我正在一个项目上,代码中包含以下代码段:
<div id= "searchresults" style="min-height: 10vh; height: auto; background-color:white; display: block;">
<?php
//Makes connection
include 'dxbase.php';
$conn = new mysqli($servername, $username, $password, $dbname);
$tempvardf = '%$_POST[search]%'; #############
if(isset($_POST["search"])){
//Defines SQL command to bring up data about the products matching the set search
$sql = "SELECT id, name, price, location FROM products WHERE name LIKE ?;"; #'%$_POST[search]%'
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL STATEMENT FAILED... OOF";
} else {
//Bind paramaters to placeholder
mysqli_stmt_bind_param($stmt, "s", $tempvardf);
//Run paramaters inside database
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($result)) {
echo $row['name']. "<br>";
}
echo "And that's it!";
}
} else {
echo "Search for some products!";
}
?>
</div>
我希望这样做可以提供以下形式:
<form id="searchbar" style="width: auto; position:absolute; top:5vh ;right: 20vw;" method="post" action="index.php">
<input id="search" style="border-radius: 15px; border: 1px #000 solid;height: 5vh; width: 50vw;" type="text" placeholder="Search.." name="search" required>
<i id="searchproduct" class="material-icons" style="font-size:calc(1.5vw + 1.5vh);cursor:pointer; position:absolute; top:1vh ;right: 0.5vw; " onClick="searchProducts()">search</i>
<script>
function searchProducts() {
document.getElementById("searchbar").submit();
}
</script>
<!--<script>
window.addEventListener("DOMContentLoaded", function () {
var form = document.getElementById("searchbar");
document.getElementById("searchproduct").addEventListener("click", function () {
form.submit();
});
});
</script>-->
</form>
以安全的方式显示结果的框,但是每当我尝试运行该框时,都不会给出任何结果,即使它应该给出结果也是如此(是的,我检查了数据库,它们确实存在并且正在使用不安全的方法方法)。
尽管我尽了最大的努力和研究时间,但我仍然陷于困境...
有什么建议吗?
谢谢