mysql查询返回整个表

  • Z时代
  • 2024-01-10
  • 分类:问答

我正在使用这个PHP执行搜索,但它从表中返回所有内容,而不是与搜索相关的任何内容......我也遇到了“mysqli_real_escape_string”错误,但我不是确定它是否相关。mysql查询返回整个表

<?php 
$con=mysqli_connect("***","***","***","***"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
    <title>Search results</title> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <link rel="stylesheet" type="text/css" href="style.css"/> 
</head> 
<body> 
<?php 
    $query = $_GET['query']; 
    // gets value sent over search form 
    $min_length = 3; 
    // you can set minimum length of the query if you want 
    if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then 
     $query = htmlspecialchars($query); 
     // changes characters used in html to their equivalents, for example: < to &gt; 
     $query = mysqli_real_escape_string($query); 
     // makes sure nobody uses SQL injection 
     $raw_results = mysqli_query($con,"SELECT * FROM test_table 
      WHERE ('email' LIKE '%".$query."%') OR ('pw' LIKE '%".$query."%')") or die(mysqli_error()); 
     if(mysqli_num_rows($raw_results) > 0){ // if one or more rows are returned do following 
      echo "<table border='1'> 
      <tr> 
      <th>email</th> 
      <th>pw</th> 
      </tr>"; 
      while($results = mysqli_fetch_array($raw_results)){ 
      // $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop 
       echo "<tr><td>".$results['email']."</td><td>".$results['pw']."</td></tr>"; 
       //echo "<p><h3>".$results['email']."</h3>".$results['pw']."<br/>".$results['ID']."</p>"; 
      } 
     } 
     else{ // if there is no matching rows do following 
      echo "No results"; 
     } 
    } 
    else{ // if query length is less than minimum 
     echo "Minimum length is ".$min_length; 
    } 
?> 
</body> 
</html>

回答:

您的查询不正确。你应该使用反引号,而不是引用

$raw_results = mysqli_query($con,"SELECT * FROM test_table 
     WHERE (`email` LIKE '%".$query."%') OR (`pw` LIKE '%".$query."%')") or 
die(mysqli_error());

此外,mysqli_real_escape_string要求第一个参数是$ CON

$query = mysqli_real_escape_string($con, $query);

回答:

WHERE ('email' LIKE '%".$query."%') OR ('pw' LIKE '%".$query."%')"

你是错的逸出列名,他们应该被转义反引号,而不是单引号;

'email' -- the string "email". 
`email` -- the column "email".

换句话说,它应该是;

WHERE (`email` LIKE '%".$query."%') OR (`pw` LIKE '%".$query."%')"

作为一个侧面说明,你会更好使用参数化查询比建查询作为使用mysqli_real_escape_string()字符串。这对安全性更好,并且它使查询可以缓存到数据库中。

如果您打算将它与过程类型调用一起使用(就像您一样),您需要将连接作为第一个参数传递给它;

$query = mysqli_real_escape_string($con, $query);

回答:

您需要引用不同的查询。试试这个:

"SELECT * FROM test_table WHERE (`email` LIKE '%" . $query . "%') OR (`pw` LIKE '%" . $query . "%')"

而且你mysqli_real_escape_string需要在它的$ CON喜欢:

mysqli_real_escape_string($con, $query)

以上是 mysql查询返回整个表 的全部内容, 来源链接: utcz.com/qa/265563.html

回到顶部