-1
我希望我的HTML代碼包含從外部文件運行的php代碼。我不斷收到錯誤太多的重定向,我不知道爲什麼。當運行它沒有包含PHP代碼在HTML文件中的作品,但我希望PHP代碼運行在我的HTML和CSS下面。要求HTML顯示PHP
這是我的HTML代碼:
<nav id="search">
<form action="./results.php" method="get">
<input type="text" name="q" id="search_bar" placeholder="" value="Search..." maxlength="30" autocomplete="off" onMouseDown="active();" onBlur="inactive();" />
<input type="submit" id="search_button" value="Compare!" />
</form>
</nav>
<section>
<?php include("results.php");?>
</section>
PHP代碼搜索欄:
$conn = mysqli_connect("localhost", "root", "project", "videogames");
if(mysqli_connect_errno()){
echo "failed to connect: " .mysqli_connect_error();
}
$output = '';
if(isset($_GET['q']) && $_GET['q'] !== ' '){
$searchq = $_GET['q'];
$q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error());
$c = mysqli_num_rows($q);
if($c == 0){
$output = 'No Search Results for <b>"' . $searchq . '"</b>';
} else {
while($row = mysqli_fetch_array($q)){
$name = $row['name'];
$image_path = $row['image_path'];
$developer_name = $row['developer_name'];
$platform = $row['platform'];
$store = $row['store'];
$price = $row['price'];
$output .= '<br><table class="tg">
<tr>
<th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th>
<th class="tg-031e" colspan="4">' . $name . '</th>
<th class="tg-031e" colspan="2">' . $platform . '</th>
</tr>
<tr>
<td class="tg-031e" colspan="4">' . $developer_name . '</td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
</tr>
<tr>
<td class="tg-031e" colspan="4">£' . $price . '</td>
<td class="tg-031e" colspan="2">' . $store . '</td>
</tr>
<tr>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e" colspan="2">Button</td>
</tr>
<br>
</table>';
}
}
} else {
header("location: ./");
}
print("$output");
mysqli_close($conn);
您的代碼容易受到[** SQL注入攻擊**](https://en.wikipedia.org/wiki/SQL_injection)的影響。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –
這意味着你永遠重定向,你在'else {header(「Location:./」); }'。 'if'語句達到它總是*返回false並轉到'else'的狀態。 – Nytrix
只適用於SSI https://httpd.apache.org/docs/current/howto/ssi.html – JustOnUnderMillions