[英]PHP: Variable showing value, even when submit button hasn't been clicked
方案是必須搜索代碼,如果代碼存在,結果將從MySQL DB中出現,否則顯示一條消息“對不起,但未找到結果”。 也許重新輸入您的EVR編號:或再次檢查您的輸入。”
但是,甚至在進行搜索之前,錯誤消息已經顯示。
我究竟做錯了什么?
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else { // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
?>
並在同一文件中以HTML形式顯示結果:
<form action="index.php" method="POST" class="search">
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<div class="form-group">
<input type="text" name="query" class="form-control" placeholder="Enter Your EVR No." required/>
<button type="submit" id="form-submit" value="Search" class="btn-submit btn btn-big dark-blue-bordered-btn">Submit</button>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<?php
if($no_results!="") // Two times Doule Quotation marks that is, and != means "not equal to". So we mean to say if $code is not equal to empty
{
echo $no_results;
}
else { echo " "; }
我嘗試過isset(),empty(),但即使未進行搜索,仍然會顯示錯誤消息。
我想念什么?
它很粗糙,但是可以。 原因是加載頁面時,您的搜索框為空,並且正在執行查詢,其中NULL返回0行。
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
if ($query) {
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
<?php
$no_results = NULL;
if (isset($_POST['query']) && strlen($_POST['query']) > 0) {
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
} else {
//no query value
}
?>
<?php
if(isset($_POST['query'])) {
$no_results = '';
$query = mysql_real_escape_string($_POST['query']);//added some security
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
這應該是最好的選擇...停止使用mysql_ *函數,請使用PDO或MySQLi。 您的代碼對sql-injection很脆弱
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.