使用用户输入查询我的数据库
Making a query on my database using user input
我正在编写一些代码,允许用户输入那里的位置和一年中的月份,并向他们展示当月从他们的位置可以看到的星星。我已经完成了我的数据库并在 mySQl 上进行了查询,但试图在网页上实现它并遇到了一些困难,我有两个用户可以输入的输入和下面运行该功能的程序,如果有人可以发现任何错误,该函数在输入位置和月份时不会输出任何数据,但当未输入任何内容并按下提交时,它会输出事件但无法弄清楚原因。
下面是搜索功能,然后是活动。 php低于
<?php
/**
* Performs a search
*
* This class is used to perform search functions in a MySQL database
*
*
*
*/
class search {
/**
* MySQLi connection
* @access private
* @var object
*/
private $mysqli;
/**
* Constructor
*
* This sets up the class
*/
public function __construct() {
// Connect to our database and store in $mysqli property
$this->connect();
}
/**
* Database connection
*
* This connects to our database
*/
private function connect() {
$this->mysqli = new mysqli( 'localhost', 'conor', 'trevor29', 'site_db' );
}
/**
* Search routine
*
* Performs a search
*
* @param string $search_term The search term
*
* @return array/boolen $search_results Array of search results or false
*/
public function search($search_term, $search_term1) {
// Sanitize the search term to prevent injection attacks
$sanitized = $this->mysqli->real_escape_string($search_term);
$sanitized1 = $this->mysqli->real_escape_string($search_term1);
// Run this Query
$query =$this ->mysqli->query("
SELECT event_name FROM event
INNER JOIN event_month
ON event.event_id = event_month.event_id
INNER JOIN month
ON event_month.month_id = month.month_id
INNER JOIN location
ON location.hemisphere = event.hemisphere
WHERE month_name LIKE '%{$sanitized}%'
AND city LIKE '%{$sanitized1}%'
");
// Run the query
//$query = $this->mysqli->query("
//SELECT *
//FROM event inner join location
//ON event.event_id = location.event_id
//WHERE city LIKE'%{$sanitized}%'
//");
// Check results
if ( ! $query->num_rows ) {
return false;
}
// Loop and fetch objects
while( $row = $query->fetch_object() ) {
$rows[] = $row;
}
// Build our return result
$search_results = array(
'count' => $query->num_rows,
'results' => $rows,
);
return $search_results;
}
}
下面这段代码是调用上面搜索功能的活动页面
?php
//getname
session_start();
//Check if search data was submitted
$search_results="";
if (isset( $_GET['s'])){
// Include the search class
require_once( dirname( __FILE__ ) . '/class-search.php' );
// Instantiate a new instance of the search class
$search = new search();
// Store search term into a variable
$search_term =($_GET['s']);
$search_term1 =($_GET['m']);
// Send the search term to our search class and store the result
$search_results = $search->search($search_term, $search_term1);
}
?>
下面是用户输入位置和月份的地方
搜索事件
搜索
">
<form action= "" method = "get">
<div class= "form-field">
<label for="search-field">Search</label>
<input type = "type" name ="m" placeholder = "Enter the month" results="5" value = "<?php $search_term1; ?>">
<input type ="submit" value = "Search">
</div>
如果有人能看到任何错误或失误,那将对我工作得越多,我离得越远越好
好吧,我可以从像这样的有限快照中看到的最简单的错误是你正在通过 $search_term1 这个月,但是你正在搜索 city 和 $sanitized1 这导致我相信您在查询中颠倒了月份和城市。
我正在编写一些代码,允许用户输入那里的位置和一年中的月份,并向他们展示当月从他们的位置可以看到的星星。我已经完成了我的数据库并在 mySQl 上进行了查询,但试图在网页上实现它并遇到了一些困难,我有两个用户可以输入的输入和下面运行该功能的程序,如果有人可以发现任何错误,该函数在输入位置和月份时不会输出任何数据,但当未输入任何内容并按下提交时,它会输出事件但无法弄清楚原因。
下面是搜索功能,然后是活动。 php低于
<?php
/**
* Performs a search
*
* This class is used to perform search functions in a MySQL database
*
*
*
*/
class search {
/**
* MySQLi connection
* @access private
* @var object
*/
private $mysqli;
/**
* Constructor
*
* This sets up the class
*/
public function __construct() {
// Connect to our database and store in $mysqli property
$this->connect();
}
/**
* Database connection
*
* This connects to our database
*/
private function connect() {
$this->mysqli = new mysqli( 'localhost', 'conor', 'trevor29', 'site_db' );
}
/**
* Search routine
*
* Performs a search
*
* @param string $search_term The search term
*
* @return array/boolen $search_results Array of search results or false
*/
public function search($search_term, $search_term1) {
// Sanitize the search term to prevent injection attacks
$sanitized = $this->mysqli->real_escape_string($search_term);
$sanitized1 = $this->mysqli->real_escape_string($search_term1);
// Run this Query
$query =$this ->mysqli->query("
SELECT event_name FROM event
INNER JOIN event_month
ON event.event_id = event_month.event_id
INNER JOIN month
ON event_month.month_id = month.month_id
INNER JOIN location
ON location.hemisphere = event.hemisphere
WHERE month_name LIKE '%{$sanitized}%'
AND city LIKE '%{$sanitized1}%'
");
// Run the query
//$query = $this->mysqli->query("
//SELECT *
//FROM event inner join location
//ON event.event_id = location.event_id
//WHERE city LIKE'%{$sanitized}%'
//");
// Check results
if ( ! $query->num_rows ) {
return false;
}
// Loop and fetch objects
while( $row = $query->fetch_object() ) {
$rows[] = $row;
}
// Build our return result
$search_results = array(
'count' => $query->num_rows,
'results' => $rows,
);
return $search_results;
}
}
下面这段代码是调用上面搜索功能的活动页面 ?php
//getname
session_start();
//Check if search data was submitted
$search_results="";
if (isset( $_GET['s'])){
// Include the search class
require_once( dirname( __FILE__ ) . '/class-search.php' );
// Instantiate a new instance of the search class
$search = new search();
// Store search term into a variable
$search_term =($_GET['s']);
$search_term1 =($_GET['m']);
// Send the search term to our search class and store the result
$search_results = $search->search($search_term, $search_term1);
}
?>
下面是用户输入位置和月份的地方
搜索事件
搜索 "><form action= "" method = "get">
<div class= "form-field">
<label for="search-field">Search</label>
<input type = "type" name ="m" placeholder = "Enter the month" results="5" value = "<?php $search_term1; ?>">
<input type ="submit" value = "Search">
</div>
如果有人能看到任何错误或失误,那将对我工作得越多,我离得越远越好
好吧,我可以从像这样的有限快照中看到的最简单的错误是你正在通过 $search_term1 这个月,但是你正在搜索 city 和 $sanitized1 这导致我相信您在查询中颠倒了月份和城市。