-1

有人可以看看我的代码我终于在 2 天后开始工作,并从这里得到了很多帮助 - 谢谢!

我想做一些调整 -

  • 对于交易 ID,如果我在交易 ID 中搜索任何字母,则会显示记录 - 如果已输入完整交易 ID 并与数据库中的记录匹配,我只希望它向我显示记录。交易 ID 示例:87K07228GD157974M

  • 如果您想检索您的代码,您必须输入您的姓名、电子邮件和交易日期,这很完美但时间也包含在日期中,但我不希望任何人也必须输入时间只有日期即....您当前必须输入:2013-03-07 01:39:23 - 但我想以 DD/MM/YY 的格式输入 - 这可能吗?

我也不知道代码是否也安全,任何建议都将不胜感激。谢谢,

这是代码:

findme.html

<html>

<head>
<title>Search</title>
</head>

<body bgcolor=#ffffff>

<h2>Search Transaction ID</h2>

<form name="search" method="post" action="findme.php">
Seach for: <input type="text" name="find" /> 


<input type="submit" name="search" value="Search" />
</form>
OR

<h2>Search Name, E-Mail & Transaction Date</h2>

<form name="search" method="post" action="findme1.php">
Full Name (on paypal account) <input type="text" name="name" /> <br><br>
Paypal E-Mail Address <input type="text" name="email" />  <br><br>
Transaction Date - DD/MM/YY <input type="text" name="date" /> 


<input type="submit" name="search" value="Search" /><br><br>
If searching via Name, E-Mail & Transaction date, all fields must be completed to     obtain your code.
</form>

</body>

</html>

findme.php

<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>

<?php

echo "<h2>Search Results:</h2><p>";

//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}

// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password!") or                 die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());

// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");

//And we display the results
while($result = mysql_fetch_array( $iname ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " "; 
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): </b> " .$find;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}

//This counts the number or results - and if there wasn't any it gives them a little     message explaining that
$anymatches=mysql_num_rows($iname);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the     correct details have been entered...<br><br>";
}


?> 


</body>
</html>

findme1.php

<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>

<?php

echo "<h2>Search Results:</h2><p>";

//If they did not enter a search term we give them an error
if ($name == "")
if ($email == "")
{
echo "<p>Please enter Full Name, E-Mail Address & Transaction Date EXACTLY how they     appear on your PayPal Account...";
exit;
}

// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password") or         die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());

// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$name = mysql_query("SELECT * FROM ibn_table WHERE iemail = '$email' AND iname =     '$name' AND itransaction_date = '$date'");

//And we display the results
while($result = mysql_fetch_array( $name ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " "; 
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): " .$name;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}

//This counts the number or results - and if there wasn't any it gives them a little     message explaining that
$anymatches=mysql_num_rows($name);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the     correct details have been entered...<br><br>";
}


?> 


</body>
</html>

我的数据库中的字段是:

iname
iemail
itransaction_id
ipaymentstatus
itransaction_date

谢谢!

4

1 回答 1

2

如对事务 ID 的评论中所述,您拥有: $iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");

LIKEwith 的作用是%$find%匹配交易 ID 中的任何部分,$find这就是为什么你会得到单个字母的结果。将其更改为:

$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id = '$find'");

对于日期问题,您可以决定从用户那里获取什么,例如您声明的日期:

如果你采取:

$date = "12-11-2012"; //(dd-mm-yyyy)

$split = explode("-", $date);

那么您可以使用它来生成 SQL 日期/时间格式:

$sql_date = date("Y-m-d h:i:s", mktime(0, 0, 0, (int) $split[1], (int) $split[0], (int) $split[2]))

并在 sql 查询中:

transaction_date LIKE '$sql_date%'

最后不使用mysql_*它已被弃用。而是使用mysqli.

于 2013-03-08T10:43:12.727 回答