我想制作搜索引擎。我得到了以下代码。编写代码以修剪空格,计算行和匹配结果的数量以及一点sql注入证明。所有这些属性都有效但搜索本身没有显示任何结果。我也没有收到错误报告。我一直在审查这段代码已有一段时间了,我无法找到出错的地方。 我知道这是mysql并且已弃用,但我认为它应该仍然有效。 它之所以不起作用是因为Mysql被弃用了,还是你发现我犯了错误? 希望我的问题很清楚。
指数:
<form action = "" method="POST">
<p>
<input type="Text" name="keywords" /> <input type="submit" value="Search" />
</p>
</form>
<?php
if (isset($_POST['keywords'])) {
$keywords = mysql_real_escape_string(htmlentities(trim($_POST['keywords'])));
$errors = array();
if (empty($keywords)) {
$errors[] = 'Please enter a search term';
} else if (strlen($keywords)<3) {
$errors[] = 'Your search term must be three or more characters';
} else if (search_results($keywords) === false) {
$errors[] = 'Your search for '. $keywords .' returned no results';
}
if (empty($errors)) {
echo '<p>Your search for <strong>', $keywords ,'</strong> returned <strong> </strong> results</p>';
foreach($results as $result) {
echo '<p> <strong>', $result['Categorie'],' <br> ', $result['SerieNummer'] ,' <br> ', $result['MacAdress'] ,'</a> </p>';
}
} else {
foreach($errors as $error) {
echo $error, '</br>';
}
}
}
?>
配置:
<?php
include 'db.inc.php';
function search_results($keywords) {
$returned_results = array();
$where = "";
$keywords = preg_split('/[\s]+/', $keywords);
$total_keywords = count($keywords);
foreach($keywords as $key=>$keyword) {
$where .= "`keywords` LIKE '%$keyword%'";
if ($key != ($total_keywords -1)) {
$where .= " AND ";
}
}
$results = "SELECT `calleridname`, LEFT(`calleridnum`, 70) as `calleridnum`, `callapiid` FROM `callflow` WHERE $where";
$results_num = ($results = mysql_query($results)) ? mysql_num_rows($results): 0;
if ($results_num === 0) {
return false;
} else {
while ($results_row = mysql_fetch_assoc($results)) {
$returned_results[] = array(
`calleridname` => $results_row['calleridname'],
`calleridnum` => $results_row['calleridnum'],
`callapiid` => $results_row['callapiid'],
);
}
return $returned_results;
}
}
?>
答案 0 :(得分:1)
问题是由您在此处使用单引号引起的:
'%$keyword%'
。将其更改为"%$keyword%",它会起作用!
此外
在此行中,删除最后一个,
`callapiid` => $results_row['callapiid'],