【发布时间】:2014-02-13 12:29:40
【问题描述】:
您好,我的表单中的搜索并未带来 MySQL 数据库中表中的数据。
例如我想搜索邮政编码并带回:姓名、地址、联系电话、邮政编码。
任何人都可以帮我找出我的代码中的问题,因为我对 PHP 和 MySQL 还很陌生
这是我来自 phpmyadmin 的表格条目
参考、姓名、Line1、Line2、Line3、Line4、Line5、邮政编码、电话、手机、传真、电子邮件
表格
<td><form action="searchresults.php" method="post" name="form1" id="form1">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Find a Active Physio</strong></td>
</tr>
<tr>
<td width="100">Physio Reference</td>
<td width="301"><input name="PhysioReference" type="text" id="PhysioReference" /></td>
</tr>
<tr>
<td>Name of Physio</td>
<td><input name="Physio" type="text" id="Physio" /></td>
</tr>
<tr>
<td>Contact Number</td>
<td><input name="Number" type="text" id="Number" /></td>
</tr>
<tr>
<td>Address</td>
<td><input name="PhysiosAddress" type="text" id="PhysiosAddress" /></td>
</tr>
<tr>
<td>Postcode</td>
<td><input name="postcode" value="" type="text" id="postcode" />
<input type="submit" name="submit" value="Search" /></td>
</tr>
<tr>
<td>Physios Email</td>
<td><input name="PhysiosEmail" type="text" id="PhysiosEmail" /></td>
</tr>
<tr>
<td colspan="3" align="center"> </td>
</tr>
</table>
</form></td>
搜索结果
<?php
require_once('auth.php');
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="Physio"; // Table name
// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
if(!isset($_POST['postcode'])) {
header ("location:index.php");
}
$search_sql="SELECT * FROM `Physio` WHERE Postcode like '%".$_POST['postcode']."%'";
$search_query=mysql_query($search_sql);
$search_rs= mysql_num_rows($search_query) ;
echo "<p> Results </p>" ;
if ($search_rs > 0)
{
echo "<p>".$search_rs['Postcode'] ."</p>" ;
} else {
echo "NO Results found";
}
?>
【问题讨论】:
-
附带说明:切勿将 $_POST[] 裸露在您的查询中。用 mysql_real_escape_string() 封装它。如果有人输入"%' union all select user, email, pass, 1,1,1,1 from users where 1 like '1%"怎么办