[英]PHP: Variable showing value, even when submit button hasn't been clicked
方案是必须搜索代码,如果代码存在,结果将从MySQL DB中出现,否则显示一条消息“对不起,但未找到结果”。 也许重新输入您的EVR编号:或再次检查您的输入。”
但是,甚至在进行搜索之前,错误消息已经显示。
我究竟做错了什么?
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else { // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
?>
并在同一文件中以HTML形式显示结果:
<form action="index.php" method="POST" class="search">
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<div class="form-group">
<input type="text" name="query" class="form-control" placeholder="Enter Your EVR No." required/>
<button type="submit" id="form-submit" value="Search" class="btn-submit btn btn-big dark-blue-bordered-btn">Submit</button>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<?php
if($no_results!="") // Two times Doule Quotation marks that is, and != means "not equal to". So we mean to say if $code is not equal to empty
{
echo $no_results;
}
else { echo " "; }
我尝试过isset(),empty(),但即使未进行搜索,仍然会显示错误消息。
我想念什么?
它很粗糙,但是可以。 原因是加载页面时,您的搜索框为空,并且正在执行查询,其中NULL返回0行。
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
if ($query) {
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
<?php
$no_results = NULL;
if (isset($_POST['query']) && strlen($_POST['query']) > 0) {
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
} else {
//no query value
}
?>
<?php
if(isset($_POST['query'])) {
$no_results = '';
$query = mysql_real_escape_string($_POST['query']);//added some security
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
这应该是最好的选择...停止使用mysql_ *函数,请使用PDO或MySQLi。 您的代码对sql-injection很脆弱
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.