简单搜索脚本PHP-不显示为可下载文件
我有一个简单的搜索脚本,但我正在搜索的是:存储在我的服务器上的文件。显然,我的回音声明中有错误。简单搜索脚本PHP-不显示为可下载文件,php,mysql,Php,Mysql,我有一个简单的搜索脚本,但我正在搜索的是:存储在我的服务器上的文件。显然,我的回音声明中有错误。 我的表格在另一个文件中,但这不是问题。问题是在我的echo声明中,我将结果作为可下载链接包括在内 <?php # search.php // This page searches the database. // Set the page title and include the HTML header. $page_title = 'Search';
我的表格在另一个文件中,但这不是问题。问题是在我的echo声明中,我将结果作为可下载链接包括在内
<?php # search.php
// This page searches the database.
// Set the page title and include the HTML header.
$page_title = 'Search';
include ('./includes/header.html');
require_once ('./mysql_connect.php'); // Connect to the database.
$query = $_GET['query'];
// gets value sent over search form
$min_length = 3;
// you can set minimum length of the query if you want
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM uploads
WHERE (`file_name` LIKE '%".$query."%') OR ('upload_id' LIKE '%".$query."%') OR (`description` LIKE '%".$query."%')") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text`
// '%$query%' is what we're looking for, % means anything
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
// posts results gotten from database(title and text) you can also show id ($results['id'])
}
}
else{ // if there is no matching rows do following
echo "No results";
}
}
else{ // if query length is less than minimum
echo "Minimum length is ".$min_length;
}
mysql_close(); // Close the database connection.
?>
<?php
include ('./includes/footer.html');
?>
您不断地覆盖$query,最终它所做的只是real\u escape\u string(real\u escape\u string)
还可以在while语句中使用fetch_assoc,这样您就可以只使用$row[]打印结果中的所有行
最后/mysqli mysql_*的rant/update已被弃用我将重点讨论echo语法本身
您当前的代码:
<?php
echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
?>
不应该是这样的吗
<?php
echo "<p><h3><a href=\"download_file.php?uid=" . $results['upload_id']."\">" . $results['file_name'] . "</a></h3>" . $results['description'] . "</p>";
?>