Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/235.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP/MySQL字符串搜索查询_Php_Html_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP/MySQL字符串搜索查询

PHP/MySQL字符串搜索查询

php html mysql

PHP/MySQL字符串搜索查询,php,html,mysql,Php,Html,Mysql,我已经建立了一个包含“客户”信息的数据库。我有一个PHP表单来搜索字符串、名字(fname)、姓氏(lname)和电话号码(phone)。出于某种原因,我甚至没有让助手显示这些功能正在工作?我已经一遍又一遍地阅读了这段代码,似乎无法找出我遗漏了什么 <form name="search" method="post" action="<?=$PHP_SELF?>"> Seach for: <input type="text" name="find" /> in

我已经建立了一个包含“客户”信息的数据库。我有一个PHP表单来搜索字符串、名字(fname)、姓氏(lname)和电话号码(phone)。出于某种原因,我甚至没有让助手显示这些功能正在工作?我已经一遍又一遍地阅读了这段代码,似乎无法找出我遗漏了什么

<form name="search" method="post" action="<?=$PHP_SELF?>">
 Seach for: <input type="text" name="find" /> in 
 <Select NAME="field">
 <Option VALUE="fname">First Name</option>
 <Option VALUE="lname">Last Name</option>
 <Option VALUE="phone">Phone #</option>
 </Select>
 <input type="hidden" name="searching" value="yes" />
 <input type="submit" name="search" value="Search" />
 </form>
 <? 
 //This is only displayed if they have submitted the form 
 if ($searching =="yes") 
 { 
 echo "<h2>Results</h2><p>"; 

 //If they did not enter a search term we give them an error 
 if ($find == "") 
 { 
 echo "<p>You forgot to enter a search term"; 
 exit; 
 } 

 // We preform a bit of filtering 
 $find = strtoupper($find); 
 $find = strip_tags($find); 
 $find = trim ($find); 

 //Now we search for our search term, in the field the user specified 
 $data = mysql_query("SELECT * FROM customer WHERE upper($field) LIKE'%$find%'"); 

 //And we display the results 
 while($result = mysql_fetch_array( $data )) 
 { 
 echo $result['fname']; 
 echo " "; 
 echo $result['lname']; 
 echo "<br>"; 
 echo $result['phone']; 
 echo "<br>"; 
 echo "<br>"; 
 } 

 //This counts the number or results - and if there wasn't any it gives them a little message explaining that 
 $anymatches=mysql_num_rows($data); 
 if ($anymatches == 0) 
 { 
 echo "Sorry, but we can not find an entry to match your query<br><br>"; 
 } 

 //And we remind them what they searched for 
 echo "<b>Searched For:</b> " .$find; 
 } 
 ?>

您应该首先创建一个如下所示的查询字符串,然后在
mysql\u query
中使用该字符串,希望这能奏效


str = "SELECT * FROM customer WHERE upper(".$field.") LIKE'%".$find%."'";



您的脚本中有一些错误,我将尽力帮助您:


<? --> <?php


这里也有同样的错误:


if ($_POST['find'] == "") 


在这里:


 $find = strtoupper($_POST['find']); 



再见
 请帮自己一个忙,停止使用
mysql.*
扩展名。它被弃用了。使用PDO或
mysqli.*
,两者都支持更安全的方式:准备语句。您的代码很容易受到注入攻击。但我有一种隐秘的怀疑,那只是这段代码的众多问题之一。我可能错了,但PDO需要插件吗?我对mysqli有点熟悉,看起来很可靠。@如果它作为一个简单的php搜索出现在php.about.com网站上。@Elias,我试图用同样的东西实现MySQLi:我在$stmt->bind_param('s',$POST['lastname')一行遇到了更多错误$stmt->execute()$stmt->store_result();Fonta…很抱歉现在时间还早,我不敢相信我错过了开场白。谢谢你的帮助。

 $find = strtoupper($_POST['find']);