0

嗨,我正在创建一个带有搜索框的站点,这已经在 asp 中完成,我在 php 中重做它(我也是新的),它将带你到另一个页面,它使用 sql 搜索数据库。search-process.php 文件如下

<?php
$db = realpath("db\unibookv2.mdb");
$conn = new COM('ADODB.Connection') or exit('Cannot start ADO.');
$connStr = "PROVIDER=Microsoft.Jet.OLEDB.4.0;
Data Source=$db";
$conn->Open($connStr);



$sql = "SELECT * FROM ubuser WHERE usr_firstname LIKE '%" . $_REQUESTS['searchinput'] .  "%' OR usr_lastname LIKE '%" . $_REQUESTS['searchinput'] . "%' ORDER BY '%" . $_REQUESTS['orderlist'] . "%' ";

$userRs = $conn->Execute($sql);
if (!$userRs)
    {exit("DBMS Error..!");}
?>


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>PHP Search Results - ADO-COM connection!</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/unibookStyle.css" />
</head>
<!-- #include FILE="include/header.asp") -->


<body>
<div id="container"><!-- start container -->

<h2>USER DATABASE</h2>

<!-- start of dynamic html page -->
<h2>PHP/ADO-COM (MS Access) basic parameterised example</h2>
<h3>You searched for : '<?php echo $_REQUEST['searchinput']; ?>' - 

<hr align="left" width="658" />

<?php
// example of testing for EOF in resultset  
if (!$userRs->EOF)
{
echo "one or more records found<br />";
}
else
{
echo "sorry, no records found<br />";
}
?>

<!-- start of html table -->
    <table border="0" width="758" cellspacing="0" cellpadding="3">

    <!-- create the first (heading) row in standard HTML -->
    <tr class="tableheading">
        <td><b>Usr_id</b></td><td><b>firstname</b></td><td>&nbsp;<b>lastname</b></td><td>&nbsp;</td>

    </tr>
<!-- loop in PHP to retrieve all records -->
<?php
    $nrecs=0;
    while (!$userRs->EOF) { 
    $nrecs++;   
    ?>
    <tr>
    <!-- use in-line PHP to display the data -->
        <td><?php echo $userRs->Fields['usr_id']->Value ?></td>
        <td><?php echo $userRs->Fields['usr_firstname']->Value ?></td>
        <td><?php echo $userRs->Fields['usr_lastname']->Value ?></td>
    </tr>
    <!-- important line as it moves the resultset 'cursor' -->
    <?php $userRs->MoveNext() ?>
<?php } ?>
</table>


<?php
// close and destroy object instances
$userRs->Close();
$conn->Close();

$userRs = null;
$conn = null;

// display records found to page
echo "<br />Number of records found: " . $nrecs;
?>

<p>&nbsp;</p>
<hr align="left" width="658">

<input type="button" value="< Back to Search Page" OnClick="top.location='default.asp'">

<!-- #include FILE="include/sidebar.asp") -->

<!-- #include FILE="include/footer.asp") -->
</div>
<!-- end main page content -->

</body>
</html>

这是我得到的关于未定义变量的错误,我假设这是“[searchinput]”两次,一次是“[orderlist]”

Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10 Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10 Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10

其他问题是使用的搜索词不起作用并且顺序也是,但我感觉这些问题将通过同一件事解决

4

1 回答 1

5

它必须是$_REQUEST而不是。还要$_REQUESTS注意sql 注入,因为您直接使用这些值。使用准备 statemnts 来防止 sql 注入。

从文档

$_REQUEST 是一个关联数组,默认包含 $_GET 的内容,

$_POST 和 $_COOKIE。$_REQUEST 中的变量是通过 GET、POST 和 COOKIE 输入机制提供给脚本的,因此可以由远程用户修改并且不可信。此数组中列出的变量的存在和顺序是根据 PHP variables_order 配置指令定义的

您可以查看php 文档 了解更多信息

于 2013-11-06T13:00:08.430 回答