亮點在PHP中的搜索關鍵字不突出正確

Question

我想強調在PHP中搜索我的搜索結果，但它強調了undesiraby

我用下面

//connection to db 
define('DB_HOST', 'localhost'); 
define('DB_NAME', 'dbname'); 
define('DB_USERNAME','root'); 
define('DB_PASSWORD',''); 

$con = mysqli_connect(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME); 
if(mysqli_connect_error()) echo "Failed to connect to MySQL: " . mysqli_connect_error(); 


//get search term 
$searchTerm = $_GET['term']; 

$result = mysqli_query($con, "SELECT `location` FROM `locations` WHERE TRIM(location) LIKE '%".($_GET['term'])."%'"); 

$data = array(); 
while ($row = mysqli_fetch_assoc($result)) 
{ 

     $name = str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>", $row['location']); 
     array_push($data, $name); 
} 



//return json data 

echo json_encode($data); 

代碼可以說我搜索的詞makutano 我最終得到的結果類似一個下面顯示：

我希望它只是突出makutano，但它不能按預期工作。

如果我刪除str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>"代碼我的結果將低於

我的數據庫位置爲diplayed圖像中看上去像

我在哪裏從去錯了我碼？任何幫助將不勝感激

Answer 1

如果你想顯示你必須將字符串（我與implode()做）的信息，而不是創建一個JSON對象：一旦你創建一個字符串

//get search term 
$searchTerm = htmlspecialchars($_GET['term']); 

$result = mysqli_query($con, "SELECT `location` FROM `locations` WHERE TRIM(`location`) LIKE '%".($_GET['term'])."%'"); 

$data = array(); 
while ($row = mysqli_fetch_assoc($result)) 
{ 
    $name = $row['location']; 
    array_push($data, $name); 
} 

$string = '"' . implode('","', $data) . '"'; 
$newString = str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>", $string); 
echo $newString; 

那麼您可以執行替換以將標記添加到字符串。

---

Your script is at risk for SQL Injection Attacks.瞭解了MySQLi約prepared語句。我通過使用htmlspecialchars()完成了此代碼中的最低限度。