简单的 php - mysql 选择和插入

Question

I am not a programmer (duh), I just need to make a really simple tool for populating sql database. First I have html with form:

<form action="http://localhost:8081/phpSearch.php" method ="post">
Enter code: <input type="text" name="search"><br>
<input type ="submit">
</form>

and then php that should connect to MYSQL, search for data according to input (code,name) in one table and then populate another table with the result. And I'm only mising what to put instead of question marks.

<?php
$search1 = $_POST['search'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mydb";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = "SELECT code,name FROM users WHERE code LIKE '%$search1%'";

$sql2 = "INSERT INTO newUsers (newCode,newName) VALUES ('$search1', ??????)";

$conn->close();
?>

I'm pretty sure this is easy for you experts, so thanks in advance.

Answer 1

You could actually do this in a single SQL query:

$search1 = "%".$_POST['search']."%";
$sql = "INSERT INTO newUsers (newCode, newName) SELECT code, name FROM users WHERE code LIKE ?";

$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $search1);
$stmt->execute();

This will insert all the results of the SELECT query directly into the other table, without needing any intermediate processing in PHP. More about the INSERT...SELECT query format can be found here .

Note I've used prepared statements and parameters - which both executes the query securely and reduces the risk of accidental syntax errors. You can get more examples of this here .

Also, in a real application you shouldn't log in as root from your web application - instead create a SQL account for the application which has only the privileges it actually needs .