php搜索脚本在mysql数据库不工作
问题描述:
我想开发一个程序,在mysql数据库中搜索并返回搜索结果,但在我点击提交时显示所有结果我不知道这是为什么发生的事情,所以任何帮助将不胜感激php搜索脚本在mysql数据库不工作
<?php
include('connect2.php');
?>
<?php
echo "<center>";
echo "<table border = '3'>";
echo "<thead>";
echo "<tr>";
echo "<th><u>id</u></th>";
echo "<th><u>name</u></th>";
echo "<th><u>countrycode</u></th>";
echo "<th><u>district</u></th>";
echo "<th><u>population</u></th>";
echo "</center>";
echo "</tr>";
echo "</thead>";
$name = isset($_POST['search']) ? $_POST['search'] : '';
$result = mysqli_query($conn, "SELECT id, name, district, population, countrycode FROM city WHERE concat(id, name, district, population, countrycode) LIKE '%$name%' ");
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
echo "<tr><td>" . $row['id'] . "</td><td>" . $row['name'] . "</td><td>" . $row['countrycode'] . "</td><td>" . $row['district'] . "</td><td>" . $row['population'] . "</td></th>";
}
}
else {
header("Location:error page.html"); die;
}
echo "</table>";
mysqli_close($conm);
?>
搜索页面的search.php
<?php
include('connect2.php') ;
?>
<!DOCTYPE html>
<head>
<title>city results</title>
<link href="style-table.css" rel="stylesheet">
<link href="animate.css" rel="stylesheet">
<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
<script>
function validateform() {
var x = document.forms["myform"]["input"].value;
if (x == "") {
alert("input must be filled out");
return false;
}
}
</script>
</head>
<body>
<form method="POST" action="display-results-city.php" name="myform" onsubmit="return validateform()">
<input type="text" name="input" placeholder="search.........">
<button name="submit" type="submit">go</button>
</form>
<?php
echo '<div class="animated fadeInUp">';
echo '<a href="search.php"><i class="fa fa-arrow-left fa-lg" aria-hidden="true" ></i></a>';
echo "<div id='records'>";
echo "<table border = '0'>";
echo "<tr>";
echo "<th>ID</th>";
echo "<th>name</th>";
echo "<th>countrycode</th>";
echo "<th>district</th>";
echo "<th>population</th>";
echo "</tr>";
echo "</div>";
echo '</div>';
$sql = "select * from city limit 50";
$result = $conn->query($sql);
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row['ID']. "</td><td>" . $row['Name']. "</td><td>" . $row['CountryCode'] . "</td><td>" . $row['District'] . "</td><td>" . $row['Population'] . "</td></tr>";
}
} else {
echo " 0 results";
}
echo '</table>';
$conn->close();
?>
</body>
</html>
答
尝试运行该查询..
$result = mysqli_query($conn, "SELECT id, name, district, population, countrycode FROM city WHERE UPPER(concat(id, name, district, population, countrycode)) LIKE UPPER('%$name%') ");
它将匹配“名称”和“名称”。
+0
是啊,它似乎没有工作 –
+0
你在这条线上得到真实? isset($ _ POST ['search']) –
+0
是啊,最有可能的原因是它显示数据库的所有结果,但我不知道为什么它没有匹配 –
请参阅'name =“input”''''_ _POST ['search']'。使用错误报告,我想你会得到一个未定义的变量通知。你也开放SQL注入。使用参数化查询。你的'header'也会失败,因为你在'header'调用之前输出。最后注意,https://dev.mysql.com/doc/refman/5.7/en/fulltext-search.html。 – chris85
**警告**:当使用'mysqli'时,您应该使用[参数化查询](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param']( http://php.net/manual/en/mysqli-stmt.bind-param.php)将用户数据添加到您的查询中。 **不要**使用字符串插值或连接来完成此操作,因为您创建了严重的[SQL注入漏洞](http://bobby-tables.com/)。 **不要**将'$ _POST','$ _GET'或**任何**用户数据直接放入查询中,如果有人试图利用您的错误,这可能会非常有害。 – tadman
[PHP的:“注意:未定义的变量”,“注意:未定义的索引”和“注意:未定义的偏移量”的可能的重复](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable- notice-undefined-index-and-notice-undef) – chris85