mysql - 带有 Where 子句的空结果

Question

我在根据搜索表单显示“访问”表的结果时遇到问题！

这是代码！

                <?php

                $date1 = $_POST['day'] . "-" . $_POST['month'] . "-" . $_POST['year'];
                $date2 = $_POST['day1'] . "-" . $_POST['month1'] . "-" . $_POST['year1'];
                $product=$_POST['product'];
                $region=$_POST['region'];
                $speciality=$_POST['speciality'];
                $type=$_POST['visit_type'];

$query="SELECT id, name, seller_1_name, seller_2_name FROM visits Where (speciality ='$speciality') AND (type ='$type') AND (product ='$product') AND (date BETWEEN '$date1' AND '$date2')";
$num=mysql_numrows($result);
$row = mysql_fetch_array($result);

?>

<h3> Showing results where Product is <?php echo $product; ?>, Speciality is <?php echo $speciality ?>, Region is <?php echo $region ?> and Type is <?php echo $type ?>.</h3>
        <table class="auto-style4" style="width: 100%" border="1"><tr>
        <td style="height: 18px">ID</td>
        <td style="height: 18px">Name</td>
        <td style="height: 18px">seller one name</td>
        <td style="height: 18px">seller 2 name</td>   
        </tr>
        <tr>
        <?php
$i=0;
while ($i < $num) {


$f1=mysql_result($result,$i,"id");
$f2=mysql_result($result,$i,"name");
$f4=mysql_result($result,$i,"seller_1_name");
$f5=mysql_result($result,$i,"seller_2_name");

?>        
        <td><?php echo $f1; ?> </td>
        <td><?php echo $f2; ?> </td>
        <td><?php echo $f4; ?></td>
        <td><?php echo $f5; ?></td>
         </tr>

<?php
$i++;
}
?>  

它显示了输入正确变量的标题，但表格为空并带有错误代码：

警告：mysql_numrows()：提供的参数不是第 175 行 /home/ebarea/public_html/.../.../results_submitt.php 中的有效 MySQL 结果资源

警告：mysql_fetch_array()：提供的参数不是第 176 行 /home/ebarea/public_html/.../.../results_submitt.php 中的有效 MySQL 结果资源

怎么了>！

Answer 1

你从来没有执行过mysql_query。也许是这样的：

$query="SELECT id, name, seller_1_name, seller_2_name FROM visits Where (speciality ='$speciality') AND (type ='$type') AND (product ='$product') AND (date BETWEEN '$date1' AND '$date2')";
$result=mysql_query($query); ## This line is new.
$num=mysql_numrows($result);
$row = mysql_fetch_array($result);

要解决日期问题，您可能需要明确告诉 MySQL 日期的方式。例如：

$query="SELECT 
            id, name, seller_1_name, seller_2_name
        FROM visits 
        WHERE
            (speciality ='$speciality') AND
            (type ='$type') AND
            (product ='$product') AND
            (date BETWEEN DATE('$date1') AND DATE('$date2'))";

然而，正如其他人所指出的那样，您用来填充变量的代码容易受到 SQL 注入攻击，因此确实应该更新。

Answer 2

没有

$result = mysql_query($query);

前

$num=mysql_numrows($result);
$row = mysql_fetch_array($result);

Answer 3

您只是忘记之前运行 mysql_query ：

$result = mysql_query($query);
$num = mysql_numrows($result);

Answer 4

这可以帮助你处理多行，idd，不要忘记 mysql_query(); 解析用户输入也是明智之举，现在您完全容易受到 sql-injection 的攻击。

$query = mysql_query($sql, $conn);
$total = mysql_num_rows();
while ( $row = mysql_fetch_object() )
{
   $data[] = $row;
}
foreach( $data as $r )
{
  echo "<td>".$r->id."</td>";
  echo "<td>".$r->name."</td>";
  echo "<td>".$r->seller_1_name."</td>";
  echo "<td>".$r->seller_2_name."</td>";
}