问题
I am trying to do a php search into mySQL database. the following code works funny, it detect very well when I only entered 3 letter..eg i have a product name 'deepbluehealth omega' if i type 'ome' it picked up, if i type 'ega' it picked up, if i type 'omega' no result shown, also if i type 'deepbluehealth' it pick up no problem.
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$search_output = "";
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
$searchquery = $_POST['searchquery'];
if($_POST['filter1'] == "Whole Site"){
$sqlCommand = "(SELECT id, product_name FROM products WHERE product_name LIKE '%$searchquery%' OR details LIKE '%$searchquery%') ";
}
require_once("storescripts/connect_to_mysqli.php");
$query = mysqli_query($myConnection,$sqlCommand) or die(mysqli_error($myConnection));
$count = mysqli_num_rows($query);
if($count > 1){
$search_output .= "<hr />$count results for <strong>$searchquery</strong><hr />$sqlCommand<hr />";
while($row = mysqli_fetch_array($query)){
$id=$row["id"];
$product_name = $row["product_name"];
$details= $row["details"];
$category=$row["category"];
$subcategory=$row["subcategory"];
$search_output .= "ID: $id <br/> Name: $product_name -<br/>$details<br />$category<br/>$subcategory<br/>
<a href='product.php?id=$id'>link</a><br/>
";
} // close while
} else {
$search_output = "<hr />0 results for <strong>$searchquery</strong><hr />$sqlCommand";
}
}
?>
<html>
<head>
</head>
<body>
<h2>Search the Exercise Tables</h2>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Search For:
<input name="searchquery" type="text" size="44" maxlength="88">
Within:
<select name="filter1">
<option value="Whole Site">Whole Site</option>
</select>
<input name="myBtn" type="submit">
<br />
</form>
<div>
<?php echo $search_output; ?>
</div>
</body>
</html>
回答1:
Here's your problem:
if($count > 1){
This needs to be:
if($count > 0){
To account for the case where there is exactly one result. Probably this is the only product that matched "omega" but in every other case, another product happened to match.
回答2:
Nice random feature which I can not explain on the basis of the code only, could you give us the table structure / with indexes and some example data?
Extra tips
Don't use $_SERVER['PHP_SELF'] if you want to post to the same page because off the cross side scripting attacks that could happen now, or should use
<form action="" method="post">
Yes you should leave the action empty
And
Run $search_output when you echo through the function htmlentities to countermeasue against to most cross side scripting attacks.
来源:https://stackoverflow.com/questions/18187221/php-search-script-for-mysql-database-only-3-letter-working