dsa5233 2012-10-16 12:25
浏览 13
已采纳

从文本框到mysql搜索关键字

I explode the input of user to array and then search them in the database but if user enter the space as a result it will show the whole rows of the table which has space how can I make it correct?

if(isset($_POST['submit'])){
$keywords = explode(" ", $_POST["search"]);
for ($i=0; $i<count($keywords); $i++) {

$query = "SELECT * FROM mp3s " .
"WHERE (artist LIKE '%".$keywords[$i]."%' 
OR   genre LIKE '%".$keywords[$i]."%'  
OR  album LIKE '%".$keywords[$i]."%'
OR  filename LIKE '%".$keywords[$i]."%'
) ";
$sql = mysql_query($query) or die(mysql_error());

}
  • 写回答

2条回答 默认 最新

  • doubeijian2257 2012-10-16 12:35
    关注

    Use trim() to delete spaces and use mysql_real_escape_string() to prevent sql injections. 

     if(isset($_POST['submit'])){
    $keywords = explode(" ", trim($_POST["search"]));
    for ($i=0; $i<count($keywords); $i++) {

    if(!empty($keywords[$i])) {

      $query = "SELECT * FROM mp3s " .
      "WHERE (artist LIKE '%".trim(mysql_real_escape_string($keywords[$i]))."%' 
      OR   genre LIKE '%".trim(mysql_real_escape_string($keywords[$i]))."%'  
      OR  album LIKE '%".trim(mysql_real_escape_string($keywords[$i]))."%'
      OR  filename LIKE '%".trim(mysql_real_escape_string($keywords[$i]))."%'
      ) ";
      $sql = mysql_query($query) or die(mysql_error());

    }

    }

    But it's better to use MySQLi than the mysql_real_escape_string() function.
    See http://php.net/manual/en/function.mysql-real-escape-string.php

    Or PDO with the prepared statements :
    http://php.net/manual/en/pdo.prepared-statements.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 连续两帧图像高速减法
  • ¥15 组策略中的计算机配置策略无法下发
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊
  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写