-1

现在,在我们开始之前,让我告诉大家这只是一个学校作业,我并不是 php 和 sql 编码方面的专家。

我遇到了问题,每当我执行脚本时,都会收到以下错误:

注意:未定义变量:Team in C:\xampp\htdocs\NFL\searchmatches.php on line 30.

据我了解,脚本和表单文件之间的链接会出现拼写错误,但我似乎找不到问题所在。

这是一个用于搜索数据库的文件: 脚本:

 <?php
    mysql_connect("localhost","root","0gd1d0wgpg") or die(mysql_error());
    mysql_select_db("NFL") or die(mysql_error());
    $query=mysql_query("SELECT * FROM Matches where Team ='$Team'") or die(mysql_error());
    $numfields = mysql_num_fields($query);
    print("<table border=\"1\">\n<tr>\n");
    for ($i=0; $i<$numfields; $i++) {
      printf("<th>%s</th>\n", mysql_field_name($query,$i));
    }
    print("</tr>\n");
    while ($row = mysql_fetch_row($query)) {
      print("<tr>\n");
      for ($i=0; $i<sizeof($row); $i++) {
         printf("<td>%s</td>\n", $row[$i]);
      }
      print("</tr>\n");
    }
    print("</table>\n");
    ?>

形式:

<form name="addmatch" method="post" action="searchmatches.php">
Search for the match history of a particular team here.<br>
<br>
Team Name: <input type="text" name="Team_Name" value="Team Name">
<br>
<br>
<input type="submit" value="Search">
</form>

是的,实际文件中有更多编码,但我认为,PHP 将是您帮助我所需的全部。

所以有人可以告诉我如何摆脱这个错误并使搜索工作。

4

1 回答 1

3

PHP uses a special "super global" to give you access to submitted form values. The $_POST superglobal is an array with keys that match the name attribute of the form elements (when the form is submitted with the "post" method). Add this line: 

$Team = mysql_real_escape_string($_POST['Team_Name']);

above the use of $Team in the query.

To recap, the 'Team_Name' identifier comes from your HTML: 

<input type="text" name="Team_Name" value="Team Name">

and then when the form is submitted, whatever you put in that form control is available at $_POST['Team_Name']. I passed the value through the "escape" function so to protect your query from going bonkers (or worse) if that value happened to contain special characters.

于 2012-08-27T06:37:48.870 回答