每次我打开/刷新页面时,它都会打印“您没有提交..”错误。如何防止这种情况并防止 mysql 注入?
这是我的第一个真正有效的 mysql 数据库搜索,所以请放轻松。我只是想确保如果我把它放上去,它不会被强奸。
<form action='trytosearch.php' method='GET'>
<center>
<h1>My Search Engine</h1>
<input type='text' size='90' name='search'></br></br>
<input type='submit' name='submit' value='Search here' ></br></br></br>
</center>
<?php
$button = $_GET ['submit'];
$search = $_GET ['search'];
if(!$button)
echo "you didn't submit a keyword";
else
{
if(strlen($search)<=1)
echo "Search term too short";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","me_abc","pass");
mysql_select_db("table");
$search_exploded = explode (" ", $search);
foreach($search_exploded as $search_each)
{
$x++;
if($x==1)
$construct .="keywords LIKE '%$search_each%'";
else
$construct .="AND keywords LIKE '%$search_each%'";
}
$construct ="SELECT * FROM listoga_db WHERE $construct";
$run = mysql_query($construct);
$foundnum = mysql_num_rows($run);
if ($foundnum==0)
echo "Sorry, there are no matching result for <b>$search</b>.</br>";
else
{
echo "$foundnum results found !<p>";
while($runrows = mysql_fetch_assoc($run))
{
$title = $runrows ['title'];
$desc = $runrows ['description'];
$link = $runrows ['link'];
echo "
<a href='$link'><b>$title</b></a><br>
";
}
}
}
}
?>