我有一個搜索輸入來搜索所需的主題。我能夠顯示適當的結果,我希望顯示結果,但用戶只能在登錄時進入鏈接,否則顯示消息框「您必須登錄才能進入其他頁面」。這裏的問題是我似乎無法顯示錯誤信息。我想顯示的結果,即使用戶沒有或登錄。只是,指示他到另一個頁面顯示錯誤消息,並且他必須登錄或他不能被定向只有登錄後才能重定向用戶
<form class="search">
<div class="form-group input">
<div class="icon-addon">
<input type="text" name="type" class="st-search" id="search" placeholder="Search" autocomplete="off" >
<label for="email" class="glyphicon glyphicon-search" rel="tooltip" title="email"></label>
</div>
<h4 id="results-text">Showing: <b id="search-string">Output</b></h4>
<ul id="results"></ul>
</div>
</form>
find.php
<?php
$dbhost = "hostname";
$dbname = "databasename";
$dbuser = "root";
$dbpass = "";
global $task_db;
$task_db = new mysqli();
$task_db->connect($dbhost, $dbuser, $dbpass, $dbname);
$task_db->set_charset("utf8");
if ($task_db->connect_errno) {
printf("You can't connect: %s\n", $task_db->connect_error);
exit();
}
session_start();
$_SESSION['login'] = true;
// If user is not logged in
if(!$_SESSION['login']){
$message = 'You are not logged in';
echo $message;
die;
}
//if user is logged in, user can be redirected to the link. Something is not right here
else{
$html = '';
$html .= '<li class="result">';
$html .= '<a target="_blank" href="url">';
$html .= '<h3>name</h3>';
$html .= '</a>';
$html .= '</li>';
$search = preg_replace("/[^A-Za-z0-9]/", " ", $_POST['query']);
$search = $task_db->real_escape_string($search);
if (strlen($search) >= 1 && $search !== ' ') {
$query = 'SELECT * FROM tablename WHERE columnname LIKE "%'.$search_string.'%"';
$result = $task_db->query($query) or trigger_error($task_db->error."[$query]");
while($results = $result->fetch_array()) {
$result_array[] = $results;
}
if (isset($result_array)) {
foreach ($result_array as $result) {
$name = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search."</b>", $result['subject_Name']);
//display url
$url = 'https://www.google.com/'.urlencode($result['subject_Name']).'&lang=en';
$output = str_replace('name', $name, $html);
$output = str_replace('url', $url, $output);
echo($output);
}
}else{
// No Results found
}
}
}
?>
** WARNING **:當使用'mysqli'你應該使用[參數化查詢(HTTP:// PHP。 net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)添加用戶數據到您的查詢。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲如果您忘記正確地轉義某些內容,您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。 – tadman
從find.php中刪除'$ _SESSION ['login'] = true;'應該從您的登錄頁面設置此變量。 – mulquin