堆栈内存溢出
  简体   繁体   English

使用下拉搜索时出错-MySQL / PHP

[英]Error when using a dropdown search - mySQL/php

 原文  2015-02-06 15:48:24       php/ mysql

问题描述

When trying to incorporate a dropdown option in mySQL search, I keep getting this error: Warning: in_array() expects parameter 2 to be array, boolean given on line 24 当尝试在MySQL搜索中合并下拉选项时,我不断收到此错误:警告:in_array()期望参数2为数组,在第24行给出布尔值

Can anyone help? 有人可以帮忙吗? Thank you so much! 非常感谢!

Search page: 搜索页面: 

<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>

<?php include("../includes/header-home.php"); ?>
<div class="container">
  <div class="col=md-12">
    <p><strong>Search:</strong></p>
   <form name="form1" method="post" action="search_results.php">
    <p><input name="search" type="text" size="40" maxlength="50"/></p>
    <p><strong>Type:</strong></p>
     <input type="checkbox" name="type[]" value="1"> Medalist</p>
<select name="medal[]">
<option value="1">Medal 1</option>
<option value="2">Medal 2</option>
<option value="3">Medal 3</option>
<option value="4">Medal 4</option>
<option value="5">Medal 5</option>
<option value="6">Medal 6</option>
<option value="7">Medal 7</option>
<option value="8">Medal 8</option>
</select>

<p><strong>Year:</strong></p>
     <p><input name="search" type="text" size="40" maxlength="50"/></p>
 <p><input type="submit" name="submit" value="Search" /></p>
</form>
    </div></div>
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/footer.php");?>

Search Results page: 搜索结果页面: 

<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>

<?php
if (!isset ($_POST['search'])) {
    header("Location:admin.php");
}

$search_sqli="SELECT * FROM profiles WHERE 
    (first_name LIKE '%".$_POST ['search']."%' 
    OR last_name LIKE '%".$_POST ['search']."%' 
    OR first_name2 LIKE '%".$_POST ['search']."%' 
    OR last_name2 LIKE '%".$_POST ['search']."%' 
    OR last_name2 LIKE '%".$_POST ['search']."%' 
    OR city LIKE '%".$_POST ['search']."%' 
    OR agency LIKE '%".$_POST ['search']."%' 
    OR subcomponent LIKE '%".$_POST ['search']."%' 
    OR team_name LIKE '%".$_POST ['search']."%' 
    OR achievement LIKE '%".$_POST ['search']."%' 
    OR profile LIKE '%".$_POST ['search']."%'
        OR year LIKE '%".$_POST ['search']."%')" 
. (isset($_POST['type']) && in_array('1', $_POST['type']) ? " AND medalist='1'" : "")
. (isset($_POST['medal']) && in_array('1', (int)$_POST['medal'] > 0) ? " AND medal='".(int)$_POST['medal']."'" : "");


$search_query=mysqli_query($connection, $search_sqli);
if (mysqli_num_rows($search_query) !=0)  {
$search_rs=mysqli_fetch_assoc($search_query);
}

?>

<?php include("../includes/header-home.php"); ?>
<div class="container">
  <div class="col=md-12">
     <p>Search:</p>
    <form name="form1" method="post" action="search_results.php">
    <input name="search" type="text" size="40" maxlength="50"/>
    <input type="submit" name="submit" value="Search" />

    </form>
   <br />
    <p><strong>Search Results:</strong></p>
  <?php if (mysqli_num_rows($search_query) !=0) {
     do  {
         ?>
    <p><ul>
    <li><a href="view_profile.php?profile=<?php echo urlencode($search_rs["id"]); ?>"><?php echo $search_rs['first_name']; ?> <?php echo $search_rs['last_name']; ?> <?php echo $search_rs['first_name2']; ?> <?php echo $search_rs['last_name2']; ?></a></li></ul></p>     

<?php } while ($search_rs=mysqli_fetch_assoc($search_query));

  } else {
      echo "No results found";
  }
  ?>
  <br />    
  <p> <a class="btn btn-default" href="search.php" role="button">Back to search</a></p>
    </div></div>

<?php include($_SERVER['DOCUMENT_ROOT']."/includes/footer.php");?>

2 个解决方案

解决方案1
 0  2015-02-06 16:05:18

The quick fix is to make the following change : 快速解决方案是进行以下更改: 

(isset($_POST['medal']) && is_array($_POST['medal']) && in_array('1', $_POST['medal']) === true)

As suggested, you should read up on how to process and filter user input data and persist it to the DB. 如建议的那样,您应该阅读有关如何处理和过滤用户输入数据并将其持久保存到数据库的信息。

解决方案2
 0 已采纳  2015-02-06 16:34:50

Here: in_array('1', $_POST['type']) 此处: in_array('1', $_POST['type'])

the second argument you are passing to in_array isn't an array. 您要传递给in_array的第二个参数不是数组。 It's whatever value you have posted as 'type', and you do something similar in the second instance. 无论您发布为“ type”的值是什么,在第二个实例中都可以执行类似的操作。 I believe that you could replace the two lines using in_array with: 我相信您可以使用in_array将以下两行替换为: 

. (isset($_POST['type']) && $_POST['type']=='1' ? " AND medalist='1'" : "")
. (isset($_POST['medal']) && (int)$_POST['medal'] > 0 ? " AND medal='".(int)$_POST['medal']."'" : "");

I would also suggest rewriting the first part of your code: 我还建议重写代码的第一部分: 

<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>

<?php
if (!isset ($_POST['search'])) {
    header("Location:admin.php");
}

to avoid the repeated tags, and also to preprocess those variables, to make your code a little easier to read and maintain. 避免重复的标签,并预处理这些变量,以使您的代码更易于阅读和维护。 I would also suggest limiting the type of $_POST['medal'] to int to avoid the cast, but it may not be possible in your case. 我还建议将$ _POST ['medal']的类型限制为int以避免转换,但是在您的情况下可能无法实现。 

<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>

<?php
if (!isset ($_POST['search'])) {
    header("Location:admin.php");
}

$search_sqli="SELECT * FROM profiles WHERE     
    (first_name LIKE '%".$_POST ['search']."%' 
    OR last_name LIKE '%".$_POST ['search']."%' 
    OR first_name2 LIKE '%".$_POST ['search']."%' 
    OR last_name2 LIKE '%".$_POST ['search']."%' 
    OR last_name2 LIKE '%".$_POST ['search']."%' 
    OR city LIKE '%".$_POST ['search']."%' 
    OR agency LIKE '%".$_POST ['search']."%' 
    OR subcomponent LIKE '%".$_POST ['search']."%' 
    OR team_name LIKE '%".$_POST ['search']."%' 
    OR achievement LIKE '%".$_POST ['search']."%' 
    OR profile LIKE '%".$_POST ['search']."%'
        OR year LIKE '%".$_POST ['search']."%')" 
. (isset($_POST['type']) && in_array('1', $_POST['type']) ? " AND medalist='1'" : "")
. (isset($_POST['medal']) && in_array('1', (int)$_POST['medal'] > 0) ? " AND medal='".(int)$_POST['medal']."'" : "");


$search_query=mysqli_query($connection, $search_sqli);
if (mysqli_num_rows($search_query) !=0)  {
$search_rs=mysqli_fetch_assoc($search_query);
}

?>

<?php include("../includes/header-home.php"); ?>

would become: 会成为: 

<?php   require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");
        require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");
        require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");

        if (!isset ($_POST['search'])) { header("Location:admin.php"); }

        $search = $_POST['search'];
        $type    = (isset($_POST['type'])   ? "AND medalist = '1'" : "";
        $medal  = (isset($_POST['medal']) ? "AND medal = '{$_POST['medal']}' : "";


        $search_sqli = "
            SELECT * FROM profiles WHERE (
                    first_name      LIKE '%{$search}%' 
                OR  last_name       LIKE '%{$search}%' 
                OR  first_name2     LIKE '%{$search}%' 
                OR  last_name2      LIKE '%{$search}%' 
                OR  last_name2      LIKE '%{$search}%' 
                OR  city            LIKE '%{$search}%' 
                OR  agency          LIKE '%{$search}%' 
                OR  subcomponent    LIKE '%{$search}%' 
                OR  team_name       LIKE '%{$search}%' 
                OR  achievement     LIKE '%{$search}%' 
                OR  profile         LIKE '%{$search}%'
                OR  year            LIKE '%{$search}%'
            )
            {type}
            {$medal}
        ";

        $search_query = mysqli_query($connection, $search_sqli);
        if (mysqli_num_rows($search_query) !=0)  {
            $search_rs=mysqli_fetch_assoc($search_query);
        }

        include("../includes/header-home.php");

?>

I think you'll find that will be easier to read and maintain. 我认为您会发现它更易于阅读和维护。 This should work, but I have not tested it live. 这应该可以,但是我还没有进行实时测试。 If you have any issues I'd be happy to help with them. 如果您有任何问题,我们很乐意为您提供帮助。 Do pay attention to the advice in the comment on your question. 请注意有关您的问题的评论中的建议。 SQL injection is a real danger, and anyone could easily access your database if this is an internet accessible page. SQL注入是一个真正的危险,如果这是可访问Internet的页面,则任何人都可以轻松访问您的数据库。 Even if it's internally facing, it wouldn't stop a malicious user from deleting your entire database, or inserting unvalidated data, or viewing any sensitive data you might have in the database. 即使内部存在,也不会阻止恶意用户删除您的整个数据库,插入未验证的数据或查看数据库中可能包含的任何敏感数据。 As your code stands, I would have free access to your data. 按照您的代码立场,我将可以自由访问您的数据。 mysqli does support several ways of stopping the injection. mysqli支持几种停止注入的方式。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用搜索PHP MySQL下拉列表 - How To Dropdown with search Php mysql PHP:使用多个选择下拉列表搜索mysql数据库? - PHP: Search mysql database using multiple select dropdown lists? 使用PHP和MySQL中的下拉列表的多个搜索值 - Multiple search value using dropdown list in PHP and MySQL 使用mySQL和PHP创建第4个AJAX填充下拉菜单时,我的错误是什么? - What is my error when creating 4th AJAX populated dropdown using mySQL and PHP? 在mysql中使用搜索文本索引时出错 - Error when using search text index in mysql MySQL数据库填充下拉框和PHP搜索 - MySQL database populated dropdown box and PHP search PHP搜索带有下拉框的MySQL表 - PHP search MySQL table with dropdown box 使用mysql和php搜索 - search using mysql and php 使用PHP进行MySQL搜索 - MySQL search using PHP 使用PHP和MySQL填充下拉列表 - Using PHP & MySQL to populate dropdown
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM