<?php include "connect.php"; ?> <br /> <br />
<form action="" method="get">
Search: <input type="text" name="search">
<input type="submit">
</form>
<?php
$get = mysqli_query($connect,"SELECT * FROM $table WHERE NAME = echo $_GET['search']");
while($row = mysqli_fetch_array($get)) {
echo $row['NAME']." ".$row['INFO'];
}
?>
我试图做的是,一旦用户在搜索栏中输入名称并提交它我想要搜索到数据库...我已经尝试过所有内容所以请告诉我一种方法。
答案 0 :(得分:3)
尝试
$get = mysqli_query($connect,"SELECT * FROM TableName WHERE Name LIKE '%" . $_GET['search'] . "%'");
的 BUT !!!! 的
我建议使用此方法:
$mysqli = new mysqli(<ServerAddress>,<DatabaseName>,<Password>,<UserName>)
$stmt = $mysqli->prepare("SELECT col1, col2, col3 FROM TableName WHERE Name LIKE") or die($mysqli->error);
$stmt->bind_params('s', "%" . $_GET['search'] . "%");
$stmt->execute() or die ($mysqli->error);
$stmt->bind_result($Col1, $Col2, $Col3);
while($stmt->fetch()):
...
endwhile;
这里的代码显然还有很多,但最终它更安全。这也将列绑定到PHP变量,允许您自由使用它们。
答案 1 :(得分:0)
如果您使用$ _GET,则应将$ _GET ['search']设置为等于变量,而不是在查询中使用“echo”。但是,我不会通过带有$ _GET的URL传递搜索,因为它不太安全。尝试将表单方法更改为“post:”
<form action="search.php" method="post">
<label for="name">Search</label>
<input type="text" name="name">
<input type="submit">
</form>
然后后端的“search.php”文件看起来像这样:
<?php
$name = mysql_real_escape_string(strtolower($_POST['name']));
$query = "SELECT * FROM $table WHERE name LIKE '%$name%'";
$run = mysql_query($query);
$result = mysql_fetch_array($run);
foreach($item as $result){
//echo the results how you will
}
?>