<h2>Search</h2>
<form name="search" method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="fname">First Name</option>
<Option VALUE="lname">Last Name</option>
<Option VALUE="info">Profile</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
<?php
//This is only displayed if they have submitted the form
if ($_REQUEST[searching] =="yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if ($_REQUEST[find] == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
// Otherwise we connect to our Database
mysql_connect("localhost", "admin", "password") or die(mysql_error());
mysql_select_db("oop") or die(mysql_error());
// We preform a bit of filtering
$find = strtoupper($_REQUEST[find]);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM users WHERE upper($_REQUEST[field]) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['fname'];
echo " ";
echo $result['lname'];
echo "<br>";
echo $result['info'];
echo "<br>";
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>
问题:
前端显示:
注意:使用未定义的常量搜索 - 假设'搜索' 第15行的D:\ wamp \ www \ oop \ test2.php
我知道发布表单值有问题,例如“搜索”...但我现在知道如何更正/更改。所以任何人都可以帮我纠正它?
感谢。
答案 0 :(得分:1)
第15行,
if ($_REQUEST[searching] =="yes")
应该引用“搜索”:
if ($_REQUEST['searching'] =="yes")
这也适用于您检查请求参数的其他行。
答案 1 :(得分:1)
您没有将关联数组索引指定为字符串。它应该是 $ _REQUEST [ '搜索'] 代替 $ _REQUEST [搜索] 与...相同 $ _REQUEST [发现] 稍后
答案 2 :(得分:1)
替换
if ($_REQUEST[searching] =="yes")
到
if (isset($_REQUEST['searching']) && $_REQUEST['searching'] =="yes")
答案 3 :(得分:0)
$_REQUEST[searching]应为$_REQUEST['searching']。还有,$_REQUEST[find]是什么? (它也应该在'find'周围引用)。而且...为什么$_REQUEST?具体,并使用$_POST(例如$_POST['searching'])。
并且...请,请(至少)在查询参数周围使用mysql_real_escape_string()。请参阅:http://php.net/manual/en/function.mysql-real-escape-string.php
e.g。
$data = mysql_query("SELECT * FROM users
WHERE mysql_real_escape_string(upper($_POST['field']))
LIKE'%mysql_real_escape_string($_POST['find'])%'");
真的,查询MySQL的更好方法是使用PHP数据对象并绑定您的值以增加安全性:http://php.net/manual/en/book.pdo.php
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindValue(':calories', $calories, PDO::PARAM_INT);
$sth->bindValue(':colour', $colour, PDO::PARAM_STR);
$sth->execute();
?>
还有更多内容。你需要阅读连接等等......这超出了这个答案的范围。