PHP MySQL: 在数据库中搜索字符串(在数组中)缺失的结果
PHP MySQL: Search database for string (in array) missing results
我正在创建一个在数据库中搜索字符串的功能。 PHP 使用 PHP 验证器显示没有错误,如果搜索词不存在,它 returns 正确的错误。我的问题是,当在名为 'collocation' 的数据库列(目前是数据库中唯一的条目)中搜索术语 'abandon hastily' 时,没有返回任何结果。虽然我可以使用 phpMyAdmin 看到这个条目确实存在。
用户使用以下 HTML 将字符串输入到输入字段中:
<form action='http://www.murkyfiles.esy.es/search.php' method='GET'>
<center>
<p><label for='search'>Please enter your question as accurately as possible:</label></p>
<p><input type='search' size='90' name='search'></p>
<p><input type='submit' name='submit' value='Find answer'></p>
</center>
</form>
输入的术语是使用以下PHP在数据库中搜索的:
<?php
$button = $_GET [ 'submit' ];
$search = $_GET [ 'search' ];
$host = "[HOST URL]";
$username = "[USERNAME]";
$password = "[PASSWORD]";
$database = "[DATABASE]";
$searchlength = strlen($search);
if( !$button )
echo "You didn't submit a keyword";
else {
if( strlen( $search ) <= 1 )
echo "Search term too short";
else {
echo "You searched for <b> $search </b> <hr size='1' > </ br > ";
// Connect to database
$con = mysqli_connect ( $host, $username, $password );
if(!$con) {
die('Could not connect: ' .PDO::errorInfo());
}
mysqli_select_db ( $con, $database );
$search = str_split($search, $searchlength);
$construct = " SELECT * FROM 'coll_test' WHERE collocation LIKE '%$search%' ";
$run = mysqli_query( $con, $construct );
//Fetch and return search results.
if ($foundnum == 0)
echo "Sorry, there are no matching results for <b> $search[0] </b>.
</ br >
</ br > 1. Try presenting your Something is wrong in a more academic manner. Guidance can be found on the majority of University websites without need for registration.
</ br > 2. Try more common words/phrases with similar meaning. This search focuses on colloquialisms - commonly used phrases within a language.
</ br > 3. Please check your spelling";
else {
echo "$foundnum results found !<p>";
while ( $runrows = mysqli_fetch_assoc($run) ) {
$collocation = $runrows ['collocation'];
echo "<a href='$url'> <b> $title </b> </a> <br> $desc <br> <a href='$url'> $url </a> <p>";
}
}
}
}
我查看了各种类似的问题,其中 none 提供了解决方案。
澄清一下,数据库table列headers如下:
collocation | left | right | length | google-results | bing-results | yahoo-results | url-link | wiki | date
到目前为止,我的数据库中只有一个条目:
collocation = abandon hastily
left = abandon
right = NULL
length = 2
google-results = 24000000
bing-results = 386000
yahoo-results = 385000
url-link = oxforddictionary.so8848.com/search1?word=abandon
wiki = 0
date = [TIMESTAMP]
结束引号形式 table 和列名而不是使用反引号并且您的代码是开放的 sql 注入用户准备和绑定语句以防止它
$search = $_GET ['search'];// get your value
$like = "%$search%";//
$stmt = $con->prepare("SELECT `collocation`,`left`,`right` FROM `coll_test` WHERE collocation LIKE ?");
$stmt->bind_param('s', $like);
$stmt->execute();
$stmt->bind_result($collocation,$left,$right);
$rows = $stmt->num_rows;// check your query return result of not
if ($rows > 0) {
while ($stmt->fetch()) {// fetch data from query
printf ("%s (%s)\n", $collocation,$left,$right);
// fetch data form result set
}
} else {
echo "Sorry, there are no matching results for <b> $search </b>.";
}
完全重写,注释如下:
$con = mysqli_connect ( $host, $username, $password, $database );
//$search = str_split($search, $searchlength); ///??? See below
$searchSafe = preg_replace("/[^0-9a-z-_ ]/i","",$search); //example only.
$construct = " SELECT COUNT(*) AS found FROM `coll_test`
WHERE collocation LIKE '%".$searchSafe."%' ";
$run = mysqli_query($con, $construct);
$result = mysqli_fetch_array($run);
print $result['found']." number of results found!"; //for example.
1) 您可以在 MySQLi 连接函数中包含数据库引用。
2) str_split return 是一个 数组 但您将结果用作字符串。这是令人困惑和不正确的,你打算用这个做什么?
$_GET['search'] 将始终是字符串类型,因此您不需要将其用作数组或任何基于数组的乱七八糟的东西。
3) 手动使用外部函数 returning number_rows 计数可能不准确,instead use COUNT 在 SELECT 语句中。
4) 您忘记了 return 您实际查询的结果!所以上面我插入了一个mysql_fetch_array结果来查看结果的数量。您也没有为 $foundnum 变量定义值。
5) 你将PDO与MySQLi混合使用,这两种连接方式互斥。他们不混。
6) 你对 SQL 注入和数据库妥协持开放态度,你需要使用准备好的语句(以及 的示例)并使用 preg_replace 之类的东西(或其他REGEX 解析器)从字符串中删除无效字符,例如:
$searchSafe = preg_replace("/[^0-9a-z-%_ ]/i","",$search); //example only.
以上仅表示 0-9 或 a-z(不区分大小写,/i)或 -、% 或 _ 在字符串中是允许的。
7) table 或列名 ('coll_test') 不应包含在单引号中,相反,它们应该包含在反引号中,如果有的话。在 MySQL 中,单引号用于包含数据字符串 only.
我正在创建一个在数据库中搜索字符串的功能。 PHP 使用 PHP 验证器显示没有错误,如果搜索词不存在,它 returns 正确的错误。我的问题是,当在名为 'collocation' 的数据库列(目前是数据库中唯一的条目)中搜索术语 'abandon hastily' 时,没有返回任何结果。虽然我可以使用 phpMyAdmin 看到这个条目确实存在。
用户使用以下 HTML 将字符串输入到输入字段中:
<form action='http://www.murkyfiles.esy.es/search.php' method='GET'>
<center>
<p><label for='search'>Please enter your question as accurately as possible:</label></p>
<p><input type='search' size='90' name='search'></p>
<p><input type='submit' name='submit' value='Find answer'></p>
</center>
</form>
输入的术语是使用以下PHP在数据库中搜索的:
<?php
$button = $_GET [ 'submit' ];
$search = $_GET [ 'search' ];
$host = "[HOST URL]";
$username = "[USERNAME]";
$password = "[PASSWORD]";
$database = "[DATABASE]";
$searchlength = strlen($search);
if( !$button )
echo "You didn't submit a keyword";
else {
if( strlen( $search ) <= 1 )
echo "Search term too short";
else {
echo "You searched for <b> $search </b> <hr size='1' > </ br > ";
// Connect to database
$con = mysqli_connect ( $host, $username, $password );
if(!$con) {
die('Could not connect: ' .PDO::errorInfo());
}
mysqli_select_db ( $con, $database );
$search = str_split($search, $searchlength);
$construct = " SELECT * FROM 'coll_test' WHERE collocation LIKE '%$search%' ";
$run = mysqli_query( $con, $construct );
//Fetch and return search results.
if ($foundnum == 0)
echo "Sorry, there are no matching results for <b> $search[0] </b>.
</ br >
</ br > 1. Try presenting your Something is wrong in a more academic manner. Guidance can be found on the majority of University websites without need for registration.
</ br > 2. Try more common words/phrases with similar meaning. This search focuses on colloquialisms - commonly used phrases within a language.
</ br > 3. Please check your spelling";
else {
echo "$foundnum results found !<p>";
while ( $runrows = mysqli_fetch_assoc($run) ) {
$collocation = $runrows ['collocation'];
echo "<a href='$url'> <b> $title </b> </a> <br> $desc <br> <a href='$url'> $url </a> <p>";
}
}
}
}
我查看了各种类似的问题,其中 none 提供了解决方案。
澄清一下,数据库table列headers如下:
collocation | left | right | length | google-results | bing-results | yahoo-results | url-link | wiki | date
到目前为止,我的数据库中只有一个条目:
collocation = abandon hastily
left = abandon
right = NULL
length = 2
google-results = 24000000
bing-results = 386000
yahoo-results = 385000
url-link = oxforddictionary.so8848.com/search1?word=abandon
wiki = 0
date = [TIMESTAMP]
结束引号形式 table 和列名而不是使用反引号并且您的代码是开放的 sql 注入用户准备和绑定语句以防止它
$search = $_GET ['search'];// get your value
$like = "%$search%";//
$stmt = $con->prepare("SELECT `collocation`,`left`,`right` FROM `coll_test` WHERE collocation LIKE ?");
$stmt->bind_param('s', $like);
$stmt->execute();
$stmt->bind_result($collocation,$left,$right);
$rows = $stmt->num_rows;// check your query return result of not
if ($rows > 0) {
while ($stmt->fetch()) {// fetch data from query
printf ("%s (%s)\n", $collocation,$left,$right);
// fetch data form result set
}
} else {
echo "Sorry, there are no matching results for <b> $search </b>.";
}
完全重写,注释如下:
$con = mysqli_connect ( $host, $username, $password, $database );
//$search = str_split($search, $searchlength); ///??? See below
$searchSafe = preg_replace("/[^0-9a-z-_ ]/i","",$search); //example only.
$construct = " SELECT COUNT(*) AS found FROM `coll_test`
WHERE collocation LIKE '%".$searchSafe."%' ";
$run = mysqli_query($con, $construct);
$result = mysqli_fetch_array($run);
print $result['found']." number of results found!"; //for example.
1) 您可以在 MySQLi 连接函数中包含数据库引用。
2) str_split return 是一个 数组 但您将结果用作字符串。这是令人困惑和不正确的,你打算用这个做什么?
$_GET['search']将始终是字符串类型,因此您不需要将其用作数组或任何基于数组的乱七八糟的东西。
3) 手动使用外部函数 returning number_rows 计数可能不准确,instead use COUNT 在 SELECT 语句中。
4) 您忘记了 return 您实际查询的结果!所以上面我插入了一个mysql_fetch_array结果来查看结果的数量。您也没有为 $foundnum 变量定义值。
5) 你将PDO与MySQLi混合使用,这两种连接方式互斥。他们不混。
6) 你对 SQL 注入和数据库妥协持开放态度,你需要使用准备好的语句(以及 preg_replace 之类的东西(或其他REGEX 解析器)从字符串中删除无效字符,例如:
$searchSafe = preg_replace("/[^0-9a-z-%_ ]/i","",$search); //example only.
以上仅表示 0-9 或 a-z(不区分大小写,/i)或 -、% 或 _ 在字符串中是允许的。
7) table 或列名 ('coll_test') 不应包含在单引号中,相反,它们应该包含在反引号中,如果有的话。在 MySQL 中,单引号用于包含数据字符串 only.