mysql查询使用2个submit按钮表单返回空白页

cnh2zyt3  于 2021-06-21  发布在  Mysql
关注(0)|答案(1)|浏览(343)

mysql查询使用2个submit按钮表单返回空白页。当我运行这个时,得到一个没有错误的空白页。我能够显示整个数据库,但有困难,通过搜索和显示匹配。
index.html页面:

<form action="subjsearch.php" method="post">
        <label>First Name:</label><input type="text" name ="firstname"><br><br>
        <label>Last Name:</label><input type="text" name ="lastname"><br><br>
        <label>Age:</label><input type="text" name="age" size = "2"><br><br>
        <label>Tattoo:</label><input type="text" name ="tattoo"><br><br>
        <label>Moniker:</label><input type="text" name ="moniker"><br><br>
        <input type="submit" name="submitBTN" value="Submit">
        <input type="submit" name="searchBTN" value="Search">
        <input type="reset" name="resetBTN" value="Reset">
    </form>

操作页面:

<?php
        include 'db.php';
        if(isset($_POST['submitBTN'])){
            $firstname = $_POST['firstname'];
            $lastname = $_POST['lastname'];
            $age = $_POST['age'];
            $tattoo = $_POST['tattoo'];
            $moniker = $_POST['moniker'];

        $query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
                                '$firstname',
                                '$lastname',
                                '$age',
                                '$tattoo',
                                '$moniker')";

        if ($conn->query($query) === TRUE) {
            echo "New record created successfully";
        } elseif(isset($_POST['searchBTN'])){
            $query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
            $result = $conn->query($query);
        if ($result->num_rows > 0) {
            echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
            // output data of each row
            while($row = $result->fetch_assoc()) {
                echo "<tr><td>".$row["id"]."</td><td>".$row["firstName"]." ".$row["lastName"]."</td><td>".$row["age"]."</td><td>".$row["tats"]."</td><td>".$row["moniker"]. "</td></tr>";
            }
            echo "</table>";
        } else {
            echo "0 results";
        }

        }

        $conn->close();
        }
        ?>
vaj7vani

vaj7vani1#

搜索不起作用,因为它在 if(isset($_POST['submitBTN'])) {..} 阻止。移动了 if(isset($_POST['searchBTN'])) {..} 挡在外面 if(isset($_POST['submitBTN'])) {..} 阻止。
还对输入值进行了转义,以避免sql注入。首选的方法是准备语句tho。
更新代码:

<?php
include 'db.php';

$firstname = $conn->real_escape_string(isset($_POST['firstname']) ? $_POST['firstname'] : '');
$lastname = $conn->real_escape_string(isset($_POST['lastname']) ? $_POST['lastname'] : '');
$age = $conn->real_escape_string(isset($_POST['age']) ? $_POST['age'] : '');
$tattoo = $conn->real_escape_string(isset($_POST['tattoo']) ? $_POST['tattoo'] : '');
$moniker = $conn->real_escape_string(isset($_POST['moniker']) ? $_POST['moniker'] : '');

if (isset($_POST['submitBTN'])) {
    $query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
                                '$firstname',
                                '$lastname',
                                '$age',
                                '$tattoo',
                                '$moniker')";

    if ($conn->query($query) === true)  {
        echo "New record created successfully";
    }
    $conn->close();
}

if (isset($_POST['searchBTN'])) {
        $query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
        $result = $conn->query($query);
        if ($result->num_rows > 0)  {
            echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
            // output data of each row
            while ($row = $result->fetch_assoc())  {
                echo "<tr><td>" . $row["id"] . "</td><td>" . $row["firstName"] . " " . $row["lastName"] . "</td><td>" . $row["age"] . "</td><td>" . $row["tats"] . "</td><td>" . $row["moniker"] . "</td></tr>";
            }
            echo "</table>";
        }
        else {
            echo "0 results";
        }

    }
?>

相关问题