PHP/MySQL搜索引擎会话问题
问题描述:
PHP/MySQL新手在这里。PHP/MySQL搜索引擎会话问题
我创建了一个基本的搜索引擎,用于查询包含多个值的MySQL表。然而,搜索表单具有多个搜索按钮,以限制基于单个值类型的搜索(在这种情况下,由于我们正在处理地震,因此我们正在处理地震)
结果的初始搜索和显示但是当我尝试使用分页链接转到其他页面的结果时,它无法提取下一组结果,并且当我在浏览器中单击时(我正在使用Firefox,但是我会在其他浏览器中测试这个),会话已经过期,所以我设法将问题缩小到那里(除非我在这里咆哮完全错误的树)
这里发生了什么问题,并且我如何解决它?
我觉得答案很简单,但我只是没有看到它。这里是结果页面的代码(它是从我在Internet上找到的多个教程一起入侵的,但我理解代码中发生了什么),并且添加了var_dump($ _ SESSION)命令以查看要传递的变量该问题解决后,该会话将被移除。
<?php
include('db.php'); // include your code to connect to DB.
session_start();
var_dump($_SESSION);
if (mysql_real_escape_string($_POST['regbutton']) == submit||(!isset($_SESSION['submit1']))||!(isset($_SESSION['submit2']))){
$_SESSION['search']=mysql_real_escape_string($_POST['regbutton']);
$_SESSION['submit1']=mysql_real_escape_string($_POST['place']);
$_SESSION['submit2']=mysql_real_escape_string("empty");
$place =mysql_real_escape_string($_SESSION['submit1']);
$clicked=mysql_real_escape_string($_SESSION['search']);
var_dump($_SESSION);
}
elseif(mysql_real_escape_string($_POST['magbutton']) == submit|| (!isset($_SESSION['submit1']))||!(isset($_SESSION['submit2']))){
$_SESSION['search']=mysql_real_escape_string($_POST['magbutton']);
$_SESSION['submit1']=mysql_real_escape_string($_POST['mag1']);
$_SESSION['submit2']=mysql_real_escape_string($_POST['mag2']);
$mag1 = mysql_real_escape_string($_SESSION['submit1']);
$mag2 = mysql_real_escape_string($_SESSION['submit2']);
$clicked=mysql_real_escape_string($_SESSION['search']);
var_dump($_SESSION);
}
else{
var_dump($_SESSION);
echo "No records found. Session might be broken.";
exit;
}
$tbl_name="quake"; //your table name
// How many adjacent pages should be shown on each side?
$adjacents = 3;
$query = "SELECT COUNT(*) as num FROM $tbl_name";
$result = mysql_query($query);
$total_pages = mysql_fetch_array($result);
$total_pages = $total_pages[num];
/* Setup vars for query. */
$targetpage = "resultz.php"; //your file name (the name of this file)
$limit = 30; //how many items to show per page
$page = $_GET['page'];
if($page)
$start = ($page - 1) * $limit; //first item to display on this page
else
$start = 0; //if no page var is given, set start to 0
/* Get data. */
if (mysql_real_escape_string($_POST['regbutton']) == submit){
$query = "SELECT * FROM quake WHERE region LIKE '%of%, $place%' LIMIT $start, $limit";
}
elseif (mysql_real_escape_string($_POST['magbutton']) == submit){
if ($mag2 >= $mag1) {
$query = "SELECT * FROM quake WHERE magnitude BETWEEN '$mag1' and '$mag2' LIMIT $start, $limit";
}
else{
$query = "SELECT * FROM quake WHERE magnitude BETWEEN '$mag2' and '$mag1' LIMIT $start, $limit";
}
}
else{
echo "No records found.";
exit;
}
$result = mysql_query($query) or die(mysql_error());;
/* Setup page vars for display. */
if ($page == 0) $page = 1; //if no page var is given, default to 1.
$prev = $page - 1; //previous page is page - 1
$next = $page + 1; //next page is page + 1
$lastpage = ceil($total_pages/$limit); //lastpage is = total pages/items per page, rounded up.
$lpm1 = $lastpage - 1; //last page minus 1
/*
Now we apply our rules and draw the pagination object.
We're actually saving the code to a variable in case we want to draw it more than once.
*/
$pagination = "";
if($lastpage > 1)
{
$pagination .= "<div class=\"pagination\">";
//previous button
if ($page > 1)
$pagination.= "<a href=\"$targetpage?page=$prev\"> previous</a>";
else
$pagination.= "<span class=\"disabled\"> previous</span>";
//pages
if ($lastpage < 7 + ($adjacents * 2)) //not enough pages to bother breaking it up
{
for ($counter = 1; $counter <= $lastpage; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage?page=$counter\">$counter</a>";
}
}
elseif($lastpage > 5 + ($adjacents * 2)) //enough pages to hide some
{
//close to beginning; only hide later pages
if($page < 1 + ($adjacents * 2))
{
for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage?page=$counter\">$counter</a>";
}
$pagination.= "...";
$pagination.= "<a href=\"$targetpage?page=$lpm1\">$lpm1</a>";
$pagination.= "<a href=\"$targetpage?page=$lastpage\">$lastpage</a>";
}
//in middle; hide some front and some back
elseif($lastpage - ($adjacents * 2) > $page && $page > ($adjacents * 2))
{
$pagination.= "<a href=\"$targetpage?page=1\">1</a>";
$pagination.= "<a href=\"$targetpage?page=2\">2</a>";
$pagination.= "...";
for ($counter = $page - $adjacents; $counter <= $page + $adjacents; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage?page=$counter\">$counter</a>";
}
$pagination.= "...";
$pagination.= "<a href=\"$targetpage?page=$lpm1\">$lpm1</a>";
$pagination.= "<a href=\"$targetpage?page=$lastpage\">$lastpage</a>";
}
//close to end; only hide early pages
else
{
$pagination.= "<a href=\"$targetpage?page=1\">1</a>";
$pagination.= "<a href=\"$targetpage?page=2\">2</a>";
$pagination.= "...";
for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage?page=$counter\">$counter</a>";
}
}
}
//next button
if ($page < $counter - 1)
$pagination.= "<a href=\"$targetpage?page=$next\">next </a>";
else
$pagination.= "<span class=\"disabled\">next </span>";
$pagination.= "</div>\n";
}
?>
<head>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<link rel="stylesheet" media="print" type="text/css" href="print.css" />
<title>Recent Earthquakes</title>
</head>
<div id="header">
QUAKE SEARCH
</div>
<div id="header2">
Search the latest quakes
</div>
<table border=1>
<thead>
<td>Source</td>
<td>EqID</td>
<td>Version</td>
<td>Date/Time</td>
<td>Latitude</td>
<td>Longitude</td>
<td>Magnitude</td>
<td>Depth</td>
<td>NST</td>
<td>Region</td>
</thead>
<?php
while($row = mysql_fetch_row($result))
{
echo "<tr>";
// $row is array... foreach(..) puts every element
// of $row to $cell variable
foreach($row as $cell)
echo "<td>$cell</td>";
echo "</tr>\n";
?>
<?=$pagination?>
这里是搜索表单:
<?php
session_start();
include ('db.php');
?>
<head>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<link rel="stylesheet" media="print" type="text/css" href="print.css" />
<title>Recent Earthquakes</title>
</head>
<div id="header">
QUAKE SEARCH
</div>
<div id="header2">
Search the latest quakes
</div>
<div id="search">
<form name="magsearch" action="resultz.php" method="post">
<label>Search by Magnitude:</label>
<select name="mag1">
<option>1.0</option>
<option>2.0</option>
<option>3.0</option>
<option>4.0</option>
<option>5.0</option>
<option>6.0</option>
<option>7.0</option>
<option>8.0</option>
<option>9.0</option>
<option>10.0</option>
</select>
<select name="mag2">
<option value=1>1.0</option>
<option value=2>2.0</option>
<option value=3>3.0</option>
<option value=4>4.0</option>
<option value=5>5.0</option>
<option value=6>6.0</option>
<option value=7>7.0</option>
<option value=8>8.0</option>
<option value=9>9.0</option>
<option>10.0</option>
</select>
<input name="magbutton" type="submit" value="submit" />
<input type="hidden" name="content" value="search">
</form>
<form name ="regsearch" action="resultz.php" method="post">
<label>Search by Region:</label>
<input name="place" type="text" size="14" />
<input name="regbutton" type="submit" value="submit" />
<input type="hidden" name="content" value="search">
</form>
</div>
答
什么是
if (mysql_real_escape_string($_POST['regbutton']) == submit||
,如果你不使用它,您无需越狱的数据点一个SQL操作 - 你只需要在PHP中进行比较,在这个特定的代码行中没有数据库站点。此外,您将您的转义表单值与未定义的常量进行比较 - 请注意submit附近缺少引号。 PHP会礼貌地将其视为未加引号的字符串,但会发出警告 - 由于您没有提到收到任何警告,因此您可能关闭了display_errors--这意味着您不会看到代码中的任何问题报告。
这些错误重复整个代码,所以不只是解决这一行 - 修复整个脚本。
把上面一行
if ($_POST['regbuttn'] == 'submit') || etc...
,然后去阅读如何启用display_errors PHP手册。有了这个,你在黑暗中工作,反复地在脚下开枪。
加...不使用表单域的存在,以确定是否一个POST已发生。这是不可靠的。使用
if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }
改为100%可靠。
+0
我不知道,我觉得我需要清理任何正在使用的输入,但没问题。是的,你可能对那些没有引号的字符串是正确的。我会尝试添加引号并查看它是否有效。 – user1504106 2012-07-17 17:05:35
+1
盲目消毒就像是在吃完之前用漂白剂盖住晚餐,因为稍后洗时会使用漂白剂。当你真正要做某些需要清理/转义的事情时,你可以清理/逃避。 – 2012-07-17 17:06:49
+0
谢谢。关于($ _SERVER ['REQUEST_METHOD'])的主题,在这种情况下有两个不同的按钮。我需要能够告诉服务器哪个按钮被按下。 – user1504106 2012-07-17 18:22:15
没有人想调试你的代码。在PHP脚本的开头添加:error_reporting(E_ALL); ini_set('display_errors',1);并且在每个'mysql_query()'之后检查mysql_error()。 – Jocelyn 2012-07-17 16:49:04
我会记住在未来这样做,很高兴有一种方法可以做到这一点。我只是认为人们可能会发现一些不正确的东西。 – user1504106 2012-07-17 17:03:30
对不起,如果我以前的评论似乎侵略性。我不会忘记几周前我是一个新的Stackoverflow用户。我对许多用户粘贴他们的整个PHP脚本并期望我们读取他们的所有代码并为他们完成所有工作的事实作出了反应。当你在这里发布一个新问题时,可以期待:你尽可能地尝试缩小你的代码范围,只发布相关的部分,并告诉我们你在问这里之前做了一些研究或尝试。无论如何,欢迎来到Stakoverflow :)有人可能会帮助找到解决您的问题。 – Jocelyn 2012-07-17 17:27:32