我将网站上传到我的 IPage帐户时,无法显示保存在数据库中的产品。它在我的本地计算机上工作正常,它表示它已连接到数据库,但它没有显示产品。 我知道数据库和表中存在相关数据。
这是的链接:
http://wisconsindairyfarmers.com/Design1/search.php?search=sweets
代码:
$db = new mysqli('****', '****', '*****', '****');
// this is in the connect file
$search = $_GET['search'];
require 'db/connect.php';
$result = $db->query("SELECT * FROM products WHERE ProductSearch = '$search'");
if($result->num_rows){
echo '<table border="0" cellspacing="0" style="width:100%;">';
echo '<tr><td></td><td><u>Product Name</u></td><td><u>Price</u></td><td><u>Wisconsin Artisans</u></td></tr>';
while($row = $result->fetch_assoc()){
$ProductId = $row['ProductId'];
$ProductImage = $row['ProductImage'];
$ProductName = $row['ProductName'];
$ProductPrice = $row['ProductPrice'];
echo '<tr>';
echo '<td><a href="productpage.php?productid=' . $row['ProductId'] . '"><img height="80px" width="80px" src="' . $row['ProductImage'] . '"/></a></td>';
echo '<td><a id="productlink" href="productpage.php?productid=' . $row['ProductId'] . '">' . $row['ProductName'] . '</a></td>';
echo '<td> $' . $row['ProductPrice'] . '</td>';
echo '<td> ' . $row['ProductVendor'] . '</td>';
//echo '<td><input type=button onClick="location.href=\'cart.php?ProductId=', $ProductId, '&ProductName=', urlencode($ProductName), '&ProductPrice=', $ProductPrice, '&ProductQty=1\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
echo '<td><input type=button onClick="location.href=\'productpage.php?productid=' . $ProductId . '\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
}
echo '</table>';
$result->free();
}
else{
echo '<h3 style="color:black;">No products here just yet, but there will be soon!</h3>';
}
答案 0 :(得分:0)
我不知道这个问题是否已经得到解答/解决,但您的代码应该是这样的:
$db = new mysqli('****', '****', '*****', '****');
// this is in the connect file
$search = mysqli_real_escape_string($_GET['search']);
require 'db/connect.php';
$result = $db->query("SELECT * FROM products WHERE ProductSearch = '".$search."'");
if($result->num_rows > 0){
echo '<table border="0" cellspacing="0" style="width:100%;">';
echo '<tr><td></td><td><u>Product Name</u></td><td><u>Price</u></td><td><u>Wisconsin Artisans</u></td></tr>';
foreach($result->rows as $product){
$ProductId = $product['ProductId'];
$ProductImage = $product['ProductImage'];
$ProductName = $product['ProductName'];
$ProductPrice = $product['ProductPrice'];
echo '<tr>';
echo '<td><a href="productpage.php?productid=' . $product['ProductId'] . '"><img height="80px" width="80px" src="' . $product['ProductImage'] . '"/></a></td>';
echo '<td><a id="productlink" href="productpage.php?productid=' . $product['ProductId'] . '">' . $product['ProductName'] . '</a></td>';
echo '<td> $' . $product['ProductPrice'] . '</td>';
echo '<td> ' . $product['ProductVendor'] . '</td>';
//echo '<td><input type=button onClick="location.href=\'cart.php?ProductId=', $ProductId, '&ProductName=', urlencode($ProductName), '&ProductPrice=', $ProductPrice, '&ProductQty=1\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
echo '<td><input type=button onClick="location.href=\'productpage.php?productid=' . $ProductId . '\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
}
echo '</table>';
} else {
echo '<h3 style="color:black;">No products here just yet, but there will be soon!</h3>';
}
mysqli_real_escape_string($_GET['search'])
is used to escape characters which can be used for sql injections.