如何在同一个html页面上显示php

plupiseo  于 2021-06-25  发布在  Mysql
关注(0)|答案(2)|浏览(439)

我有一个html表单,可以使用php搜索mysql数据库。在运行php代码之后,我在另一个页面上得到了搜索结果。我想在表格旁边的表格中获得搜索结果。代码如下:
html格式:

<form name="select"action="select.php" method="post">
 Name:
 <input type="submit" name="sub">
 </form>

PHP:

$name = $_POST['name'];
$sql = "SELECT * FROM db where name ='$name'";
if($result = mysqli_query($conn, $sql)){
    if(mysqli_num_rows($result) > 0){ 
        echo "<table>"; //tabellen
        echo "<table border=1";
            echo "<tr>";
                echo "<th>Email</th>";
                echo "<th>Name</th>";
                echo "<th>nbr</th>";
            echo "</tr>";
        while($row = mysqli_fetch_array($result)){ 
            echo "<tr>";
                echo "<td>" . $row['email'] . "</td>";
                echo "<td>" . $row['name'] . "</td>";
                echo "<td>" . $row['nbr'] . "</td>";

            echo "</tr>";
        }
        echo "</table>";
        mysqli_free_result($result);
mysqlphpHtmlmysqli

2条答案

按热度按时间
6mzjoqzu

6mzjoqzu1#

最简单的选择是让php代码在同一个页面上处理搜索请求并删除表单操作。
也就是说,由于sql语句中的嵌入变量,您的代码容易受到sql注入的攻击。当你使用 mysqli 你应该可以很容易地翻译这个使用 prepared statements 比如:
例子:

if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['name'] ) ) {

    $name = $_POST['name'];
    /*
        Better to select specific fields rather than all fields, 
        then bind those to specific result variables.
    */
    $sql='select `email`,`name`,`nbr` from `db` where `name`=?';
    $stmt=$con->prepare( $sql );

    if( $stmt ){

        $stmt->bind_param( 's', $name );
        $result=$stmt->execute();

        if( $result && $stmt->num_rows > 0 ){

            $stmt->store_result();
            $stmt->bind_result( $email, $name, $nbr );

            echo '<table>
                    <tr>
                        <th>Email</th>
                        <th>Name</th>
                        <th>nbr</th>
                    </tr>';

            while( $stmt->fetch() ){
                printf('
                    <tr>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                    </tr>', $email, $name, $nbr );
            }

            echo '</table>';
        }
    }
}

如果要用ajax来实现它,那么可能需要遵循以下原则(在哪里 select.php 具有上述代码或类似代码)

document.querySelector('sub').onclick=function(event){
    event.preventDefault()
    var _callback=function(r){
        document.querySelector('form[name="select"]').insertAdjacentHTML('afterend',r);
    }

    var xhr=new XMLHttpRequest();
    xhr.onreadystatechange=function(){
        if( this.status==200 && this.readyState==4 )_callback.call( this, this.response );
    }
    xhr.open( 'POST', 'select.php', true );
    xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
    xhr.send( 'name='+document.querySelector('name').value );
}
赞(0)分享  回复(0)举报  2021-06-25
pobjuy32

pobjuy322#

search.php

<form name="select" action="" method="post">
 Name:
 <input type="submit" name="sub">
</form>

<?php

if(isset($_POST['sub'])){
$name = $_POST['name'];
$sql = "SELECT * FROM db where name ='$name'";
if($result = mysqli_query($conn, $sql)){
    if(mysqli_num_rows($result) > 0){ 
        echo "<table>";
        echo "<table border=1">;
        echo "<tr>";
        echo "<th>Email</th>";
        echo "<th>Name</th>";
        echo "<th>nbr</th>";
        echo "</tr>";
        while($row = mysqli_fetch_array($result)){ 
            echo "<tr>";
                echo "<td>" . $row['email'] . "</td>";
                echo "<td>" . $row['name'] . "</td>";
                echo "<td>" . $row['nbr'] . "</td>";

            echo "</tr>";
        }
        echo "</table>";
        mysqli_free_result($result);
}
?>
赞(0)分享  回复(0)举报  2021-06-25
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com