我的php& mysql搜索引擎中有一个错误 这是一个简单的搜索引擎,但我决定通过在结果中添加所需产品的图像来升级此搜索引擎,所以我遇到的问题是, 第一个产品的图像将是所有其他产品的图片。
此处为代码:
<?php
include ('Connections/connect.php');
// collect
if (isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);
$query = mysql_query("SELECT * FROM tProduct WHERE sProduct LIKE '%$searchq%' OR sSearch LIKE '%$searchq%' OR sSort LIKE '%$searchq%'") or die("La Recherche est impossible");
$count = mysql_num_rows($query);
$result = mysql_query("SELECT * FROM tProduct WHERE sProduct LIKE '%$searchq%' OR sSearch LIKE '%$searchq%' OR sSort LIKE '%$searchq%'");
/*Afichage de L'image*/
$results = mysql_query("SELECT * FROM tProduct WHERE sProduct='$product'");
$row = mysql_fetch_row($result);
foreach($row as $results) {
$nom = $row[6];
}
$dir = "images/";
if ($row[6] == 0) {
$image_r = "images/none.png";
}
if ($row[6] != 0) {
if (file_exists($dir . $nom . ".JPEG")) {
$image_r.= $dir . $nom . ".JPEG";
}
else
if (file_exists($dir . $nom . ".jpg")) {
$image_r.= $dir . $nom . ".jpg";
}
else
if (file_exists($dir . $nom . ".jpeg")) {
$image_r.= $dir . $nom . ".jpeg";
}
}
if ($count == 0) {
$output = "Aucun Résultat Pour Cette Recherche!";
}
else {
while ($row = mysql_fetch_array($query)) {
$sProduct = $row['sProduct'];
$output.= '<div><ul><li><a target="_blanc" href="product.php?product=' . $sProduct . '" title="' . $sProduct . '"><img src="' . $image_r . '">' . $sProduct . '</a></li></ul></div>';
}
}
}
这里是所有源代码,希望我找到一些帮助!
感谢stackexchange的所有成员。
答案 0 :(得分:2)
您的代码容易受到SQL-injection的攻击。请使用以下内容:
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);
$escapedSearchQ = mysql_real_escape( $searchq );
$query = mysql_query( "SELECT * "
. " FROM tProduct "
. " WHERE sProduct LIKE '%" . $escapedSearchQ . "%' "
. " OR sSearch LIKE '%" . $escapedSearchQ . "%' "
. " OR sSort LIKE '%" . $escapedSearchQ . "%' "
)
or die("La Recherche est impossible")
;
答案 1 :(得分:1)
您正在循环外处理图像语句。摆脱第一个循环并将所有图像处理移动到第二个循环中。附件样本:
if (isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);
$query = mysql_query("SELECT * FROM tProduct WHERE sProduct LIKE '%$searchq%' OR sSearch LIKE '%$searchq%' OR sSort LIKE '%$searchq%'") or die("La Recherche est impossible");
$count = mysql_num_rows($query);
$result = mysql_query("SELECT * FROM tProduct WHERE sProduct LIKE '%$searchq%' OR sSearch LIKE '%$searchq%' OR sSort LIKE '%$searchq%'");
/*Afichage de L'image*/
$results = mysql_query("SELECT * FROM tProduct WHERE sProduct='$product'");
// this query looks redundant. your search query should include an image since you're selecting all from that table in both cases
$dir = "images/";
if ($count == 0) {
$output = "Aucun Résultat Pour Cette Recherche!";
}
else
{
while ($row = mysql_fetch_array($query)) {
$image_r = "images/none.png";
if ($row[6] != 0) {
$nom = $row[6];
if (file_exists($dir . $nom . ".JPEG")) {
$image_r = $dir . $nom . ".JPEG";
}
else
if (file_exists($dir . $nom . ".jpg")) {
$image_r = $dir . $nom . ".jpg";
}
else
if (file_exists($dir . $nom . ".jpeg")) {
$image_r = $dir . $nom . ".jpeg";
}
}
$sProduct = $row['sProduct'];
$output.= '<div><ul><li><a target="_blanc" href="product.php?product=' . $sProduct . '" title="' . $sProduct . '"><img src="' . $image_r . '">' . $sProduct . '</a></li></ul></div>';
}
}
}
此外,不推荐使用mysql_functions。您应该切换到PDO或MySQLi。