请查看我网站上的这个搜索模型:
链接已过期
搜索没有返回任何结果,也没有显示错误消息,这是为什么?
我已经取出了我的个人信息,即。主机/用户名/密码
HTML:
<h2>Search</h2>
<form name="search" method="post" action="<?=$PHP_SELF?>">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="fname">First Name</option>
<Option VALUE="lname">Last Name</option>
<Option VALUE="info">Profile</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
PHP:
<?php
//This is only displayed if they have submitted the form
if ($searching =="yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
// Otherwise we connect to our Database
mysql_connect("MYHOST", "MYUSERNAME", "MYPASSWORD") or die(mysql_error());
mysql_select_db("MYDATABSENAME") or die(mysql_error());
// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['fname'];
echo " ";
echo $result['lname'];
echo "<br>";
echo $result['info'];
echo "<br>";
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives
them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>
谢谢!
妈妈
最佳答案
您假设服务器正在使用 register_globals ,这是一件非常可怕的事情。您应该改为执行类似 if ($_POST['searching'] =="yes")
的操作。这可能也是什么都没有发生的原因。
docs说
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
您的代码也极易受到 SQL injection 的攻击,您可以使用 mysql_real_escape_string 修复.
你的查询应该是这样的
$data = mysql_query("SELECT * FROM users WHERE upper(".mysql_real_escape_string($field).") LIKE'%".mysql_real_escape_string($find)."%'");
关于php - 为什么我的 php 脚本不返回结果?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8326244/