我有一个搜索表单,可以从数据库中搜索属性列表。在它工作正常之前,我能够显示搜索结果然后突然间它才显示出来。有没有我做错了。
这是代码
<?php
require 'core/init.php';
////////////using mysqli to connect with database
$mysqli = new mysqli("localhost","root","", "test");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
///////////set search variables
$property = $_POST['property'];
$bedroom = $_POST['BedroomNumber'];
$bathroom = $_POST['BathroomNumber'];
$priceMin = $_POST['PriceMin'];
$priceMax = $_POST['PriceMax'];
$termlease = $_POST['TermLease'];
//////////search
if(isset($_POST['utilities']) && is_array($_POST['utilities'])) {
foreach($_POST['utilities'] as $check) {
//echoes the value set in the HTML form for each checked checkbox.
//so, if I were to check 1, 3, and 5 it would echo value 1, value 3, value 5.
//in your case, it would echo whatever $row['Report ID'] is equivalent to.
}
}
$sql = $mysqli->query("select * from propertyinfo where Property like '%$property%' and NumBed like '%$bedroom%' and NumBath like '%$bathroom%' and Price >= '$priceMin' and Price <= '$priceMax' and utilities like '%$check%' and TermLease like '%$termlease%'");
if($sql === FALSE) {
die(mysql_error()); // TODO: better error handling
}
?>
显示结果的部分
<?php
if($sql->num_rows){
while ($row = $sql->fetch_array(MYSQLI_ASSOC)){
echo '<div id="listing">
<div id="propertyImage">
<img src="uploadimages/'.$row['imageName1'].'" width="200" height="150" alt=""/>
</div>
<div id="basicInfo">
<h2>$'.$row['Price'].'</h2>
<p style="font-size: 18px;"># '.$row['StreetAddress'].', '.$row['City'].', BC</p>
<p>'.$row['NumBed'].' Bedrooms | '.$row['NumBath'].' Bathrooms | '.$row['Property'].'</p>
<br>
<p><a href="outputtest2.php?record_id='.$row['ID'].'" class="link2" target="_blank">View Full Details</a> | <a href="" class="link2">Get Directions</a>
</div>
</div>';
}
}
else
{
echo '<h2>0 Search Results</h2>';
}
?>
由于
答案 0 :(得分:0)
因此,要清楚,您会看到“0搜索结果”? 日志或输出中是否有错误?你有没有尝试过echo()你的SQL语句:
echo "select * from propertyinfo where Property like '%$property%' and NumBed like '%$bedroom%' and NumBath like '%$bathroom%' and Price >= '$priceMin' and Price <= '$priceMax' and utilities like '%$check%' and TermLease like '%$termlease%'"
...然后将该SQL语句直接粘贴到CLI中。
除了您的SQL受到SQL注入攻击之外,您可能会发现输入中有一些杂散字符会导致SQL语句出现问题。