我在PHP/MySQL搜索中遇到了一些困難。它在一年前運行良好,但由於某種原因它剛剛停止工作。我嘗試過搜索並找不到它。我有它迴應我的查詢,但它永遠不會在WHERE子句中添加。任何幫助深表感謝。PHP/MySQL搜索不起作用
表格代號:
<form name="search" method="post">
<p><b>Name of Property:</b> <input type="text" id="NameSrch" name="NameSrch" /> (optional)</p>
<p><b>City Your Looking to Stay In:</b> <input type="text" id="CitySrch" name="CitySrch" /> (optional)</p>
<p><b>Listing ID Number:</b> <input type="text" id="RentalIDSrch" name="RentalIDSrch" /> (optional)</p>
<p><b>Number of Bedrooms:</b> <input type="text" id="BedroomSrch" name="BedroomSrch" /> (optional)</p>
<p><b>Number of Bathrooms:</b> <input type="text" id="BathroomSrch" name="BathroomSrch" /> (optional)</p>
<p><b>Maximum Occupancy:</b> <input type="text" id="SleepsSrch" name="SleepsSrch" /> (optional)</p>
<input type="hidden" name="method" value="exSearch">
<p><input type="submit" value="Search" /></p>
</form>
PHP代碼:
<?
$method = $_POST['method'];
if($method == 'exSearch') {
// Start Results Display
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql: ' . mysql_error());
mysql_select_db($dbname);
$query_string = 'SELECT * FROM TABLE ';
$location_result_string = "";
$location_count = 0;
if ($NameSrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propName) LIKE ("%$NameSrch%") ';
}
if ($CitySrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propCity) LIKE ("%$CitySrch%") ';
}
if ($RentalIDSrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propID) LIKE ("%$RentalIDSrch%") ';
}
if ($BedroomSrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propBedrooms) LIKE ("%$BedroomSrch%") ';
}
if ($BathroomSrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propBaths) LIKE ("%$BathroomSrch%") ';
}
if ($SleepsSrch) {
if ($location_count > 0) {
$location_result_string = $location_result_string . " AND ";
}
$location_count = $location_count + 1;
$location_result_string = $location_result_string . ' (propSleeps) LIKE ("%$SleepsSrch%") ';
}
if ($location_count > 0) {
$location_result_string = "WHERE (" . $location_result_string . ")";
$query_string = $query_string . $location_result_string;
}
$re = mysql_query($query_string, $con) or die (mysql_error());
$number_of_rows = mysql_num_rows($re);
// Loop through each item in the result set
for ($h = 0; $h < $number_of_rows; $h++)
{
$propID = mysql_result($re, $h, 'propID');
$propAvail = mysql_result($re, $h, 'propAvail');
$propPets = mysql_result($re, $h, 'propPets');
$propName = mysql_result($re, $h, 'propName');
$propPropertyType = mysql_result($re, $h, 'propPropertyType');
$propPriceRange = mysql_result($re, $h, 'propPriceRange');
$propBedrooms = mysql_result($re, $h, 'propBedrooms');
$propBaths = mysql_result($re, $h, 'propBaths');
$propPropertyType = mysql_result($re, $h, 'propPropertyType');
$propSleeps = mysql_result($re, $h, 'propSleeps');
$propPic1 = mysql_result($re, $h, 'propPic1');
$propPicDesc1 = mysql_result($re, $h, 'propPicDesc1');
$nameLen = strlen($propName);
$petsLen = strlen($propPets);
$pets = $propPets;
//Results go here
}
echo $query_string;
}
// End Results Display
?>
如何都是變量,比如'$ NameSrch,$ CitySrch'集?他們是否設置了或者你是否期望通過POST設置它們?因爲這不起作用。您可以通過$ _POST ['fieldName']訪問發佈的內容。另外,訪問字符串中的變量如'blablabla'。$ sName。'額外';或者如果你使用雙引號,你可以像「blablabla {$ sName} extra」那樣做。 – 2013-03-27 18:44:32
這可能是問題所在。如果你有'REGISTER_GLOBALS = ON'的設置,這個代碼可以工作,但是'REGISTER_GLOBALS = OFF'(它應該是),你必須通過'$ _POST'訪問變量 – kero 2013-03-27 18:46:27
如果像'$ NameSrch'這樣的變量被直接使用從用戶的輸入來看,你的腳本可能容易受到SQL注入的影響。 – Gumbo 2013-03-27 18:50:12