我試圖讓php代碼搜索數據庫並返回所有匹配的「park_name」,但它表示搜索變量是未定義的,並且也僅從數據庫返回一個公園。 這是我對搜索代碼:爲什麼我的搜索工作不正常?
<form method="post" action="Search_page.php" name="search" id="Search">
<label for="search">Search:</label><input type="text" name="Search" id="search" />
<input type="submit" name="submit" value="Search"/>
</form>
<?php
if(isset($_POST['search'])){
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search); }
$sql="SELECT Park_name, street FROM park_list WHERE park_name LIKE '%$search%'";
//query db
$result = $db->query($sql);
?>
</div>
<?php while ($row = $result->fetch_assoc()) { ?>
<div class="results">
<h2><?php echo $row['Park_name']?></h2> </br>
<p><?php echo $row['street']?></p>
</div>
<?php } ?>
'Search' =='search' – Ghost
儘量打斷你的字符串和CONCAT!或者像這樣添加{}:''%{$ search}%'「 – Xenofexs
[Little Bobby](http://bobby-tables.com/)說*** [您的腳本存在SQL注入攻擊風險。] (http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –