使用下拉搜索时出错-mySQL/php
当我尝试在mySQL搜索中加入下拉选项时,我不断遇到以下错误: 警告:in_array()要求参数2为数组,布尔值在第24行给出 有人能帮忙吗?非常感谢你 搜索页面:使用下拉搜索时出错-mySQL/php,php,mysql,Php,Mysql,当我尝试在mySQL搜索中加入下拉选项时,我不断遇到以下错误: 警告:in_array()要求参数2为数组,布尔值在第24行给出 有人能帮忙吗?非常感谢你 搜索页面: <?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?> <?php require($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?> <?ph
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php include("../includes/header-home.php"); ?>
<div class="container">
<div class="col=md-12">
<p><strong>Search:</strong></p>
<form name="form1" method="post" action="search_results.php">
<p><input name="search" type="text" size="40" maxlength="50"/></p>
<p><strong>Type:</strong></p>
<input type="checkbox" name="type[]" value="1"> Medalist</p>
<select name="medal[]">
<option value="1">Medal 1</option>
<option value="2">Medal 2</option>
<option value="3">Medal 3</option>
<option value="4">Medal 4</option>
<option value="5">Medal 5</option>
<option value="6">Medal 6</option>
<option value="7">Medal 7</option>
<option value="8">Medal 8</option>
</select>
<p><strong>Year:</strong></p>
<p><input name="search" type="text" size="40" maxlength="50"/></p>
<p><input type="submit" name="submit" value="Search" /></p>
</form>
</div></div>
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/footer.php");?>
搜索:
类型:
奖牌获得者
奖牌1
奖牌2
奖牌3
奖牌4
奖牌5
奖牌6
奖牌7
奖牌8
年份:
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php
if (!isset ($_POST['search'])) {
header("Location:admin.php");
}
$search_sqli="SELECT * FROM profiles WHERE
(first_name LIKE '%".$_POST ['search']."%'
OR last_name LIKE '%".$_POST ['search']."%'
OR first_name2 LIKE '%".$_POST ['search']."%'
OR last_name2 LIKE '%".$_POST ['search']."%'
OR last_name2 LIKE '%".$_POST ['search']."%'
OR city LIKE '%".$_POST ['search']."%'
OR agency LIKE '%".$_POST ['search']."%'
OR subcomponent LIKE '%".$_POST ['search']."%'
OR team_name LIKE '%".$_POST ['search']."%'
OR achievement LIKE '%".$_POST ['search']."%'
OR profile LIKE '%".$_POST ['search']."%'
OR year LIKE '%".$_POST ['search']."%')"
. (isset($_POST['type']) && in_array('1', $_POST['type']) ? " AND medalist='1'" : "")
. (isset($_POST['medal']) && in_array('1', (int)$_POST['medal'] > 0) ? " AND medal='".(int)$_POST['medal']."'" : "");
$search_query=mysqli_query($connection, $search_sqli);
if (mysqli_num_rows($search_query) !=0) {
$search_rs=mysqli_fetch_assoc($search_query);
}
?>
<?php include("../includes/header-home.php"); ?>
<div class="container">
<div class="col=md-12">
<p>Search:</p>
<form name="form1" method="post" action="search_results.php">
<input name="search" type="text" size="40" maxlength="50"/>
<input type="submit" name="submit" value="Search" />
</form>
<br />
<p><strong>Search Results:</strong></p>
<?php if (mysqli_num_rows($search_query) !=0) {
do {
?>
<p><ul>
<li><a href="view_profile.php?profile=<?php echo urlencode($search_rs["id"]); ?>"><?php echo $search_rs['first_name']; ?> <?php echo $search_rs['last_name']; ?> <?php echo $search_rs['first_name2']; ?> <?php echo $search_rs['last_name2']; ?></a></li></ul></p>
<?php } while ($search_rs=mysqli_fetch_assoc($search_query));
} else {
echo "No results found";
}
?>
<br />
<p> <a class="btn btn-default" href="search.php" role="button">Back to search</a></p>
</div></div>
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/footer.php");?>
快速修复方法是进行以下更改:
(isset($_POST['medal']) && is_array($_POST['medal']) && in_array('1', $_POST['medal']) === true)
正如建议的那样,您应该仔细阅读如何处理和过滤用户输入数据并将其保存到数据库。此处:在数组中('1',$\u POST['type'))
在_array的第二个参数不是数组。它是您发布为“type”的任何值,并且您在第二个实例中执行类似的操作。我相信您可以将使用in_阵列的两条线替换为:
. (isset($_POST['type']) && $_POST['type']=='1' ? " AND medalist='1'" : "")
. (isset($_POST['medal']) && (int)$_POST['medal'] > 0 ? " AND medal='".(int)$_POST['medal']."'" : "");
我还建议重写代码的第一部分:
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php
if (!isset ($_POST['search'])) {
header("Location:admin.php");
}
将成为:
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");
require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");
require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");
if (!isset ($_POST['search'])) { header("Location:admin.php"); }
$search = $_POST['search'];
$type = (isset($_POST['type']) ? "AND medalist = '1'" : "";
$medal = (isset($_POST['medal']) ? "AND medal = '{$_POST['medal']}' : "";
$search_sqli = "
SELECT * FROM profiles WHERE (
first_name LIKE '%{$search}%'
OR last_name LIKE '%{$search}%'
OR first_name2 LIKE '%{$search}%'
OR last_name2 LIKE '%{$search}%'
OR last_name2 LIKE '%{$search}%'
OR city LIKE '%{$search}%'
OR agency LIKE '%{$search}%'
OR subcomponent LIKE '%{$search}%'
OR team_name LIKE '%{$search}%'
OR achievement LIKE '%{$search}%'
OR profile LIKE '%{$search}%'
OR year LIKE '%{$search}%'
)
{type}
{$medal}
";
$search_query = mysqli_query($connection, $search_sqli);
if (mysqli_num_rows($search_query) !=0) {
$search_rs=mysqli_fetch_assoc($search_query);
}
include("../includes/header-home.php");
?>
警告:SQL注入攻击面临风险!我建议你读一读:嗯,这行已经开始工作了,我实际上正在尝试修复这行:。(isset($_POST['medal'])和&in_数组('1',(int)$_POST['medal']>0)?“和medal=”(int)$_POST['medal']。“:”);所以它会从我的下拉菜单中调用“奖牌”对不起,我已经将我的答案修改为上面的谢谢你,非常感谢所有这些信息。我真的很感谢你的帮助。当我像你建议的那样更改我的in数组行时,查询工作正常!但是,当我尝试用您发布的内容替换我的所有开始代码时,我发现语法错误似乎无法修复:(没问题!很高兴我能帮上忙。很抱歉,我到目前为止还没有看到你的评论,但我看到你自己找到了答案,这可能会更好。问题出在哪里。如果它在我的代码中,我会编辑它,以便它能在将来帮助别人。
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");
require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");
require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");
if (!isset ($_POST['search'])) { header("Location:admin.php"); }
$search = $_POST['search'];
$type = (isset($_POST['type']) ? "AND medalist = '1'" : "";
$medal = (isset($_POST['medal']) ? "AND medal = '{$_POST['medal']}' : "";
$search_sqli = "
SELECT * FROM profiles WHERE (
first_name LIKE '%{$search}%'
OR last_name LIKE '%{$search}%'
OR first_name2 LIKE '%{$search}%'
OR last_name2 LIKE '%{$search}%'
OR last_name2 LIKE '%{$search}%'
OR city LIKE '%{$search}%'
OR agency LIKE '%{$search}%'
OR subcomponent LIKE '%{$search}%'
OR team_name LIKE '%{$search}%'
OR achievement LIKE '%{$search}%'
OR profile LIKE '%{$search}%'
OR year LIKE '%{$search}%'
)
{type}
{$medal}
";
$search_query = mysqli_query($connection, $search_sqli);
if (mysqli_num_rows($search_query) !=0) {
$search_rs=mysqli_fetch_assoc($search_query);
}
include("../includes/header-home.php");
?>