0

我一直在尝试为拥有一家模型马戏店的父亲建立一个数据库,但我遇到了一些我无法识别的特定问题。当我运行搜索时,它返回空结果。我已经使用我的一个有效网站检查并仔细检查了我的代码。我哪里做错了?

<?php

       //Variables for connecting to your database.
       //These variable values come from your hosting account.
      $hostname = "circus.db.10527209.hostedresource.com";
       $username = "circus";
       $dbname = "circus";

                //These variable values need to be changed by you before deploying
        $password = "********";
        $usertable = "Customers";
        $yourfield1 = "Customer_Name";
        $yourfield2 = "Address";
        $yourfield3 = "Phone_Number";
        $yourfield4 = "Email_Address";
        $yourfield5 = "Scale";
        $yourfield6 = "Project_Type";
        $yourfield7 = "Number";
        $yourfield8 = "CMB_Member";
        $search_id = $_POST["search_id"];

                  //Connecting to your database
                mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
                connect to database! Please try again later.");
                mysql_select_db($dbname);

                //Fetching from your database table.
                $query = "SELECT * FROM $usertable WHERE Customer_Name = $search_id" ;

                //echo $query;
                $result = mysql_query($query);



     if ($result) {
                    while($row = mysql_fetch_array($result)) {
                        $name = $row["$yourfield1"];          

    $address = $row["$yourfield2"];
                        $phone = $row["$yourfield3"];
                        $email = $row["$yourfield4"];
                        $scale = $row["$yourfield5"];
                        $type = $row["$yourfield6"];
                        $number = $row["$yourfield7"];
                        $CMB = $row["$yourfield8"];


                    }



                        }






                ?>


    <head>
    <meta http-equiv="Content-Script-Type" content="text/javascript">
    <meta name="viewport" content="width=device-width"/>
    <meta http-equiv="Content-Language" content="English" />
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" type="text/css" href="style.css">
    </head>
    <body>

    <h2> User Data</h2>

    Name:<?php echo $name; ?><br>
    Customer Address:<?php echo $address; ?><br>
    Phone Number:<?php echo $phone; ?><br>
    Email Address:<?php echo $email; ?><br>
    Scale: <?php echo $scale;?><br>
    Project Type: <?php echo $type; ?><br>
    Customer Number:<?php echo $number;?><br>
    Circus Model Builder:<?php echo $CMB; ?><br>






    </span>

    </body>

    <footer>
    </footer>
    </html>


Search Page:


    <head>
    <meta name="viewport" content="width=device-width">
    <title>Search</title>
    <meta http-equiv="Content-Language" content="English" />
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" type="text/css" href="/style.css" media="screen" />
    </head>
    <body>
    <div id="wrap">

    <div id="top"></div>

    <div id="content">

    <div id="header">
    </div>
    <div id="content">
    <p>Enter Customer Name Here<p>

    <form action="viewuser.php" method="POST">
    <fieldset>
    <input type= text id="search_id" name= "search_id"
    cols= "7" rows="1"></input>
    <feildset>
    <br/>
    <fieldset class"auto">
    <input type="submit" value="Find Customer"/>
    <input type="reset" value="Restart"
    </fieldset>
    </form>
    </div>


    <div id="footer">
    <center>Database information as of 6/13/13</center>
    </a>
    </div>

    </body>
    </html>
4

1 回答 1

3

$search_id实际上是整数吗?除了注入攻击风险(您没有对提交的值进行任何检查/转义)以及您不应该使用mysql_*函数这一事实之外,它看起来像是一个字符串,这意味着它需要在您的查询中引用:

$query = "SELECT * FROM $usertable WHERE Customer_Name = '$search_id'";
于 2013-06-17T00:05:14.110 回答