PHP从mysql返回结果,但如果我循环结果,则没有显示

时间:2011-12-02 14:45:09

标签: php mysql

这是我的代码:

<?php
    require('...........');
    require('................');

    $search_query = strip_tags(substr($_POST['search_query'], 0, 60));
    $region_query = strip_tags(substr($_POST['region_choice'], 0, 2));
    $class_query  = $_POST['class_choice'];
    $quick_search = strip_tags(substr($_POST['quick_search'], 0, 1));
             ;

    # setup database connection
    $db_ok = 1;
    $dbh = @mysql_connect($GLOBALS['database']['hs'], $GLOBALS['database']['un'],$GLOBALS['database']['pw']);
    if (! $dbh) {
        $db_ok = 0;
    }
    $dbh_selected = @mysql_select_db($GLOBALS['database']['db'], $dbh);
    if (! $dbh_selected) {
        $db_ok = 0;
    }

    if ($db_ok == 1) {
        $query_addition = "";

    if ($region_query > 0) {
        $query_addition = " AND `location` = \"$region_query\" ";
    }   

    if ($class_query > 0) {
        $query_addition .= " AND `class` = \"$class_query\" ";
    }

    $query  = "SELECT ID,date_active,title,location,environment,specialism FROM ";
    $query .= $GLOBALS['database']['jobs_table'] . " WHERE `date_active` < CURDATE()     AND `date_inactive` > CURDATE() 
    $query_addition AND `description` LIKE \"%$search_query%\"  ORDER BY `ID`";
    mysql_real_escape_string($query); 
    //mysql_set_charset('utf-8', $query);
    $result = mysql_query($query,$dbh);

    $table_content = "";
    $row_count = 0;

    if ($result) {  
        while ($row = mysql_fetch_row($result)) {
            $id    = $row[0];
            $loc = stripslashes($row[3]);
            $title = htmlentities(stripslashes($row[2]));           
            $env   = htmlentities(stripslashes($row[4]));           
            $spec  = htmlentities(stripslashes($row[5]));   

            if ($row_count % 2 == 0) {
                $table_content .= "<tr>";
            } else {    
                $table_content .= "<tr class=\"mellon\">";
            }   
            $table_content .= "<td><a href=\"?p=Vacature&ID=$id\" abbr=\"". $title . "\" title=\"" . $title ."\">" . $title . "</a></td>";
            $table_content .= "<td>" . get_location($dbh,$loc) . "</td>";
            $table_content .= "<td>" . $env . "</td>";
            $table_content .= "<td>" . $spec . "</td>";
            $table_content .= "</tr>\n";
            $row_count++;
            if ($row_count == 20) {
                break;
            }           
        }
    }

    if ($row_count > 0) {
        print " 
        <p>U heeft gezocht op: <b>$search_query</b></p>
        <p>Hieronder vindt u een overzicht van gevonden vacatures met een maximum aantal van 20. Er zijn in totaal $row_count vacatures gevonden.</p>
        <table class=\"table_layout\">
          <tbody>
            <tr>
              <th>Titel</th><th>Regio</th><th>Werkomgeving</th><th>Specialisme</th>
            </tr>
            $table_content 
        </tbody></table>";

    } else {
        print " 
        <p>U heeft gezocht op: <b>$search_query</b></p>
        <p><h4>Helaas heeft uw zoekopdracht geen resultaten opgeleverd</h4> </p>
        " ;
    }

} else {
    print "
    <p>U heeft gezocht op: <b>$search_query</b></p>
    <p>Het zoeken is mislukt..</p>
    ";
}   
?>

我已经尝试了一切,如果我var_dump我知道他有结果,只有while循环似乎不起作用。顺便说一下,当我使用像ö这样的特殊字符时它才起作用,我使用它会起作用。我已经尝试过htmlspecialchar,htmlentities等所有内容。 我还试图用str_replace和strtr转换特殊字符。请帮助,谢天谢地

4 个答案:

答案 0 :(得分:2)

您无法在整个查询上运行mysql_real_escape_string(),只能在查询参数上运行:

$query .= $GLOBALS['database']['jobs_table'] . " WHERE `date_active` < CURDATE()
    AND `date_inactive` > CURDATE()"
    . mysql_real_escape_string($query_addition) . " AND `description`
    LIKE '%" . mysql_real_escape_string($search_query)"%'  ORDER BY `ID`";

如果您在整个事情中使用它,您的查询中的引号将被转义。

答案 1 :(得分:2)

您似乎使用了mysql_real_escape_string函数错误。您应该将它用于放入mysql查询的变量,而不是整个查询。

试试这个:

$query_addition = "";
if ($region_query > 0) {
    $query_addition .= " AND `location` = '".mysql_real_escape_string($class_query)."' ";
}   

if ($class_query > 0) {
    $query_addition .= " AND `class` = '".mysql_real_escape_string($class_query)."' ";
}

$query  = "SELECT ID,date_active,title,location,environment,specialism FROM ";
$query .= $GLOBALS['database']['jobs_table'] . " WHERE `date_active` < CURDATE()     AND `date_inactive` > CURDATE() 
        $query_addition AND `description` LIKE '".mysql_real_escape_string($search_query)."'  ORDER BY `ID`";

$result = mysql_query($query,$dbh);

有帮助吗?

答案 2 :(得分:2)

对整个查询执行mysql_real_escape_string是错误的做事方式。您可以转义插入的INDIVIDUAL字符串,而不是整个查询。通过转义整个查询,你就会破坏它。

$x = mysql_real_escape_string("Miles O'Brien");
$sql = "SELECT something FROM somewhere WHERE username='$x'";

将产生

SELECT something FROM somewhere WHERE username='Miles O\'Brien';

相比之下,你的版本会产品

SELECT something FROM somewhere WHERE username=\'Miles O\'Brien\';

并完全失败。

答案 3 :(得分:1)

查询没有返回任何行。

打印您的查询并在phpmyadmin / console中运行它以确保然后更改查询以获取将返回所需行的查询。

要解决问题,你必须将你的任务分成更小的子任务 该算法非常简单

  1. 将PHP放在一边,只在console / phpmyadmin中使用SQL 处理您的查询,直到它工作。 写下此查询以供将来参考。

  2. 返回PHP以从中汇编查询 打印此查询并与(1)中的一个进行比较 处理您的代码,直到您有2个查询相同

  3. 最后,使用PHP运行它。

    4. PS。我知道mysql_real_escape_string($query);偶然添加了其他尝试使其工作,但无论如何你必须删除该行。

相关问题
最新问题