duandun3178 2015-02-11 10:21
浏览 58
已采纳

不能使用LIKE使用php从mysql中提取数据

I have been battling with this code for some time and could do with some advice. I have created a mysql database of computer games and a simple search box and button within a form. If I type in any key word regarding the name of the game or its description, php should echo the results in a drop down (since there might be more than one 'hit'). At present, I'm just showing the results at the bottom of the page. My query happily runs the else statement and shows me all the games on offer, but I get no results when I type in the search criteria and no error messages. print_r($q) also draws a blank. What's going wrong? NB. I'm not too worried about code injection at this point - 1 baby step at a time! Many thanks

<!DOCTYPE HTML>
<HTML>
<head></head>

<?php
//Connect to the Database
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "Secret";
$dbname = "gaming";

//Create connection
$conn = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);

// Show error if connection fails
if (!$conn){ 
    die("Connection failed: " .
        mysqli_connect_error());
}

if(isset($_REQUEST['submit'])){
    $search=$_POST['search'];
    $sql="SELECT* FROM gamestbl WHERE game_name LIKE '%.$search.%' OR game_description LIKE '%.$search.%'";
    $q=mysqli_query($conn,$sql);
}
else{
    $sql="SELECT* FROM gamestbl";
    $q=mysqli_query($conn,$sql);
}
?>

<body>
<form method="post">
    <table width="200" border="1">
  <tr>
    <td>Search</td>
    <td><input type="text" name="search" value="" /></td>
    <td><input type="submit" name="submit" value=" Find " /></td>
  </tr>
</table>
</form>
<table>
    <tr>
        <td>Game ID</td>
        <td>Game Name</td>
        <td>Game Description</td>
        <td>Game Genre</td>
        <td>Game Price</td>
    </tr>

<?php
print_r($q);
while($res=mysqli_fetch_array($q)){
?>
<tr>
    <td><?php echo $res['game_id'];?></td>
    <td><?php echo $res['game_genre'];?></td>
    <td><?php echo $res['game_name'];?></td>
    <td><?php echo $res['game_description'];?></td>
    <td><?php echo $res['game_price'];?></td>
</tr>
    <?php }?>
</table>

</body>
</html>
<?php
// get rid of data in cache and close
    mysqli_close($conn);
?>
  • 写回答

2条回答 默认 最新

  • dqtok88424 2015-02-11 10:41
    关注

    Change

    $sql="SELECT* FROM gamestbl WHERE game_name LIKE '%.$search.%' OR game_description LIKE '%.$search.%'";
    

    For

    $search = mysql_real_escape_string($search); // Prevent from injection
    $sql = sprintf("SELECT * FROM gamestbl WHERE concat(game_name, game_description) LIKE '%s'", '%' . $search . '%');
    

    sprintf is the better way to add variable in a string and concat will make your sql shorter by avoiding "OR".

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决