0

大家好,我有一个简单的 phpmysql 搜索引擎脚本,它工作得很好,但我发现其中有一个大问题,问题是每当在搜索框中输入超过四次空格时,它就会显示我的表格的完整数据,请告诉我如何解决这个问题,是的,如果在一些字符串之后添加两个或空格,那么也会出现这个问题。

$button = $_GET ['submit'];
$search = $_GET ['search']; 
if(strlen($search)<=1)
echo "Invalid search";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","root","9889922527");
mysql_select_db("specifications");

$search_exploded = explode (" ", $search);

foreach($search_exploded as $search_each)
{
@$x++;
if($x==1)

@$construct .="keyword LIKE '%$search_each%'";
else
$construct .="AND keyword LIKE '%$search_each%'";
}

$constructs ="SELECT * FROM search WHERE $construct";
$run = mysql_query($constructs);

@$foundnum = mysql_num_rows($run);

if ($foundnum==0)
echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
else
{ 

echo "$foundnum results found !<p>";

$per_page = 20;
@$start = $_GET['start'];
$max_pages = ceil($foundnum / $per_page);
if(!$start)
$start=0; 
$getquery = mysql_query("SELECT * FROM search WHERE $construct  LIMIT $start,     $per_page");

while($runrows = mysql_fetch_assoc($getquery))
{
$image = $runrows['image'];
$name = $runrows ['name'];
$price = $runrows ['price'];
$url = $runrows ['url'];
echo "<link rel='stylesheet' href='search.css' type='text/css' />";
echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a       href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
//echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";

}
4

1 回答 1

0

试图理解和清理您的代码(尽管在您的示例中某些 if/else 循环似乎未关闭)。添加了一些最小的转义并添加了修剪(如评论中所建议的那样)以防止选择所有数据。我还添加了一个限制 1000(以限制查询可以最大生成的结果数量:

$button = mysql_real_escape_string($_GET['submit']);
$search = trim(mysql_real_escape_string($_GET['search'])); 

if(strlen($search)<=1) {
  echo "Invalid search";
} else {
  echo "You searched for <b>$search</b> <hr size='1'></br>";
  mysql_connect("localhost","root","9889922527");
  mysql_select_db("specifications");

  $search_exploded = explode (" ", $search);

  $x = 0;
  $construct = null;
  foreach($search_exploded as $search_each)
  {
    $x++;
    if($x==1) {
      $construct .="keyword LIKE '%$search_each%'";
    } else {
      $construct .="AND keyword LIKE '%$search_each%'";
    }

    $constructs ="SELECT * FROM search WHERE $construct";
    $run = mysql_query($constructs);

    @$foundnum = mysql_num_rows($run);

    if ($foundnum==0) {
      echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
    } else { 
      echo "$foundnum results found !<p>";

      $per_page = 20;
      @$start = mysql_real_escape_string($_GET['start']);
      $max_pages = ceil($foundnum / $per_page);
      if(!$start) {
        $start=0; 
        $getquery = mysql_query("SELECT * FROM search WHERE $construct LIMIT $start, $per_page");

        while($runrows = mysql_fetch_assoc($getquery))
        {
          $image = $runrows['image'];
          $name = $runrows ['name'];
          $price = $runrows ['price'];
          $url = $runrows ['url'];
          echo "<link rel='stylesheet' href='search.css' type='text/css' />";
          echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a       href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
          //echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";
        }
      }
    }
  }
}
于 2013-07-30T11:17:02.950 回答