbody>;
if(mysqli_num_rows($ result)){
while($ row = mysqli_fetch_array($ result,MYSQLI_ASSOC)){
echo< tr>;
echoth 。 $ row ['fname']。 < /第> 中;
echoth 。 $ row ['lname']。 < /第> 中;
回声< / tr>;
}
}
echo< / tbody>;
echo< / table>;
}
?>
< / body>
< / html>
可能因为这一行: $ result = mysqli_query($ dbcon,$ query)或die('Error');
如果查询失败,脚本将停止并打印Error。<
您可能希望将 mysqli_error($ dbcon)
而不是'Error'
和在这种特定情况下,我建议回显查询以了解它的外观。
请在数据库查询中使用POST数据之前转义POST数据,或者使用预先准备的语句!
Okay guys, maybe I can get some definitive answers for this newest issue. This PHP section doesn't return any responses, however, I know the data is there. Does anyone know why this returns the text "Error"?
<html>
<head>
<title>Search</title>
<style type="text/css">
table {
background-color: #FCF;
}
th {
width: 150px;
text-align: left;
}
</style>
</head>
<body>
<h1>Search</h1>
<form method="post" action="search.php">
<input type="hidden" name="submitted" value="true"/>
<label> Search | Category:
<select name="category">
<option value="fname">FName</option>
<option value="lname">LName</option>
</select>
</label>
<label>Search Criteria: <input type="text" name="criteria"/></label>
<input type="submit"/>
</form>
<?php
if (isset($_POST['submitted'])) {
// connect to DB
include('connect.php');
$category = $_POST['category'];
$criteria = $_POST['criteria'];
$query = "SELECT * FROM people WHERE category = '$category'";
$result = mysqli_query($dbcon, $query) or die ('Error');
echo "<table>";
echo "<thead>";
echo "<tr>";
echo "<th>First Name</th>";
echo "<th>Last Name</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
if (mysqli_num_rows($result)) {
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
echo "<tr>";
echo "<th>" . $row['fname'] . "</th>";
echo "<th>" . $row['lname'] . "</th>";
echo "</tr>";
}
}
echo "</tbody>";
echo "</table>";
}
?>
</body>
</html>
Probably because of this line: $result = mysqli_query($dbcon, $query) or die ('Error');
If the query fails, the script will stop and print "Error".
You might want to put something like mysqli_error($dbcon)
instead of 'Error'
and in this specific case, I would recommend echoing out the query to see how it looks.
And please, either escape the POST data before using it in a database query, or rather use prepared statements!
这篇关于PHP SQL搜索页面返回一个错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!