MYSQL Search - PHP Form_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-24 09:10 出处：网络

相关专题：php search

<div class="searchbox">
    <form action="Search.php" method="get">
       <fieldset>
          <input id="$search" placeholder="Search for a Product" type="text" />
          <input id="submit" type="hidden" />
       </fieldset>
    </form>
</div>
<div id="content">
<ul>        
<?php

$host = "xxx"; 
$user = "xxx"; 
$pass = "xxx"; 
$db = "xxx"; 

mysql_connect($host, $user, $pass); 
mysql_select_db($db); 
unset($host,$user,$pass,$db); 


//$query = "SELECT produkt FROM checklist WHERE id IS "1";  
$query = "SELECT produkt FROM checklist WHERE id LIKE '%$search%'";  
$result = mysql_query($query); 
  while ($row = mysql_fetch_array($result)) 
{ 

echo "<li><span class='name'><b>$row[produkt]</b><br /></span><span class='comment'><i>Tierische Stoffe: </i>$row[tierisch]</span><i> Alkohol: </i>$row[alkohol]</span></span></li>";
  }  
?>

Something seems to be wrong with my searchbox. At the moment I just see all items from my database and I want to see the one I am searching for.

So like this ?

<div class="searchbox">
    <form action="Search.php" method="get">
       <fieldset>
          <input id="search" placeholder="Search for a Product" type="text" />
          <input id="submit" type="hidden" />
       </fieldset>
    </form>
</div>开发者_如何学Go
<div id="content">
<ul>        
<?php

$host = "xxx"; 
$user = "xxx"; 
$pass = "xxx"; 
$db = "xxx"; 

mysql_connect($host, $user, $pass); 
mysql_select_db($db); 
unset($host,$user,$pass,$db); 

$search = $_POST['search'];

$query = "SELECT produkt FROM checklist WHERE id LIKE '%".$_POST['search']."%'";
//$query = "SELECT produkt FROM checklist WHERE id LIKE '%$search%'";  
$result = mysql_query($query);

<input id="$search" placeholder

Do you need the $ here ? It should become:

<input id="search" placeholder

To access the GET variables from inside your search query use the $_GET array, like this:

$query = "SELECT produkt FROM checklist WHERE id LIKE '%{$_GET['search']}%'";

But to be on the safe side and avoid mysql injections, you may want to do it like this:

$search = mysql_real_escape_string($_GET['search']);
$query = "SELECT produkt FROM checklist WHERE id LIKE '%{$search}%'";

Edit: forgot the name attribute n the input:

<input name="search" id="search" placeholder="Search for a Product" type="text" />

then in your php

$search = mysql_real_escape_string($_GET['search']);
$query = "SELECT produkt FROM checklist WHERE id LIKE '%{$search}%'";

$result = mysql_query($query); 
while ($row = mysql_fetch_array($result)){  
    echo "<li><span class='name'><b>{$row['produkt']}</b></span></li>";
}

This:

 <input id="$search" placeholder="Search for a Product" type="text" />

Should be (no $ in ID):

<input id="search" placeholder="Search for a Product" type="text" />

And your query should be:

$query = "SELECT produkt FROM checklist WHERE id LIKE '%".$_POST['search']."%'";

Variables from forms get passed to the script(in this case it's the same page), so you have to retrieve them with $_POST.

You did not set the value of $search. You need to update your form to include an element with name="search" and add a line of PHP like the following just before the query: