[英]PHP MySQL: Search database for string (in array) missing results
我正在創建一個功能,該功能在數據庫中搜索字符串。 PHP使用PHP驗證程序不會顯示任何錯誤,並且如果搜索詞不存在,它將返回正確的錯誤。 我的問題是,在數據庫中名為“並置”(當前是數據庫中唯一的條目)的列中搜索“急匆匆地放棄”時,沒有返回結果。 雖然我可以使用phpMyAdmin看到該條目確實存在。
用戶使用以下HTML將字符串輸入到輸入字段中:
<form action='http://www.murkyfiles.esy.es/search.php' method='GET'>
<center>
<p><label for='search'>Please enter your question as accurately as possible:</label></p>
<p><input type='search' size='90' name='search'></p>
<p><input type='submit' name='submit' value='Find answer'></p>
</center>
</form>
使用以下PHP在數據庫中搜索輸入的術語:
<?php
$button = $_GET [ 'submit' ];
$search = $_GET [ 'search' ];
$host = "[HOST URL]";
$username = "[USERNAME]";
$password = "[PASSWORD]";
$database = "[DATABASE]";
$searchlength = strlen($search);
if( !$button )
echo "You didn't submit a keyword";
else {
if( strlen( $search ) <= 1 )
echo "Search term too short";
else {
echo "You searched for <b> $search </b> <hr size='1' > </ br > ";
// Connect to database
$con = mysqli_connect ( $host, $username, $password );
if(!$con) {
die('Could not connect: ' .PDO::errorInfo());
}
mysqli_select_db ( $con, $database );
$search = str_split($search, $searchlength);
$construct = " SELECT * FROM 'coll_test' WHERE collocation LIKE '%$search%' ";
$run = mysqli_query( $con, $construct );
//Fetch and return search results.
if ($foundnum == 0)
echo "Sorry, there are no matching results for <b> $search[0] </b>.
</ br >
</ br > 1. Try presenting your Something is wrong in a more academic manner. Guidance can be found on the majority of University websites without need for registration.
</ br > 2. Try more common words/phrases with similar meaning. This search focuses on colloquialisms - commonly used phrases within a language.
</ br > 3. Please check your spelling";
else {
echo "$foundnum results found !<p>";
while ( $runrows = mysqli_fetch_assoc($run) ) {
$collocation = $runrows ['collocation'];
echo "<a href='$url'> <b> $title </b> </a> <br> $desc <br> <a href='$url'> $url </a> <p>";
}
}
}
}
我看過各種類似的問題,但沒有一個提供解決方案。
為了澄清,數據庫表的列標題如下:
搭配 | 左 | 對 | 長度 google-結果 | 結結果 | 雅虎結果 | 網址鏈接 | 維基 | 日期
到目前為止,我的數據庫中只有一個條目:
collocation = abandon hastily
left = abandon
right = NULL
length = 2
google-results = 24000000
bing-results = 386000
yahoo-results = 385000
url-link = oxforddictionary.so8848.com/search1?word=abandon
wiki = 0
date = [TIMESTAMP]
結束表格表格和列名稱的引號,而不是使用反引號,並且您的代碼已打開以供sql注入用戶prepare和bind語句阻止
$search = $_GET ['search'];// get your value
$like = "%$search%";//
$stmt = $con->prepare("SELECT `collocation`,`left`,`right` FROM `coll_test` WHERE collocation LIKE ?");
$stmt->bind_param('s', $like);
$stmt->execute();
$stmt->bind_result($collocation,$left,$right);
$rows = $stmt->num_rows;// check your query return result of not
if ($rows > 0) {
while ($stmt->fetch()) {// fetch data from query
printf ("%s (%s)\n", $collocation,$left,$right);
// fetch data form result set
}
} else {
echo "Sorry, there are no matching results for <b> $search </b>.";
}
相當重寫,帶有以下注釋:
$con = mysqli_connect ( $host, $username, $password, $database );
//$search = str_split($search, $searchlength); ///??? See below
$searchSafe = preg_replace("/[^0-9a-z-_ ]/i","",$search); //example only.
$construct = " SELECT COUNT(*) AS found FROM `coll_test`
WHERE collocation LIKE '%".$searchSafe."%' ";
$run = mysqli_query($con, $construct);
$result = mysqli_fetch_array($run);
print $result['found']." number of results found!"; //for example.
1)您可以在MySQLi連接功能中包含數據庫引用。
2) str_split
返回一個數組,但是您將結果用作字符串。 這令人困惑且不正確,您打算如何處理?
$_GET['search']
始終是字符串類型,因此您無需將其用作數組或任何基於數組的混亂對象。 3)使用外部函數手動返回number_rows
計數可能不准確, 而是在SELECT
語句中使用COUNT
。
4)您忘記返回實際查詢的結果! 因此,在上面我插入了一個mysql_fetch_array
結果以查看結果數。 您也沒有為$foundnum
變量定義值。
5)您正在將PDO與MySQLi混合,這兩種連接方法是互斥的 。 他們不混合。
6)您對SQL注入和數據庫妥協持開放態度,您需要使用Prepared Statements(如Saty所示 ),並使用preg_replace
東西(或其他REGEX解析器)從字符串中刪除無效字符,例如:
$searchSafe = preg_replace("/[^0-9a-z-%_ ]/i","",$search); //example only.
上面的意思是字符串中僅允許使用0-9或az(不區分大小寫, /i
)或-
, %
或_
。
7)表名或列名( 'coll_test'
)不應用單引號引起來,相反,它們應全部用反引號引起來。 在MySQL中單引號是只包含數據的字符串。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.