当我在搜索脚本中输入空格超过4次时,为什么会显示我的完整表格

时间:2013-07-30 10:52:20

标签: php search

你好我每个人都有一个简单的phpmysql搜索引擎脚本它的工作非常好但是我发现一个很大的问题就是问题是每当在搜索框中输入空格超过四次时它会显示我的表的完整数据告诉我如何解决这个问题,如果在某个字符串之后添加了两个或空格,那么也会出现此问题。

$button = $_GET ['submit'];
$search = $_GET ['search']; 
if(strlen($search)<=1)
echo "Invalid search";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","root","9889922527");
mysql_select_db("specifications");

$search_exploded = explode (" ", $search);

foreach($search_exploded as $search_each)
{
@$x++;
if($x==1)

@$construct .="keyword LIKE '%$search_each%'";
else
$construct .="AND keyword LIKE '%$search_each%'";
}

$constructs ="SELECT * FROM search WHERE $construct";
$run = mysql_query($constructs);

@$foundnum = mysql_num_rows($run);

if ($foundnum==0)
echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
else
{ 

echo "$foundnum results found !<p>";

$per_page = 20;
@$start = $_GET['start'];
$max_pages = ceil($foundnum / $per_page);
if(!$start)
$start=0; 
$getquery = mysql_query("SELECT * FROM search WHERE $construct  LIMIT $start,     $per_page");

while($runrows = mysql_fetch_assoc($getquery))
{
$image = $runrows['image'];
$name = $runrows ['name'];
$price = $runrows ['price'];
$url = $runrows ['url'];
echo "<link rel='stylesheet' href='search.css' type='text/css' />";
echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a       href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
//echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";

}

1 个答案:

答案 0 :(得分:0)

试图理解并清理你的代码(尽管在你的例子中有些if / else循环似乎是未闭合的)。添加了一些最小的转义并添加了修剪(如注释中所示)以防止选择所有数据。我还添加了限制1000(以限制查询可以最大化生成的结果数量:

$button = mysql_real_escape_string($_GET['submit']);
$search = trim(mysql_real_escape_string($_GET['search'])); 

if(strlen($search)<=1) {
  echo "Invalid search";
} else {
  echo "You searched for <b>$search</b> <hr size='1'></br>";
  mysql_connect("localhost","root","9889922527");
  mysql_select_db("specifications");

  $search_exploded = explode (" ", $search);

  $x = 0;
  $construct = null;
  foreach($search_exploded as $search_each)
  {
    $x++;
    if($x==1) {
      $construct .="keyword LIKE '%$search_each%'";
    } else {
      $construct .="AND keyword LIKE '%$search_each%'";
    }

    $constructs ="SELECT * FROM search WHERE $construct";
    $run = mysql_query($constructs);

    @$foundnum = mysql_num_rows($run);

    if ($foundnum==0) {
      echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
    } else { 
      echo "$foundnum results found !<p>";

      $per_page = 20;
      @$start = mysql_real_escape_string($_GET['start']);
      $max_pages = ceil($foundnum / $per_page);
      if(!$start) {
        $start=0; 
        $getquery = mysql_query("SELECT * FROM search WHERE $construct LIMIT $start, $per_page");

        while($runrows = mysql_fetch_assoc($getquery))
        {
          $image = $runrows['image'];
          $name = $runrows ['name'];
          $price = $runrows ['price'];
          $url = $runrows ['url'];
          echo "<link rel='stylesheet' href='search.css' type='text/css' />";
          echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a       href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
          //echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";
        }
      }
    }
  }
}
相关问题
最新问题