如何在MySQLi查询中使用$ _POST变量? (php) [英] How to use a $_POST variable in an mysqli-query? (php)

查看：312 发布时间：2020/5/16 19:11:42 php mysql sql database mysqli

本文介绍了如何在MySQLi查询中使用$ _POST变量? (php)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我目前正在学习php，并且正在使用sqli查询进行测试. 我想要一个可以在其中输入数字的输入字段.此数字在sql查询中使用.不幸的是，它不能按我想要的方式工作. 文本字段按以下方式存储在index.php中:

I'm currently learning php and am testing around with sqli queries. I want to have an input field where a number can be entered. This number is used in the sql-query. Unfortunately it doesn't work the way I want. The text field is stored in index.php as this:

<form method="post" action="handler.php">
<input type="text" name="idEingabe">
<input type="submit" value="Abfrage für eingegebene ID starten">
</form>

在handler.php中，我正在使用

In handler.php, I'm using

$stridEingabe = $_POST["idEingabe"];

查询包含:

$query = 'SELECT name, beschreibung FROM uebersicht WHERE id = "$stridEingabe"'; 
$result = mysqli_query($con, $query);
if ($result = mysqli_query($con, $query)) {
/* Array ausgeben */
while ($row = mysqli_fetch_assoc($result)) {
    printf ("<b>%s</b> <br>%s<br> <br>", $row["name"],  $row["beschreibung"]);

}

/* free result set */
mysqli_free_result($result);
}
mysqli_close($con);
?>

不幸的是，当我在文本框中输入数字并单击提交按钮时，没有得到任何结果.但是，如果我在不使用$ stridEingabe的情况下在查询中写了数字，我就会得到结果.

Unfortunately I don't get any results when I enter the number into the text box and click the submit-button. But if I write the number in the query without using $stridEingabe, I'm getting the results.

错误在哪里? 非常感谢

Where is the mistake? Thanks a lot

推荐答案

看到在此之前已经提交了一个答案，以为我也根据问题下的评论将其也放入了答案.

Seeing that an answer's been submitted before this, thought I'd put one in too and based on a comment I left under the question.

这里的问题之一是，您要查询两次，这是一个主要问题，导致语法错误，

One of the problems here is, you're querying twice which is a major issue, resulting in a syntax error that MySQL is throwing in the background, but you're not listening for it. Plus, your quoting method which I've modified below, just in case it is a string; which we don't know at this time.

$query = 'SELECT name, beschreibung FROM uebersicht WHERE id = "$stridEingabe"'; 

$result = mysqli_query($con, $query);
          ^^^^^^^^^^^^
if ($result = mysqli_query($con, $query)) {
              ^^^^^^^^^^^^

/* Array ausgeben */
while ($row = mysqli_fetch_assoc($result)) {
    printf ("<b>%s</b> <br>%s<br> <br>", $row["name"],  $row["beschreibung"]);

}

您要删除的是= mysqli_query($con, $query)并添加错误检查:

what you want is to remove = mysqli_query($con, $query) and add error checking:

$query = "SELECT name, beschreibung FROM uebersicht WHERE id = '".$stridEingabe."'"; 

$result = mysqli_query($con, $query);

if ($result) {
/* Array ausgeben */
while ($row = mysqli_fetch_assoc($result)) {
    printf ("<b>%s</b> <br>%s<br> <br>", $row["name"],  $row["beschreibung"]);

    }

} // brace for if ($result)

// else statement for if ($result)
else{
    echo "There was an error: " .mysqli_error($con);
}

或者，最好使用mysqli_real_escape_string().

$stridEingabe = mysqli_real_escape_string($con,$_POST["idEingabe"]);

尽管准备好的陈述是最好的.

此外，关于SQL注入(您可以打开)，应该使用 具有准备好的语句的PDO ，它们更加安全.

Plus, in regards to SQL injection which is something you're open to, should be using mysqli with prepared statements, or PDO with prepared statements, they're much safer.

脚注:

请确保您确实使用mysqli_进行连接，而不要使用其他MySQL API(例如mysql_或PDO)进行连接.这些不同的API不会相互混合.

Make sure you are indeed using mysqli_ to connect with and not another MySQL API such as mysql_ or PDO to connect with. Those different APIs do not intermix with each other.

之所以这样说是因为，您的问题中的连接方法未知.

I say this because, the connection method is unknown in your question.

此外，如果您在同一文件中使用整个代码，则应该对POST数组使用条件语句，否则它会在页面加载时立即发出通知； 假设系统已启用错误报告.

Plus, if you're using your entire code inside the same file, then you should be using a conditional statement for your POST array, otherwise it will thrown a notice immediately on page load; assuming error reporting is enabled on your system.

通知将为未定义索引idEingabe ..."

即:

if(!empty($_POST['idEingabe'])){...}

另一件事；如果您输入的值是整数，则可以使用以下函数来确保它们是整数而不是字符串，如果这是最终目标:

Another thing; if your inputted value is an integer, you can use the following functions to make sure they are integers and not a string, if that is what the ultimate goal is:

http://php.net/manual/en/function.is- int.php -is_int()
http://php.net/manual/en/function.is- numeric.php -is_numeric()

http://php.net/manual/en/function.is-int.php - is_int()
http://php.net/manual/en/function.is-numeric.php - is_numeric()

并与它们一起使用条件语句.

and using a conditional statement in conjunction with those.

将 错误报告 添加到文件顶部，这将有助于发现错误.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

侧注:错误报告仅应在登台进行，而绝不能在生产中进行.

Sidenote: Error reporting should only be done in staging, and never production.

这篇关于如何在MySQLi查询中使用$ _POST变量? (php)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何在MySQLi查询中使用$ _POST变量? (php) [英] How to use a $_POST variable in an mysqli-query? (php)

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

如何在MySQLi查询中使用$ _POST变量? (php) [英] How to use a $_POST variable in an mysqli-query? (php)

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭