我如何将低于 mysql 的脚本转换为 mysqli 或 pdo?
How Can i Convert Below mysql script to mysqli or pdo?
任何人请将我下面的 php + mysql 搜索脚本转换为 php + mysqli 或 php + Pdo 语句...我不不知道该怎么做...请帮助我...提前发送...
我的表单脚本是
<html>
<head>
<title>search engine</title>
</head>
<body>
<form action = 'ss.php' method ='GET'>
<input type = "text" name = "q">
<input type = "submit" name = "submit" value = "search"
</body>
</html>
我的搜索引擎脚本是
<?php
$k = $_GET["q"];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
if ($i == 1 )
$subi.= " title LIKE '%$each%' ";
else
$subi.= " AND title LIKE '%$each%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysql_query("$query");
$row_object = mysql_query("Select Found_Rows() as rowcount");
$row_object = mysql_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;
?>
显示结果
<?php
if ($result>0)
{
while ($row = mysql_fetch_array($qry)){
$title=$row['title'];
$href=$row['href'];
$img=$row['img'];
echo "<div class=\"col-sm-4\"><div class=\"product-image-wrapper\"><div class=\"single-products\"><div class=\"productinfo text-center\"><img src=\"$img\" alt=\"$title\"><h5>$title</h5><a href=\"$href\" target=_blank </a></div></div></div></div>\n";
}
}
else
{
echo "Sorry No Items Found For " .$k;
}
?>
首先避免使用mysql_*这些函数已被弃用,
你的代码容易受到 SQL 注入,假设我是一个用户,如果我在输入中输入 %';# 那么你的查询将 return 我所有的结果,不管你应用了什么条件来过滤结果,
为了避免 SQL 注入,您应该在将其放入查询之前使用 mysqli_real_escape_string 清理所有用户输入,或者使用 PDO Prepared Statements
更新
$k = $_GET["q"];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
$escapedSearchString = mysql_real_escape_string($each);
if ($i == 1 )
$subi.= " title LIKE '%$escapedSearchString%' ";
else
$subi.= " AND title LIKE '%$escapedSearchString%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysql_query("$query");
$row_object = mysql_query("Select Found_Rows() as rowcount");
$row_object = mysql_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;
使用mysqli_*
$k = $_GET["q"];
$con = mysqli_connect("localhost", "root", "");
mysqli_select_db($con,"x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
$escapedSearchString = mysqli_real_escape_string($con,$each);
if ($i == 1 )
$subi.= " title LIKE '%$escapedSearchString%' ";
else
$subi.= " AND title LIKE '%$escapedSearchString%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysqli_query($con,"$query");
$row_object = mysqli_query($con,"Select Found_Rows() as rowcount");
$row_object = mysqli_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;
任何人请将我下面的 php + mysql 搜索脚本转换为 php + mysqli 或 php + Pdo 语句...我不不知道该怎么做...请帮助我...提前发送...
我的表单脚本是
<html>
<head>
<title>search engine</title>
</head>
<body>
<form action = 'ss.php' method ='GET'>
<input type = "text" name = "q">
<input type = "submit" name = "submit" value = "search"
</body>
</html>
我的搜索引擎脚本是
<?php
$k = $_GET["q"];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
if ($i == 1 )
$subi.= " title LIKE '%$each%' ";
else
$subi.= " AND title LIKE '%$each%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysql_query("$query");
$row_object = mysql_query("Select Found_Rows() as rowcount");
$row_object = mysql_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;
?>
显示结果
<?php
if ($result>0)
{
while ($row = mysql_fetch_array($qry)){
$title=$row['title'];
$href=$row['href'];
$img=$row['img'];
echo "<div class=\"col-sm-4\"><div class=\"product-image-wrapper\"><div class=\"single-products\"><div class=\"productinfo text-center\"><img src=\"$img\" alt=\"$title\"><h5>$title</h5><a href=\"$href\" target=_blank </a></div></div></div></div>\n";
}
}
else
{
echo "Sorry No Items Found For " .$k;
}
?>
首先避免使用mysql_*这些函数已被弃用,
你的代码容易受到 SQL 注入,假设我是一个用户,如果我在输入中输入 %';# 那么你的查询将 return 我所有的结果,不管你应用了什么条件来过滤结果,
为了避免 SQL 注入,您应该在将其放入查询之前使用 mysqli_real_escape_string 清理所有用户输入,或者使用 PDO Prepared Statements
更新
$k = $_GET["q"];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
$escapedSearchString = mysql_real_escape_string($each);
if ($i == 1 )
$subi.= " title LIKE '%$escapedSearchString%' ";
else
$subi.= " AND title LIKE '%$escapedSearchString%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysql_query("$query");
$row_object = mysql_query("Select Found_Rows() as rowcount");
$row_object = mysql_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;
使用mysqli_*
$k = $_GET["q"];
$con = mysqli_connect("localhost", "root", "");
mysqli_select_db($con,"x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each)
{
$i++;
$escapedSearchString = mysqli_real_escape_string($con,$each);
if ($i == 1 )
$subi.= " title LIKE '%$escapedSearchString%' ";
else
$subi.= " AND title LIKE '%$escapedSearchString%' ";
}
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by rand() limit $set_limit";
$qry = mysqli_query($con,"$query");
$row_object = mysqli_query($con,"Select Found_Rows() as rowcount");
$row_object = mysqli_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;