简单搜索脚本PHP - 不显示为可下载文件

时间:2014-03-11 10:30:43

标签: php mysql

我有一个简单的搜索脚本,但我搜索的是:存储在我服务器上的文件。很明显,我的ECHO声明中有一个错误 我的表单位于不同的文件中,但这不是问题。问题出在我的echo语句中,我将结果作为可下载链接包含在内。

   <?php # search.php
    // This page searches the database.

    // Set the page title and include the HTML header.
    $page_title = 'Search';
    include ('./includes/header.html');

    require_once ('./mysql_connect.php'); // Connect to the database.

    $query = $_GET['query']; 
    // gets value sent over search form

    $min_length = 3;
    // you can set minimum length of the query if you want

    if(strlen($query) >= $min_length){ // if query length is more or equal minimum length   then 

    $query = htmlspecialchars($query); 
    // changes characters used in html to their equivalents, for example: < to &gt;

    $query = mysql_real_escape_string($query);
        // makes sure nobody uses SQL injection

    $raw_results = mysql_query("SELECT * FROM uploads
            WHERE (`file_name` LIKE '%".$query."%') OR ('upload_id' LIKE '%".$query."%') OR     (`description` LIKE '%".$query."%')") or die(mysql_error());

        // * means that it selects all fields, you can also write: `id`, `title`, `text`


        // '%$query%' is what we're looking for, % means anything

        if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following

    while($results = mysql_fetch_array($raw_results)){
    // $results = mysql_fetch_array($raw_results) puts data from database into   array, while it's valid it does the loop

    echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
                // posts results gotten from database(title and text) you can also show id ($results['id'])
            }

        }
        else{ // if there is no matching rows do following
            echo "No results";
        }

    }
    else{ // if query length is less than minimum
        echo "Minimum length is ".$min_length;
    }


    mysql_close(); // Close the database connection.

    ?>

     <?php
 include ('./includes/footer.html');
     ?>

2 个答案:

答案 0 :(得分:0)

你经常覆盖$ query,最后它只是real_escape_string(real_escape_string)

也可以在while语句中使用fetch_assoc,这样你就可以只用$ row []来打印结果中的所有行。

最后。 / rant / update to mysqli mysql_ *已弃用

答案 1 :(得分:0)

我将专注于echo语法本身。

您当前的代码:

<?php
    echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
?>

不应该是这样的:

<?php
    echo "<p><h3><a href=\"download_file.php?uid=" . $results['upload_id']."\">" . $results['file_name'] . "</a></h3>" . $results['description'] . "</p>";
?>