2016-12-01 107 views
-2

我是PHP中的新手。我正在尋找功能,但它工作不正常,我找不到原因。問題是; $查詢已被髮送和接受好然而它在數據庫中找不到$查詢,即使$查詢存在。我認爲,$ sql命令可能在某處出錯,但無論如何都找不到。謝謝。根據用戶輸入搜索數據庫

這裏是我的代碼:?asset_search.php

<?php 
//Search data in database 
$query = $_GET['query']; 
$min_length = 3; 

if(strlen($query) >= $min_length) 
{ 
    //$query = htmlspecialchars($query); 
    //$query = mysql_real_escape_string($query); 
    $query = strtoupper($query); 
    $sql = "SELECT * FROM asset WHERE ('asset_name' LIKE '%".$query."%')"; 
    $result = mysqli_query($conn, $sql); 
    $row_cnt = mysqli_num_rows($result); 

    $count = 0; 

    if($row_cnt > 0) 
    { 
     echo "<table style='padding: 5px; font-size: 15px;'>"; 
     echo "<tr><th style='width: 30px; border: 1px solid black; align:'center''>No</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Status</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Sub-identifier</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Name</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Type</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Brand</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Service Tag/ Product Tag/ Product S/N</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>CSM Tag</th>"; 
     echo "<th style='width: 200px; border: 1px solid black; align:'center''>Action</th></tr>"; 

     while($row = mysqli_fetch_assoc($result)) 
     { 
      echo "<tr><td align='center'>" . ++$count . "</td>"; 
      echo "<td align='center'>" . $row["asset_status"] . "</td>"; 
      echo "<td align='center'><a href='asset_viewfull.php?asset_id=" . $row["asset_id"] . "'><ins>" . $row["asset_subidentifier"] . "</a></ins></td>"; 
      echo "<td align='center'>" . $row["asset_name"] . "</td>"; 
      echo "<td align='center'>" . $row["asset_type"] . "</td>"; 
      echo "<td align='center'>" . $row["asset_brand"] . "</td>"; 
      echo "<td align='center'>" . $row["asset_sertag"] . "</td>"; 
      echo "<td align='center'>" . $row["asset_csmtag"] . "</td>"; 

      if($row["asset_status"] == "DISPOSE") 
      { 
        echo "<td align='center'><a href='asset_delete.php?asset_id=" . $row["asset_id"] . "'>Delete</a>"; 
        echo " "; 
        echo "<a href='asset_print.php?asset_id=" . $row["asset_id"] . "'>Print</a></td></tr>"; 
      }else 
      { 
        echo "<td align='center'><a href='asset_editform.php?asset_id=" . $row["asset_id"] . "'>Edit</a>"; 
        echo " "; 
        echo "<a href='asset_delete.php?asset_id=" . $row["asset_id"] . "'>Delete</a>"; 
        echo " "; 
        echo "<a href='asset_disposeform.php?asset_id=" . $row["asset_id"] . "'>Dispose</a>"; 
        echo " "; 
        echo "<a href='asset_print.php?asset_id=" . $row["asset_id"] . "'>Print</a></td></tr>"; 
      } 
     } 

     }else 
     { 
      echo "<tr> There is no asset in the database </tr>"; 
     } 
     echo "</table>"; 
} 
else 
{ 
    echo "<script languange = 'Javascript'> 
      alert('Minimum length is' .$min_length);</script>"; 
} 

//Close connection 
mysqli_close($conn); 
$count = 0; 

>

+0

您可以直接在SQL控制檯上運行查詢並查看結果嗎? 'SELECT * FROM asset WHERE(asset_name LIKE'%your query string here%')' – Raptor

+0

[hello SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-在-PHP) – Sammitch

回答

0

更改查詢到以下幾點:

SELECT * FROM資產WHERE(`asset_name` LIKE「% 「。$ query。」%')

請注意``圍繞asset_name而不是''

0

你應該試試這個沒有括號有時trows退出搜索,

$sql = "SELECT * FROM asset WHERE `asset_name` LIKE '%{$query}%'"; 

我這是怎麼瓶坯這項任務,從來沒有讓我失望呢!