我试图在我的网站上创建搜索选项,但没有显示任何内容。我是初学者

时间:2015-09-26 16:10:03

标签: php html sql search

这是搜索选项

标题中的html代码 
<div class="nav search-row" id="top_menu">
            <!--  search form start -->
            <ul class="nav top-menu">                    
                <li>
                    <form class="navbar-form">
                    <a href="search.php">
                        <input class="form-control" placeholder="Search" type="text">
                        </a>
                    </form>
                </li>                    
            </ul>
            <!--  search form end -->                
        </div>

这是我的search.php页面。功能/代码在哪里。我不知道我哪里出错了,或者这就是搜索代码的工作方式。我根据在搜索输入中输入的内容从数据库中检索数据

<?php
        include("head.php");
        global $conn;
        $search = $_POST['search'];
             if ($stmt = $conn->prepare("SELECT gig_id, user_id, category_id, description, price, img, deliverytime, created_at, updated_at, language from advertisement WHERE description = 'search' ")) 
                {
                  $result = $stmt->execute();
                 $stmt->bind_result($gig_id, $user_id, $category_id, $description, $price, $img, $deliverytime, $created_at, $updated_at, $language);
                while ($stmt->fetch()) 
                  {
                    $rows[] = array('gig_id' => $gig_id, 'user_id' => $user_id, 'category_id' => $category_id, 'description' => $description, 'price' => $price, 'img' => $img, 'deliverytime' => $deliverytime, 'created_at' => $created_at, 'updated_at' => $updated_at, 'language' => $language);
                 }
                  $stmt->close();
                }
                else
                echo "error";
        ?>

这里我提取我输入的内容并在容器中显示信息

<?php
 if(isset($_POST['search']))
            {
              $search = $_POST['search'];
  <?php foreach ($rows as $row): ?>
  <div class="col-sm-4 col-md-4 col-lg-4 col-xs-6">
    <div class="thumbnail"> <img src="<?php echo 'GigUploads/'.$row['img']; ?>" alt="<?php echo $row['description']; ?>" height="200" width="400">
      <div class="caption">
        <h3><?php echo $row['description']; ?></h3>
        <!-- Passing the gig_id through the URL. Get the gig_id from the URL in the detail page using $_GET['gig_id'] -->
        <p><a href="detail.php?gig_id=<?php echo $row['gig_id']; ?>" class="btn btn-primary" role="button"><span class="glyphicon glyphicon-shopping-cart" aria-hidden="true"></span> Request</a></p>
      </div>
    </div>
  </div>
  ?>
<?php endforeach; ?>
}

2 个答案:

答案 0 :(得分:1)

尝试一下,之前您正在寻找完全匹配,并且没有发送用户输入的值。如果您要包含用户搜索,那么您可以使用SQL注入。您需要将用户输入与SQL准备好的查询分开。此处查询中的?是占位符。 PDO驱动程序稍后会添加该值,因此输入无法操作查询。

<?php
include("head.php");
global $conn;
$search = $_POST['search'];
if ($stmt = $conn->prepare("SELECT gig_id, user_id, category_id, description, price, img, deliverytime, created_at, updated_at, language from advertisement WHERE description like ? "))  {
    $result = $stmt->execute(array('%' . $search . '%'));
    $stmt->bind_result($gig_id, $user_id, $category_id, $description, $price, $img, $deliverytime, $created_at, $updated_at, $language);
    while ($stmt->fetch()) {
        $rows[] = array('gig_id' => $gig_id, 'user_id' => $user_id, 'category_id' => $category_id, 'description' => $description, 'price' => $price, 'img' => $img, 'deliverytime' => $deliverytime, 'created_at' => $created_at, 'updated_at' => $updated_at, 'language' => $language);
}
$stmt->close();
} else {
    echo "error";
}

如果您希望完全取消%,请将like更改为=

<强>更新

您还需要提交表单。 PHP仅在服务器上,一旦页面加载它就不可用。此表单的action应该是上面PHP所在的位置。

<form action="search.php" method="post" class="navbar-form">
      <input class="form-control" placeholder="Search" type="text" />
      <input type="submit" value="Search" />
</form>

答案 1 :(得分:0)

使用类似

更改您的mysql查询 
SELECT gig_id, user_id, category_id, description, price, img, deliverytime, created_at, updated_at, language from advertisement WHERE description like '%search%'
相关问题
最新问题