1 
<h2>Search</h2> 
 <form name="search" method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
 Seach for: <input type="text" name="find" /> in 
 <Select NAME="field">
 <Option VALUE="fname">First Name</option>
 <Option VALUE="lname">Last Name</option>
 <Option VALUE="info">Profile</option>
 </Select>
 <input type="hidden" name="searching" value="yes" />
 <input type="submit" name="search" value="Search" />
 </form>
  <?php 
 //This is only displayed if they have submitted the form 

 if ($_REQUEST[searching] =="yes") 
 { 
 echo "<h2>Results</h2><p>"; 

 //If they did not enter a search term we give them an error 
 if ($_REQUEST[find] == "") 
 { 
 echo "<p>You forgot to enter a search term"; 
 exit; 
 } 

 // Otherwise we connect to our Database 
 mysql_connect("localhost", "admin", "password") or die(mysql_error()); 
 mysql_select_db("oop") or die(mysql_error()); 

 // We preform a bit of filtering 
 $find = strtoupper($_REQUEST[find]); 
 $find = strip_tags($find); 
 $find = trim ($find); 

 //Now we search for our search term, in the field the user specified 
 $data = mysql_query("SELECT * FROM users WHERE upper($_REQUEST[field]) LIKE'%$find%'"); 

 //And we display the results 
 while($result = mysql_fetch_array( $data )) 
 { 
 echo $result['fname']; 
 echo " "; 
 echo $result['lname']; 
 echo "<br>"; 
 echo $result['info']; 
 echo "<br>"; 
 echo "<br>"; 
 } 

 //This counts the number or results - and if there wasn't any it gives them a little message explaining that 
 $anymatches=mysql_num_rows($data); 
 if ($anymatches == 0) 
 { 
 echo "Sorry, but we can not find an entry to match your query<br><br>"; 
 } 

 //And we remind them what they searched for 
 echo "<b>Searched For:</b> " .$find; 
 } 
 ?>

问题:

前端显示:

注意:使用未定义的常量搜索 - 在第 15 行的 D:\wamp\www\oop\test2.php 中假设“搜索”

我知道发布表单值有问题,例如“搜索”......但我现在知道如何更正/更改。所以任何人都可以帮我纠正它吗?

谢谢。

4

4 回答 4

1

在第 15 行中,

if ($_REQUEST[searching] =="yes")

应引用“搜索”:

if ($_REQUEST['searching'] =="yes")

这也适用于您检查请求参数的其他行。

于 2013-05-17T02:58:06.757 回答
1

您没有将关联数组索引指定为字符串。它应该是 $_REQUEST['searching'] 而不是 $_REQUEST[searching] 稍后与 $_REQUEST[find] 相同

于 2013-05-17T03:00:32.177 回答
1

被替换者

if ($_REQUEST[searching] =="yes")  


if (isset($_REQUEST['searching']) && $_REQUEST['searching'] =="yes")
于 2013-05-17T03:22:36.193 回答
0

$_REQUEST[searching]应该是$_REQUEST['searching']。还有,是什么$_REQUEST[find]?(它也应该在'find'周围加上引号)。还有……为什么$_REQUEST?要具体,并使用$_POST(例如$_POST['searching'])。

并且......请,请,请(至少)在您的查询参数周围使用 mysql_real_escape_string() 。见: http: //php.net/manual/en/function.mysql-real-escape-string.php

例如

$data = mysql_query("SELECT * FROM users 
  WHERE mysql_real_escape_string(upper($_POST['field']))
  LIKE'%mysql_real_escape_string($_POST['find'])%'");

确实,查询 MySQL 的更好方法是使用 PHP 数据对象并绑定您的值以增加安全性:http: //php.net/manual/en/book.pdo.php

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->bindValue(':calories', $calories, PDO::PARAM_INT);
$sth->bindValue(':colour', $colour, PDO::PARAM_STR);
$sth->execute();
?>

还有更多。您需要阅读连接等内容......这超出了此答案的范围。

于 2013-05-17T03:16:15.123 回答