[英]PHP MySQL: Search database for string (in array) missing results
我正在创建一个功能,该功能在数据库中搜索字符串。 PHP使用PHP验证程序不会显示任何错误,并且如果搜索词不存在,它将返回正确的错误。 我的问题是,在数据库中名为“并置”(当前是数据库中唯一的条目)的列中搜索“急匆匆地放弃”时,没有返回结果。 虽然我可以使用phpMyAdmin看到该条目确实存在。
用户使用以下HTML将字符串输入到输入字段中:
<form action='http://www.murkyfiles.esy.es/search.php' method='GET'>
<center>
<p><label for='search'>Please enter your question as accurately as possible:</label></p>
<p><input type='search' size='90' name='search'></p>
<p><input type='submit' name='submit' value='Find answer'></p>
</center>
</form>
使用以下PHP在数据库中搜索输入的术语:
<?php
$button = $_GET [ 'submit' ];
$search = $_GET [ 'search' ];
$host = "[HOST URL]";
$username = "[USERNAME]";
$password = "[PASSWORD]";
$database = "[DATABASE]";
$searchlength = strlen($search);
if( !$button )
echo "You didn't submit a keyword";
else {
if( strlen( $search ) <= 1 )
echo "Search term too short";
else {
echo "You searched for <b> $search </b> <hr size='1' > </ br > ";
// Connect to database
$con = mysqli_connect ( $host, $username, $password );
if(!$con) {
die('Could not connect: ' .PDO::errorInfo());
}
mysqli_select_db ( $con, $database );
$search = str_split($search, $searchlength);
$construct = " SELECT * FROM 'coll_test' WHERE collocation LIKE '%$search%' ";
$run = mysqli_query( $con, $construct );
//Fetch and return search results.
if ($foundnum == 0)
echo "Sorry, there are no matching results for <b> $search[0] </b>.
</ br >
</ br > 1. Try presenting your Something is wrong in a more academic manner. Guidance can be found on the majority of University websites without need for registration.
</ br > 2. Try more common words/phrases with similar meaning. This search focuses on colloquialisms - commonly used phrases within a language.
</ br > 3. Please check your spelling";
else {
echo "$foundnum results found !<p>";
while ( $runrows = mysqli_fetch_assoc($run) ) {
$collocation = $runrows ['collocation'];
echo "<a href='$url'> <b> $title </b> </a> <br> $desc <br> <a href='$url'> $url </a> <p>";
}
}
}
}
我看过各种类似的问题,但没有一个提供解决方案。
为了澄清,数据库表的列标题如下:
搭配 | 左 | 对 | 长度 google-结果 | 结结果 | 雅虎结果 | 网址链接 | 维基 | 日期
到目前为止,我的数据库中只有一个条目:
collocation = abandon hastily
left = abandon
right = NULL
length = 2
google-results = 24000000
bing-results = 386000
yahoo-results = 385000
url-link = oxforddictionary.so8848.com/search1?word=abandon
wiki = 0
date = [TIMESTAMP]
结束表格表格和列名称的引号,而不是使用反引号,并且您的代码已打开以供sql注入用户prepare和bind语句阻止
$search = $_GET ['search'];// get your value
$like = "%$search%";//
$stmt = $con->prepare("SELECT `collocation`,`left`,`right` FROM `coll_test` WHERE collocation LIKE ?");
$stmt->bind_param('s', $like);
$stmt->execute();
$stmt->bind_result($collocation,$left,$right);
$rows = $stmt->num_rows;// check your query return result of not
if ($rows > 0) {
while ($stmt->fetch()) {// fetch data from query
printf ("%s (%s)\n", $collocation,$left,$right);
// fetch data form result set
}
} else {
echo "Sorry, there are no matching results for <b> $search </b>.";
}
相当重写,带有以下注释:
$con = mysqli_connect ( $host, $username, $password, $database );
//$search = str_split($search, $searchlength); ///??? See below
$searchSafe = preg_replace("/[^0-9a-z-_ ]/i","",$search); //example only.
$construct = " SELECT COUNT(*) AS found FROM `coll_test`
WHERE collocation LIKE '%".$searchSafe."%' ";
$run = mysqli_query($con, $construct);
$result = mysqli_fetch_array($run);
print $result['found']." number of results found!"; //for example.
1)您可以在MySQLi连接功能中包含数据库引用。
2) str_split
返回一个数组,但是您将结果用作字符串。 这令人困惑且不正确,您打算如何处理?
$_GET['search']
始终是字符串类型,因此您无需将其用作数组或任何基于数组的混乱对象。 3)使用外部函数手动返回number_rows
计数可能不准确, 而是在SELECT
语句中使用COUNT
。
4)您忘记返回实际查询的结果! 因此,在上面我插入了一个mysql_fetch_array
结果以查看结果数。 您也没有为$foundnum
变量定义值。
5)您正在将PDO与MySQLi混合,这两种连接方法是互斥的 。 他们不混合。
6)您对SQL注入和数据库妥协持开放态度,您需要使用Prepared Statements(如Saty所示 ),并使用preg_replace
东西(或其他REGEX解析器)从字符串中删除无效字符,例如:
$searchSafe = preg_replace("/[^0-9a-z-%_ ]/i","",$search); //example only.
上面的意思是字符串中仅允许使用0-9或az(不区分大小写, /i
)或-
, %
或_
。
7)表名或列名( 'coll_test'
)不应用单引号引起来,相反,它们应全部用反引号引起来。 在MySQL中单引号是只包含数据的字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.