即使数据库中存在单词
,此代码也不会产生任何结果<?php
$query = $_GET['query'];
$min_length = 3;
if (strlen($query) >= $min_length) {
$query = htmlspecialchars($query);
$query = $DB_con->quote($query);
$raw_results = $DB_con->prepare("SELECT * FROM e3lanat
WHERE (`e_title` LIKE '%" . $query . "%') OR (`e_content` LIKE '%" . $query . "%')");
if ($raw_results->rowCount() > 0) {
while ($results = $raw_results->fetch(PDO::FETCH_OBJ)) {
echo "<p><h3>" . $results->e_title . "</h3>" . $results->e_content . "</p>";
}
} else {
echo "No results";
}
} else {
echo "No results 2";
}
?>
<form action="search.php" method="GET">
<input type="text" name="query" class="form-control" placeholder="بحث عن إعلانات " style='width:300px;'>
<button type="submit" value="Search"></button>
</form>
答案 0 :(得分:0)
$raw_results = $DB_con->prepare("SELECT * FROM e3lanat
WHERE (`e_title` LIKE '%".$query."%') OR (`e_content` LIKE '%".$query."%')");
if($raw_results->rowCount() > 0){
您只需prepare()查询,但execute()不是。