PHP基本搜索引擎

时间:2016-03-16 22:24:49

标签: php html mysql css mysqli

我有一个不起作用的搜索引擎,我希望引擎从mySQL数据库中获取数据并将其显示在表中,这是我的PHP代码..

谢谢!

PHP代码:

<?php

    <?php

$connect = new mysqli('localhost', 'root', '', 'supermazad') or die(mysql_error());
$connect->select_db('supermazad');

//collect

if(isset($_POST['search'])){
    $searchq = $_POST['search'];
    $searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);

    $query = mysqli_query("SELECT * FROM main WHERE title LIKE '%$searchq%'") or die(mysql_error());
    $count = mysql_num_rows($query) or die(mysql_error());

    if($count == 0){
        $output = 'There was no search results.';
    }
    else{
            while($row = mysql_fetch_array($query)){
                $id = $row['ref'];
                $title = $row['title'];
                $desc = $row['description'];

                    foreach( $id && $title && $desc ){
                        $output = '<table class="results-tab"><tr></tr><tr><td>'. $id .'</td>'. '<td>' . $title . '</td>' .'<td>'. $desc . '</td></tr>'; 
                    }
            }
    }
}
?>

2 个答案:

答案 0 :(得分:1)

**注意 - 这是基于您所说的,简单示例**

  1. 您正在混合使用mysql i + mysql
  2. 问题与您的查询有关。您需要从所需的表中索引字段。

    3. 您需要做什么?

    • ALTER TABLE main ADD INDEX titleproduct_id);
    • SELECT * FROM main WHERE title LIKE'%“。$ searchq。”%'OR MATCH(field_1,field_2,field_3,field_4)AGAINST('“。$ searchq。”');

    第二个查询是使用全文(https://dev.mysql.com/doc/refman/5.5/en/fulltext-search.html

    的示例

    更改代码:

    <?php
        // data
        $localhost   = 'localhost'; 
        $username    = 'username';
        $password    = 'passw0rd';
        $database    = 'supermazad';

        mysql_connect($localhost,$username,$password) or die(mysql_error());
        mysql_select_db($database) or die(mysql_error());

        if(isset($_POST['search'])){
            $searchq = $_POST['search'];
            $searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);

            $query = mysql_query("SELECT * FROM main WHERE title LIKE '%$searchq%'") or die(mysql_error());
            $count = mysql_num_rows($query) or die(mysql_error());

            if($count == 0){
                $output = 'There was no search results.';
            }else{
                echo '<table class="results-tab">';
                while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) {
                   echo '<tr>
                            <td>'.$row["ref"].'</td>
                            <td>'.$row["title"].'</td>
                            <td>'.$row["description"].'</td>
                        </tr>';
                }
                echo '</table>';    
            }
        }
    ?>

答案 1 :(得分:1)

使用预准备语句,因为它们阻止了SQL injection,所以更加安全。

我几乎每一步都评论过,所以你可以学习准备好的陈述。

<?php

$mysqli = new mysqli('localhost', 'root', '', 'supermazad') or die(mysql_error());

if(isset($_POST['search'])){
    $searchq = "%{$_POST[search]}%";
    $searchqrep = preg_replace("#[^0-9a-z]#i", "", $searchq);

    $stmt = $mysqli->prepare("SELECT * FROM main WHERE title LIKE ?");
    $stmt->bind_param('s',$searchqrep); //bind parameters to your statement
    $stmt->execute(); //you must execute your statement otherwise no results
    $stmt->bind_result(); //bind results to variables, but you must define them after the "Select ... " SQL
    $stmt->store_result(); //store results in case of further usage of them
    while($stmt->fetch()){ // the while loop will pull out all existing results from your table
        if($stmt->num_rows == 0){
            echo "No search results";   
        }else{
            // Echo/Print the binded variables from statement   
        }
    }
    $stmt->close(); //Still close your prepared statements
}
?>
相关问题
最新问题