我正在尝试从具有两列的数据库中获取用户提交。一个用于艺术家,一个用于标题。我想从简单的表单中获取他们的输入,并将所有类似的结果输出到下一页的表格中。我已经包含了我迄今为止编写的整个脚本。我没有在页面上出现任何错误,但我也没有得到任何结果。我花了好几天在网上看看我是否可以自己解决这个问题,但我没有这么幸运。很抱歉这么罗嗦,但我是这个网站的新手,想尽可能多地提供详细信息。
<?php
include("db_connect.php");
// - get form data from "searchform.php"
$song_query = $_GET['song_query'];
// - column 1 and column 2 are all we're looking for in the db
// - title and artist are currently the two cols. Table is named
"song_list"
$col1 = "title";
$col2 = "artist";
$tablename = "song_list";
echo "<H1>Search results</H1>";
if ($song_query == "") {
echo "What are you going to sing? You didn't enter a search term! Please
try again.";
exit;
}
// - pick the db connection out of the included file and give error if
failed.
mysqli_select_db($conn, $db_name) or die(mysqli_error());
// - cleans up string inputted by user to avoid harmful code insertion
into form
$song_query = strtoupper($song_query);
$song_query = strip_tags($song_query);
$song_query = trim($song_query);
// - set up parameters for accessing the query of the db
$sql = "SELECT $col1, $col2 FROM $tablename WHERE $col1, $col2 LIKE
'%$song_query%'";
$result = mysqli_query($conn, $sql);
if (isset($_GET['$result'])){
if (mysqli_num_rows($result) > 0){
echo "<table><tr>";
echo "<th>Artist</th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['$result'] . "</td>";
echo "</tr>";
echo "</table>";
}
}
}
?>
你有错误的SQL,它是在运行时构建的
$sql = "SELECT $col1, $col2 FROM $tablename WHERE $col1, $col2 LIKE
'%$song_query%'";
变成了
$sql = "SELECT title, artist FROM $tablename WHERE title, artist LIKE
'%$song_query%'";
在这里看看WHERE title, artist LIKE
qazxsw poi从qazxsw poi获得价值,这在运行时会发生变化。
这个$song_query是你需要说的无效语法
$_GET['song_query']所以这应该解决问题
WHERE $col1, $col2 LIKE '%$song_query%'虽然这是对
WHERE col1 LIKE '%something%' AND col2 LIKE '%something%'广泛开放甚至$sql = "SELECT $col1, $col2 FROM $tablename WHERE $col1 LIKE '%$song_query%' AND $col2 LIKE '%$song_query%'";使用SQL Injection Attack
if you are escaping inputs, its not safe!
还要注意你在我的桌子上犯了几个错误,我认为我已经修好了。