Fatal编程技术网
  • php/
  • 简单搜索脚本PHP-不显示为可下载文件

简单搜索脚本PHP-不显示为可下载文件

php mysql

简单搜索脚本PHP-不显示为可下载文件,php,mysql,Php,Mysql,我有一个简单的搜索脚本,但我正在搜索的是:存储在我的服务器上的文件。显然,我的回音声明中有错误。 我的表格在另一个文件中,但这不是问题。问题是在我的echo声明中,我将结果作为可下载链接包括在内 <?php # search.php // This page searches the database. // Set the page title and include the HTML header. $page_title = 'Search';

我有一个简单的搜索脚本,但我正在搜索的是:存储在我的服务器上的文件。显然,我的回音声明中有错误。
我的表格在另一个文件中,但这不是问题。问题是在我的echo声明中,我将结果作为可下载链接包括在内

   <?php # search.php
    // This page searches the database.

    // Set the page title and include the HTML header.
    $page_title = 'Search';
    include ('./includes/header.html');

    require_once ('./mysql_connect.php'); // Connect to the database.

    $query = $_GET['query']; 
    // gets value sent over search form

    $min_length = 3;
    // you can set minimum length of the query if you want

    if(strlen($query) >= $min_length){ // if query length is more or equal minimum length   then 

    $query = htmlspecialchars($query); 
    // changes characters used in html to their equivalents, for example: < to &gt;

    $query = mysql_real_escape_string($query);
        // makes sure nobody uses SQL injection

    $raw_results = mysql_query("SELECT * FROM uploads
            WHERE (`file_name` LIKE '%".$query."%') OR ('upload_id' LIKE '%".$query."%') OR     (`description` LIKE '%".$query."%')") or die(mysql_error());

        // * means that it selects all fields, you can also write: `id`, `title`, `text`


        // '%$query%' is what we're looking for, % means anything

        if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following

    while($results = mysql_fetch_array($raw_results)){
    // $results = mysql_fetch_array($raw_results) puts data from database into   array, while it's valid it does the loop

    echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
                // posts results gotten from database(title and text) you can also show id ($results['id'])
            }

        }
        else{ // if there is no matching rows do following
            echo "No results";
        }

    }
    else{ // if query length is less than minimum
        echo "Minimum length is ".$min_length;
    }


    mysql_close(); // Close the database connection.

    ?>

     <?php
 include ('./includes/footer.html');
     ?>

您不断地覆盖$query,最终它所做的只是real\u escape\u string(real\u escape\u string)

还可以在while语句中使用fetch_assoc,这样您就可以只使用$row[]打印结果中的所有行


最后/mysqli mysql_*的rant/update已被弃用
我将重点讨论echo语法本身

您当前的代码:


<?php
    echo "<p><h3>".$results['<a href=\"download_file.php?uid={$results['upload_id']}\">{$results['file_name']}</a>']."</h3>".$results['description']."</p>";
?>






不应该是这样的吗


<?php
    echo "<p><h3><a href=\"download_file.php?uid=" . $results['upload_id']."\">" . $results['file_name'] . "</a></h3>" . $results['description'] . "</p>";
?>