时间戳

首页 > 解决方案 > 从搜索表单中从 mysql 数据库中选择数据

php - 从搜索表单中从 mysql 数据库中选择数据

问题描述

我是新手,仍在学习。我有一个搜索页面,想使用输入来搜索 mysql 表并以表单形式显示结果以将记录更新回表中。

每次我尝试运行它时,我都会收到一个 PHP 通知:未定义变量:第 106 行 /var/www/html/update.php 中的密码,引用者:http: //172.20.10.161/search.php

在错误日志中。

所有帮助将不胜感激。

我有谷歌并尝试了各种方法来解决这个问题,我觉得我在这里缺少一些小东西。

以下是我的 search.php 页面中的代码

<?php

session_start();


if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
    header("location: login.php");
    exit;
}

?>

<form action="update.php" method="post">
   <div class="form-group">
       <label>Name</label>
       <input type="text" name="name" class="form-control" value="">
   </div>
   <div class="form-group">
       <input type="submit" class="btn btn-primary" value="Search">
   </div>
</form>

然后在我的页面上应该显示结果,如果有以下内容。

更新.php

页面顶部

<?php
session_start();

if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
   header("location: login.php");
   exit;
}
?>

页面中的代码以运行查询

<?php

require_once "include/dbconf.php";

if(isset($_POST['Search']))
{
    $name=$_POST['name'];

    $sql = "SELECT (name, surname, email, username, password) from net_users WHERE name LIKE '%".$name."%'";
    $result  = mysqli_query($link, $sql) or die ('Something went wrong');

    while($row=mysqli_fetch_array($result))
    {
         $username  =$row['username'];
         $password  =$row['password'];
         $name      =$row['name'];
         $surname   =$row['surname'];
         $email     =$row['email'];
    }
}

mysqli_close($link);
?>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <div class="form-group">
         <label>Name</label>
         <input type="text" name="name" class="form-control" value="<?php echo $name; ?>">
    </div>
    <div class="form-group">
         <label>Surname</label>
         <input type="text" name="surname" class="form-control" value="<?php echo $surname; ?>">
    </div>
    <div class="form-group">
         <label>Email</label>
         <input type="email" name="email" class="form-control" value="<?php echo $email; ?>">
    </div>
    <div class="form-group">
         <label>Username</label>
         <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
    </div>
    <div class="form-group">
         <label>Password</label>
         <input type="text" name="password" class="form-control" value="<?php echo $password; ?>">
    /div>
    <div class="form-group">
        <input type="update" class="btn btn-primary" value="update">
    </div>
</form>

我希望在搜索 $name 上提取所需的输入来搜索 mysql 数据库,并在更新页面上以表单的形式返回结果,以将信息更新回数据库。

标签: phpmysql

解决方案

我建议对update.php.

<?php
session_start();

if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
   // Can everyone logged in update the system.  If not, filter it as required
   header("location: login.php");
   exit;
}
?>

给定以下dbconf.php带有程序的连接文件MySQLi- https://www.php.net/manual/en/mysqli.quickstart.dual-interface.php

<?php 
/* 
Database credentials.
Assuming you are running MySQL server with default setting (user 'root' with no password)
*/ 
define('DB_SERVER', 'localhost'); 
define('DB_USERNAME', 'xxxxxxxx'); 
define('DB_PASSWORD', '**********'); 
define('DB_NAME', 'users');

/* Attempt to connect to MySQL database */ 
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); 
// Check connection 
if($link === false)
{
    die("ERROR: Could not connect. " . mysqli_connect_error());
} 
?>

搜索查询需要考虑 SQL 注入 -如何防止 PHP 中的 SQL 注入?.

<?php

require_once "include/dbconf.php";

// placeholder for the returned data
$data = array();

// Verify the search query is present
// Or handle empty 
if(isset($_POST['name']))
{
    // SQL injection - https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
    $name=$_POST['name'];

    // TODO: Verify that you need the password here
    // Generally passwords are not to be stored as plain text
    $sql = "SELECT (id, name, surname, email, username, password) from net_users WHERE name LIKE '?'";

    $stmt = mysqli_prepare($link, $sql);
    mysqli_stmt_bind_param($stmt, 's', $name);

    // Execute the query
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

    while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
    {
        // Copy the result to a local array
        // Each entry in $data will be an associative array of values
        $data[] = $row;
    }
} else {
    // TODO : Handle this more gracefully
    die('Search query missing');
}

mysqli_close($link);

if (empty($data))
{
    // TODO: No records matched, handle gracefully
    die('No records matched');
}
?>

获得数据后,根据需要输出。请注意,我还选择了 id 列 - 由于所有其他字段都是可更新的,因此如果所有字段都已更改,则无法识别记录。要解决此问题,您需要一个始终标识正在更新的记录的值。我选择了该id列,但任何其他独特的 - 不可更新的字段都可以。

<?php
foreach($data as $record)
{
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
    <input type="hidden" name="id" value="<?php echo $record['id']; ?>" />
    <div class="form-group">
         <label>Name</label>
         <input type="text" name="name" class="form-control" value="<?php echo $record['name']; ?>">
    </div>
    <div class="form-group">
         <label>Surname</label>
         <input type="text" name="surname" class="form-control" value="<?php echo $record['surname']; ?>">
    </div>
    <div class="form-group">
         <label>Email</label>
         <input type="email" name="email" class="form-control" value="<?php echo $record['email']; ?>">
    </div>
    <div class="form-group">
         <label>Username</label>
         <input type="text" name="username" class="form-control" value="<?php echo $record['username']; ?>">
    </div>
    <div class="form-group">
         <label>Password</label>
         <input type="text" name="password" class="form-control" value="<?php echo $record['password']; ?>">
    /div>
    <div class="form-group">
        <input type="update" class="btn btn-primary" value="update">
    </div>
</form>
<?php
}
?>

推荐阅读