0

i have an question about a command that won't give

Notice: Undefined index: q in C:\xampp\htdocs\Capstone - Copy\index.php on line 118

even if the field is empty i have this code for the site that's the only problem where if i don't put a value in my search it will give that error and can i erase the value of get when i reload the site so it will only give the default output that is the whole rows and pictures i'll put a print screen of the site the screen shot is the default view of the site.

>  <?php
> 
>                        $searchtext = $_GET['q'];
> 
> 
>                         $per_page =5;
>                         $pages_query = mysql_query("SELECT COUNT('PersonID') FROM persons");
>                         $pages = ceil(mysql_result($pages_query,0) / $per_page);
> 
>                         $page = (isset($_GET['page'])) ? (int)$_GET['page'] : 1;
>                         $start = ($page - 1) * $per_page;
> 
> 
>    $query=mysql_query("select * from persons where firstname like
> '%$searchtext' or lastname like '%$searchtext' order by date desc
> LIMIT $start,$per_page ");            while($test = mysql_fetch_array($query))
>           {
>               $id = $test['PersonID'];
> 
> 
> 
>                                 echo"<div class = content />";
>               echo"<img height=200 width=200 src='upload/". $test['Image'] ."'/>";
>               echo"" .$test['LastName']." ";
>               echo"". $test['MiddleName']. " ";
>               echo"". $test['FirstName']. "";
>               echo"<right> <a href ='view.php?PersonID=$id'>Edit</a></right>";
>               echo"<right> <a href ='del.php?PersonID=$id'>Delete</a></right>";
>                                 echo"</div>";
> 
> 
> 
>           }
>               if ($pages >=1 && $page <= $pages) {
>                            for ($x=1; $x<=$pages; $x++) {
>                            echo ($x == $page) ? '<strong><a href="?page='.$x.'">'.$x.' </a></strong> ' : '<a
> href="?page='.$x.'">'.$x.' </a>';
>                            }
>                          } ?>
> 
>

screen shot screenshot2

and here's the sample result that won't give an error because there's a default value

screenshot 3

4

2 回答 2

1

如果 $searchtext 不为空,您只想运行查询。

$searchtext = '';
if(isset($_GET['q'])) $searchtext = $_GET['q'];
if($searchtext) {
    //run query
    //display results
} else {
    //display normal page
}

请记住,当你现在拥有这个时,你乞求 SQL 注入攻击。请使用 PDO 并绑定值。

于 2013-07-30T19:54:18.993 回答
1

好吧,如果我理解正确,这应该会有所帮助:

改变这个:$searchtext = $_GET['q'];

对此:$searchText = isset($_GET['q']) ? mysql_real_escape_string($_GET['q']) : "";

小心

请不要再使用 mysql_* 函数,而改用mysqli_函数或PDO。mysql_已弃用 php 5.5,并且 php >= 5.5 不支持。除此之外,我应该提到,您的脚本容易受到 mysql 注入的影响。在将它们插入数据库查询之前,请始终转义您的值!

我的代码示例包含函数mysql_real_escape_string就像我告诉你的那样已弃用。如果您坚持使用 mysql_*,这是您为保护您的应用程序所能做的最少的事情。

于 2013-07-30T19:54:26.817 回答