这个php搜索页有什么问题?

时间:2014-07-19 10:38:40

标签: php mysql search

我找到了一个教程,看起来它会像我一直试图做的那样没有成功。我根据我的细节调整了它并试了一下。它不起作用。当您输入搜索并点击提交时,它所做的就是回到开头。我无法看到代码有什么问题所以经过几个小时的尝试后,就在这里。你能看出出了什么问题吗?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">        

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />

<title>test</title>

</head>

<body>

<?
      if ($searching =="yes") 
   { 
    echo "<h2>Search</h2><p>"; 

     if ($find == "") 
     { 
      echo "<p>You forgot to enter a search term"; 
      exit; 
       } 

mysql_connect('localhost', 'user', 'password') or die(mysql_error()); 
 mysql_select_db("database") or die(mysql_error()); 

 $find = strtoupper($find); 
 $find = strip_tags($find); 
 $find = trim ($find); 


 $data = mysql_query("SELECT * FROM engravers WHERE upper($field) LIKE'%$find%'"); 

 while($result = mysql_fetch_array( $data )) 
 { 
 echo $result['Country']; 
 echo "<br>"; 
 echo $result['Year']; 
 echo "<br>"; 
 echo $result['Engraver1Surname']; 
 echo "<br>"; 
 echo $result['Designer1Surname']; 
 echo "<br>"; 
 echo $result['Printer']; 
 echo "<br>"; 

 echo "<br>"; 
 } 

  $anymatches=mysql_num_rows($data); 
  if ($anymatches == 0) 
  { 
  echo "Sorry, but we can not find an entry to match your query<br><br>"; 
  } 

 echo "<b>Searched For:</b> " .$find; 
 } 
 ?>
<h2>Search</h2> 
<form name="search" method="post" action="<?=$PHP_SELF?>">
Search for: <input type="text" name="find" /> in 
<Select NAME="field">
<Option VALUE="Country">Country</option>
<Option VALUE="Year">Year</option>
<Option VALUE="Engraver1Surname">Engraver</option>
<Option VALUE="Designer1Surname ">Designer</option>
<Option VALUE="Printer">Printer</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>

 </body>
 </html>

3 个答案:

答案 0 :(得分:1)

正如我的评论中所提到的,在POST之后,您需要从$_POST数组中获取变量。类似的东西:

if ($_POST['searching'] == "yes") {
    $find = $_POST['find'];
    $field = $_POST['field'];

    // etc...

答案 1 :(得分:0)

这看起来像是register_globals开启的非常旧的PHP代码。它不起作用like that anymore

使用超全球$_POST来获取变量,例如:

if ($_POST['searching'] =="yes") {
    ...
}

另外,请阅读SQL注入和how to avoid it

答案 2 :(得分:0)

您需要在begin:

上设置变量 
//set default values
$find="";
$searching="";
$field="";
If(isset($_POST['searching']) && $_POST['searching']="yes"){
    $find= mysql_real_escape_string($_POST['find']);
    $searching=mysql_real_escape_string($_POST['searching']);
    $field=mysql_real_escape_string($_POST['field']);
    ...
相关问题
最新问题