我正在尝试使用以下代码制作一个 php 搜索框,但是当我按下提交时,它会在 wallname 中显示所有三个条目,而不是与搜索相关的条目。php:if (isset($_POST['submit-search'])){ $searchq= $_POST['search-input']; $query = mysqli_query($conn, "SELECT wallname FROM walldb WHERE wallname LIKE '%$searchq%'"); $result= mysqli_num_rows($query); if ($result = 0){ echo "error search"; } else{ while($row = mysqli_fetch_assoc($query)){ $name = $row['wallname']; $output = '<div>'.$name.'</div>'; print ("$output"); } }}html: <form action= "" method= "post"> <button type= "submit" name="submit-search">Search</button> <input id="search" name="search-input" type="text" placeholder="Search By Name" autocomplete="off"><a href="#"><img id="cancle" src="/images/cancle.png"></a> </form>在搜索框中输入内容并按搜索后的结果:win7-haystackwin10-icelandwin10-road
1 回答
波斯汪
TA贡献1811条经验 获得超4个赞
由于有很多关于使用prepared statements和PDO的评论,下面给出一个使用PDO的解决方案:
在此处阅读有关 PDO的更多信息
$dsn = "mysql:host=YOUR_MYSQL_HOST;dbname=YOUR_DATABASE_NAME;charset=utf8mb4";
$options = [
PDO::ATTR_EMULATE_PREPARES => false, // turn off emulation mode for "real" prepared statements
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, //turn on errors in the form of exceptions
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, //make the default fetch be an associative array
];
try {
$pdo = new PDO($dsn, "username", "password", $options);
} catch (Exception $e) {
error_log($e->getMessage());
exit('Could not connect to the database.');
}
$arr = [];
$searchq = "%{$_POST['search-input']}%";
$stmt = $pdo->prepare("SELECT wallname FROM walldb WHERE wallname LIKE ?");
$stmt->execute([$searchq]);
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$arr[] = $row;
}
if(!$arr) exit('No results found');
print_r($arr);
额外阅读:一篇关于使用 PDO 防止 SQL 注入的文章
- 1 回答
- 0 关注
- 137 浏览
添加回答
举报
0/150
提交
取消