stackoom
  简体   繁体   中英

Why won't my php script return results?

 原文  2011-11-30 12:52:09       php/ mysql/ forms

Question

Please check out this mock up of a search on my site:

LINK EXPIRED

The search doesn't return any results and no error messages are shown, why is this?

I have taken out my person information ie. host/username/password 

HTML:
  <h2>Search</h2> 
  <form name="search" method="post" action="<?=$PHP_SELF?>">
  Seach for: <input type="text" name="find" /> in 
  <Select NAME="field">
  <Option VALUE="fname">First Name</option>
  <Option VALUE="lname">Last Name</option>
  <Option VALUE="info">Profile</option>
  </Select>
  <input type="hidden" name="searching" value="yes" />
  <input type="submit" name="search" value="Search" />
  </form>

php: 

<?php
//This is only displayed if they have submitted the form 
if ($searching =="yes") 
{ 
echo "<h2>Results</h2><p>"; 

//If they did not enter a search term we give them an error 
if ($find == "") 
{ 
echo "<p>You forgot to enter a search term"; 
exit; 
} 

// Otherwise we connect to our Database 
mysql_connect("MYHOST", "MYUSERNAME", "MYPASSWORD") or die(mysql_error()); 
mysql_select_db("MYDATABSENAME") or die(mysql_error()); 

// We preform a bit of filtering 
$find = strtoupper($find); 
$find = strip_tags($find); 
$find = trim ($find); 

//Now we search for our search term, in the field the user specified 
$data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'"); 

//And we display the results 
while($result = mysql_fetch_array( $data )) 
{ 
echo $result['fname']; 
echo " "; 
echo $result['lname']; 
echo "<br>"; 
echo $result['info']; 
echo "<br>"; 
echo "<br>"; 
} 

//This counts the number or results - and if there wasn't any it gives
them a little    message explaining that 
$anymatches=mysql_num_rows($data); 
if ($anymatches == 0) 
{ 
echo "Sorry, but we can not find an entry to match your query<br><br>"; 
} 

//And we remind them what they searched for 
echo "<b>Searched For:</b> " .$find; 
} 
?>

Thanks!

Jmames

2 answers

solution1
 6  2011-11-30 12:53:52

You are assuming the server is using register_globals , which is a terrible terrible thing. You should do something like if ($_POST['searching'] =="yes") instead. This is probaly also why nothing happens.

The docs says

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

Your code is also extremely vulnerable to SQL injection , which you can fix with mysql_real_escape_string .

Your query should look like this 

$data = mysql_query("SELECT * FROM users WHERE upper(".mysql_real_escape_string($field).") LIKE'%".mysql_real_escape_string($find)."%'");

solution2
 1  2011-11-30 12:57:55

Did you write: 

$searching = $_POST['searching'];

Before: 

if ($searching =="yes")

?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why won't my file upload with my PHP upload script? Why won't my SQL results get printed in PHP site? Why won't the results of my form POST to another .php? Why won't my PHP return a MySQL stored procedure? Why won't my PHP cron script play sound? Why won't cron execute my PHP script correctly? Why won't this PHP Email Script send to my Yahoo email? Why won't mysql query with my php script? Why Won't My PHP Script Send Email? PHP curl won't return proper results
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM