我正在做一个应该有PHP / MYSQL搜索页面的项目。搜索页面包含NEXT,LAST,PREVIOUS和FIRST的导航链接,这些链接不起作用。当我单击“下一步”或“最后”以在下一页上显示结果时,它会向我显示“未找到搜索词”的错误。这是我的代码:
<form name="search" method="post" action="search_ind.php">
<h4>
<font color="#FFFFFF">Seach for:
<input type="text" name="term" />
in
<select name="field">
<option value="firstname">First Name</option>
<option value="lastname">Last Name</option>
<option value="phone">Phone Number</option>
<option value="street">Street</option>
<option value="district">District</option>
<option value="region">Region</option>
</select>
<input type="submit" name="search2" value="Search" />
</font></h4>
</form>
<h1 align="center"><span class="style6"><font color="#FFFFFF">Search Results</font></span>
<p class="style1 style3"></h1>
<div align="center" class="style4">
<p class="style5">
<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "oab";
$term = $_POST['term'];
//If they did not enter a search term we give them an error
if ($term == "") {
echo "<p>You forgot to enter a search term!!! Please enter a search term and try again...";
exit;
}
// check for a search parameter
if (!isset($term)) {
echo "<p>We dont seem to have a search parameter!</p>";
exit;
}
mysql_connect($host, $username, $password);
@mysql_select_db($database) or die("Unable to select database");
if (isset($_GET['pageno'])) {
$pageno = $_GET['pageno'];
} else {
$pageno = 1;
} // if
$query = "SELECT count(*) FROM individual WHERE FName like '%$term%' OR LName like '%$term%' OR Phone1 like '%$term%' OR Phone2 like '%$term%' OR Street like '%$term%' OR District like '%$term%' OR Region like '%$term%'";
$result = mysql_query($query);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];
$rows_per_page = 10;
$lastpage = ceil($numrows / $rows_per_page);
$pageno = (int) $pageno;
if ($pageno > $lastpage) {
$pageno = $lastpage;
} // if
if ($pageno < 1) {
$pageno = 1;
} // if
$limit = 'LIMIT ' . ($pageno - 1) * $rows_per_page . ',' . $rows_per_page;
$query = "select * from individual WHERE FName like '%$term%' OR LName like '%$term%' OR Phone1 like '%$term%' OR Phone2 like '%$term%' OR Street like '%$term%' OR District like '%$term%' OR Region like '%$term%' ORDER BY LName $limit";
$result = mysql_query($query);
$num = mysql_numrows($result);
if ($pageno == 1) {
echo " FIRST PREV ";
} else {
echo " <a href='{$_SERVER['PHP_SELF']}?pageno=1'>FIRST</a> ";
$prevpage = $pageno - 1;
echo " <a href='{$_SERVER['PHP_SELF']}?pageno=$prevpage'>PREV</a> ";
} // if
echo " ( Page $pageno of $lastpage ) ";
if ($pageno == $lastpage) {
echo " NEXT LAST ";
} else {
$nextpage = $pageno + 1;
echo " <a href='{$_SERVER['PHP_SELF']}?pageno=$nextpage'>NEXT</a> ";
echo " <a href='{$_SERVER['PHP_SELF']}?pageno=$lastpage'>LAST</a> ";
} // if
// If we have no results, offer a google search as an alternative
if ($num == 0) {
echo "<h4>Results</h4>";
echo "<p>Sorry, your search for: "" . $term . "" returned zero results</p>";
// google
echo "<p><a href=\"http://www.google.com/search?q="
. $term . "\" target=\"_blank\" title=\"Look up
" . $term . " on Google\">Click here</a> to try the
search on google</p>";
}
mysql_close();
?>
</p>
</div>
<table border="1" cellspacing="2" cellpadding="2">
<tr>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">FULL NAME</font></th>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">PHONE 1</font></th>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">PHONE 2</font></th>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">PHYSICAL ADDRESS</font></th>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">POSTAL ADDRESS</font></th>
<th><font face="Arial, Helvetica, sans-serif" color="#FFFFFF">E-MAIL</font></th>
</tr>
<?php
$i = 0;
while ($i < $num) {
$f1 = mysql_result($result, $i, "Ind_Id");
$f12 = mysql_result($result, $i, "FName");
$f13 = mysql_result($result, $i, "MName");
$f2 = mysql_result($result, $i, "LName");
$f3 = mysql_result($result, $i, "Phone1");
$f4 = mysql_result($result, $i, "Phone2");
$f5 = mysql_result($result, $i, "Physical_Address");
$f6 = mysql_result($result, $i, "Postal_Address");
$f7 = mysql_result($result, $i, "Email");
$f8 = mysql_result($result, $i, "Street");
$f9 = mysql_result($result, $i, "District");
$f10 = mysql_result($result, $i, "Region");
$f11 = mysql_result($result, $i, "Country");
?>
<tr>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f2; ?></font>
<font face="Arial, Helvetica, sans-serif"><?php echo $f12; ?></font>
<font face="Arial, Helvetica, sans-serif"><?php echo $f13; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f3; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f4; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f5; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f6; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f7; ?></font></td>
</tr>
<?php
$i++;
}
?>
</table>
</body>
</html>
答案 0 :(得分:1)
这可能是因为每次用户点击下一个/上一个时,您的搜索都需要发布到您的服务器。
将$term = $_POST['term'];更改为$term = $_GET['term'];,然后每当您输出指向next / prev等的链接时,请确保将该字词添加到查询字符串中
printf("<a href='%s?pageno=%d&term=%s'>PREV</a>", $_SERVER['PHP_SELF'], $prevpage, $term);
这样,每当用户点击下一个/上一个时,该术语就会被发送到服务器。
你可能应该看看像PDO这样的库使用数据库查询,因为你真的遇到了注入攻击。
答案 1 :(得分:0)
您无法像在表单,链接中那样发布内容。您需要在每个链接的末尾使用&amp; term = $ term,并将$ term更改为$ term = $ _ REQUEST ['term'];