PHP 表单在 MySQL 数据库中搜索数据

Question

我尝试打开这篇文章以获得有关搜索表单无法正常工作的问题的一些帮助。

我有一个 MySQL 数据库，其中一些数据存储在不同的表中:

数据库是:list_pec表为:pec_1、pec_2、pec_3 和 pec_4

所有这些表都包含具有不同数据的相同行。行是名字、姓氏、电子邮件、id_client、id_2client

我的目标是在 PHP 中创建一个搜索表单，其中有一个输入标签和一个选择表单，用于连接到数据库并向我提供输出查询结果。

下面的 PHP 文件用于连接 MySQL 数据库，我称之为“conn.php”

<?php
$host = "localhost";
$userName = "demo";
$password = "demo";
$dbName = "list_pec";

// Create database connection
$conn = new mysqli($host, $userName, $password, $dbName);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>

下面的文件名为“search.php”，其中有表单和 php 代码，显然我希望在同一个 .php 文件中具有查询结果，所以我使用 <?pho echo $_SERVER ['PHP_SELF']; ?>在表单操作中

<?
error_reporting(E_ALL);
ini_set('display_errors', '1');
include("conn.php");

$search_output = "";
if (isset($_POST["submit"])){
    if($_POST['option']== "a"){
     $sqlcommand="SELECT email, id_client, id_2client FROM pec_1 WHERE email = 'email'";
     }

     else if ($_POST['option'] == "b"){
     $sqlcommand="SELECT email, id_client, id_2client FROM pec_2 WHERE email = 'email'";
     }

     else if ($_POST['option'] == "c"){
     $sqlcommand="SELECT email, id_client, id_2client FROM pec_3 WHERE email = 'email'";
     }

          else if ($_POST['option'] == "d"){
     $sqlcommand="SELECT email, id_client, id_2client FROM pec_4 WHERE email = 'email'";
     }



$query = mysqli_query($conn,$sqlcommand) or die (mysqli_error($conn));
$search_output .="<hr />query result: ";
if ($row = mysqli_fetch_array($query)){
    $email = $row ["email"];
    $pec = $row ["id_client"];
    $sdi = $row ["id_2client"];
    $search_output .= "<hr/><p> $email - $id_client - $id_2client</p>";


} else{
    $search_output= "<hr /> No Result";

}
}
?>
<html>
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">

<title>Search id_client and id_2client</title>
</head>
<body>
    <section>
        <div class="container">
            <div class="row my-5">
                <h1>Search id_client and id_2client</h1>
            </div>
<form name="ricerca-pec" method="post" action="<?php echo $_SERVER ['PHP_SELF']; ?>">
  <div class="form-group">
    <label for="exampleFormControlInput1">Inserisci l'email del cliente</label>
    <input type="email" class="form-control" id="exampleFormControlInput1" placeholder="youremail@email.com" name="email">
  </div>
  <div class="form-group">
    <label for="exampleFormControlSelect1">Select Option</label>
    <select class="form-control" id="exampleFormControlSelect1" name="option">
      <option value="a">A</option>
      <option value="b">B</option>
      <option value="c">C</option>
      <option value="d">D</option>
    </select>
  </div>
  <input class="btn btn-primary" type="submit" name="submit"></input>
</form>

</div>
</section>

<section>
<div class="container">
<div class="row">
<p><?php echo $search_output; ?></p>
</div>
</div>
</section>


<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQx"</script>
</body>
</html>

当我使用搜索表单(在文件/search.php 上进行)时，我得到一个答案“无结果”，所以我看到该查询已正确执行，但变量“email”似乎不是从 $ 发送的_POST 在表单上提交查询。

实际上，如果我在 search.php 文件中修改第一个查询，将“email”替换为“email@email.com”(包含在表 DB pec_1 中)，我可以看到查询的正确结果

     $sqlcommand="SELECT email, id_client, id_2client FROM pec_1 WHERE email = 'email@email.com'";

请帮助我理解问题并解决，我阅读了其他帖子但没有解决我的问题。

谢谢。

Answer 1

如果您无法获取任何电子邮件，那是因为您在 $sqlCommand 中以纯文本形式传递了它。例如:

$sqlcommand="SELECT email, id_client, id_2client FROM pec_4 WHERE email = 'email'";

应该更像:

$sqlcommand="SELECT email, id_client, id_2client FROM pec_4 WHERE email = {$email}";

但是您还没有定义任何电子邮件变量，所以它不起作用。您的代码非常困惑并且存在一些安全问题。我给了你一些提示作为你的 PHP 部分的注释，以使其更好地工作。

<?php

// Require only once the connection to avoid multiples connexions
require_once('conn.php');

// Debug here
error_reporting(E_ALL);
ini_set('display_errors', 1);

$search_output = "";
// Check if the form has been sent
if (isset($_POST["submit"])){

    // Define variables
    $table = '';
    $option = '';
    $email = '';

    // Check if an option is selected
    if(!isset($_POST["option"])) {
        // ToDo: Security - check user input
        $option = $_POST["option"];
    } else {
        // Throw error to the user
    }

    // Check if a email is set
    if(!isset($_POST["email"])) {
        // ToDo: Security - check user input
        $email = $_POST["email"];
    } else {
        // Throw error to the user
    }

    // Use a switch instead of plenty if
    switch ($option) {
        case "a":
            $table = "pec_1";
        break;
        case "b":
            $table = "pec_2";
        break;
        case "c":
            $table = "pec_3";
        break;
        case "d":
            $table = "pec_4";
        break;
        default:
            $table = "pec_1";
        break;
    }

    // write your query once
    $selectQuery = "SELECT email, id_client, id_2client FROM {$table} WHERE email LIKE %{$email}%";
    // Perform your query
    $query = mysqli_query($conn, $selectQuery);
    // Fetch the result as array
    $result = mysqli_fetch_array($query);

    $search_output .="<hr />query result: ";

    // If no results
    if(count($results) < 1) {
        $search_output= "<hr /> No Result";
    } else {
        $email = $result["email"];
        $pec = $result["id_client"];
        $sdi = $result["id_2client"];
        $search_output .= "<hr/><p> {$email} - {$pec} - {$sdi}</p>";
    }

}
?>

为了回复您的表单问题，当脚本位于同一页面时，一个简单的 action="/" 属性足以重新加载同一页面。