0

我有一个搜索表单,可以从数据库中搜索房产列表。在它工作正常之前,我能够显示搜索结果,然后突然之间它就没有显示出来。有没有我做错了什么。

这是代码

    <?php
require 'core/init.php';
////////////using mysqli to connect with database

$mysqli = new mysqli("localhost","root","", "test");
        if ($mysqli->connect_errno) {
            echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
        }
///////////set search variables
$property = $_POST['property'];
$bedroom = $_POST['BedroomNumber'];
$bathroom = $_POST['BathroomNumber'];
$priceMin = $_POST['PriceMin'];
$priceMax = $_POST['PriceMax'];
$termlease = $_POST['TermLease'];
//////////search
if(isset($_POST['utilities']) && is_array($_POST['utilities'])) {
    foreach($_POST['utilities'] as $check) {
             //echoes the value set in the HTML form for each checked checkbox.
                         //so, if I were to check 1, 3, and 5 it would echo value 1, value 3, value 5.
                         //in your case, it would echo whatever $row['Report ID'] is equivalent to.
    }
}


$sql = $mysqli->query("select * from propertyinfo where Property like '%$property%' and NumBed like '%$bedroom%' and NumBath like '%$bathroom%' and Price >= '$priceMin' and Price <= '$priceMax' and utilities like '%$check%' and TermLease like '%$termlease%'");


if($sql === FALSE) {
    die(mysql_error()); // TODO: better error handling

}

?>

显示结果的部分

<?php
if($sql->num_rows){
    while ($row = $sql->fetch_array(MYSQLI_ASSOC)){
        echo '<div id="listing">
                    <div id="propertyImage"> 
                        <img src="uploadimages/'.$row['imageName1'].'" width="200" height="150" alt=""/> 
                    </div>

                    <div id="basicInfo">
                    <h2>$'.$row['Price'].'</h2>
                    <p style="font-size: 18px;"># '.$row['StreetAddress'].', '.$row['City'].', BC</p>
                    <p>'.$row['NumBed'].' Bedrooms | '.$row['NumBath'].' Bathrooms | '.$row['Property'].'</p>
                    <br>
                    <p><a href="outputtest2.php?record_id='.$row['ID'].'" class="link2" target="_blank">View Full Details</a> | <a href="" class="link2">Get Directions</a>

                    </div>
                </div>';

    }
}
else
{
echo '<h2>0 Search Results</h2>';
}
?>

谢谢

4

1 回答 1

0

所以,要清楚,你看到“0个搜索结果”?日志或输出中是否有任何错误?您是否尝试过 echo()'ing 您的 SQL 语句:

echo "select * from propertyinfo where Property like '%$property%' and NumBed like '%$bedroom%' and NumBath like '%$bathroom%' and Price >= '$priceMin' and Price <= '$priceMax' and utilities like '%$check%' and TermLease like '%$termlease%'"

...然后将该 SQL 语句直接粘贴到 CLI 中。

除了您的 SQL 受到 SQL 注入攻击之外,您可能会发现输入中有一些杂散字符导致您的 SQL 语句出现问题。

于 2013-06-17T04:40:28.103 回答