1. 首頁
  2. 問答
  3. 要求HTML顯示PHP

要求HTML顯示PHP

2017-04-25 26 views
-1

我希望我的HTML代碼包含從外部文件運行的php代碼。我不斷收到錯誤太多的重定向,我不知道爲什麼。當運行它沒有包含PHP代碼在HTML文件中的作品,但我希望PHP代碼運行在我的HTML和CSS下面。要求HTML顯示PHP

這是我的HTML代碼:

<nav id="search"> 
     <form action="./results.php" method="get"> 
      <input type="text" name="q" id="search_bar" placeholder="" value="Search..." maxlength="30" autocomplete="off" onMouseDown="active();" onBlur="inactive();" /> 
      <input type="submit" id="search_button" value="Compare!" /> 
     </form> 
    </nav> 

    <section> 

     <?php include("results.php");?> 

    </section>

PHP代碼搜索欄:

$conn = mysqli_connect("localhost", "root", "project", "videogames"); 

if(mysqli_connect_errno()){ 
    echo "failed to connect: " .mysqli_connect_error(); 
} 

$output = ''; 

if(isset($_GET['q']) && $_GET['q'] !== ' '){ 
    $searchq = $_GET['q']; 


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error()); 

    $c = mysqli_num_rows($q); 
    if($c == 0){ 
     $output = 'No Search Results for <b>"' . $searchq . '"</b>'; 
    } else { 
     while($row = mysqli_fetch_array($q)){ 
      $name = $row['name']; 
      $image_path = $row['image_path']; 
      $developer_name = $row['developer_name']; 
      $platform = $row['platform']; 
      $store = $row['store']; 
      $price = $row['price']; 

      $output .= '<br><table class="tg"> 
         <tr> 
          <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th> 
          <th class="tg-031e" colspan="4">' . $name . '</th> 
          <th class="tg-031e" colspan="2">' . $platform . '</th> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">' . $developer_name . '</td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">£' . $price . '</td> 
          <td class="tg-031e" colspan="2">' . $store . '</td> 
          </tr> 
          <tr> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e" colspan="2">Button</td> 

         </tr> 
         <br> 
         </table>'; 

     } 
    } 
} else { 
    header("location: ./"); 
} 
print("$output"); 
mysqli_close($conn);

來源

2017-04-25 Mr_Ash

+8

您的代碼容易受到[** SQL注入攻擊**](https://en.wikipedia.org/wiki/SQL_injection)的影響。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –

+0

這意味着你永遠重定向,你在'else {header(「Location:./」); }'。 'if'語句達到它總是*返回false並轉到'else'的狀態。 – Nytrix

+0

只適用於SSI https://httpd.apache.org/docs/current/howto/ssi.html – JustOnUnderMillions

回答

0

你並不真的需要在那裏header('Location: ...')

試試這樣說:

$conn = mysqli_connect("localhost", "root", "project", "videogames"); 

if(mysqli_connect_errno()){ 
    echo "failed to connect: " .mysqli_connect_error(); 
} 

$output = ''; 

if(isset($_GET['q']) && $_GET['q'] !== ' '){ 
    $searchq = $_GET['q']; 


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error()); 

    $c = mysqli_num_rows($q); 
    if($c == 0){ 
     $output = 'No Search Results for <b>"' . $searchq . '"</b>'; 
    } else { 
     while($row = mysqli_fetch_array($q)){ 
      $name = $row['name']; 
      $image_path = $row['image_path']; 
      $developer_name = $row['developer_name']; 
      $platform = $row['platform']; 
      $store = $row['store']; 
      $price = $row['price']; 

      $output .= '<br><table class="tg"> 
         <tr> 
          <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th> 
          <th class="tg-031e" colspan="4">' . $name . '</th> 
          <th class="tg-031e" colspan="2">' . $platform . '</th> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">' . $developer_name . '</td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">£' . $price . '</td> 
          <td class="tg-031e" colspan="2">' . $store . '</td> 
          </tr> 
          <tr> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e" colspan="2">Button</td> 

         </tr> 
         <br> 
         </table>'; 

     } 

     echo $output; 
    } 

    mysqli_close($conn); 
}

沒事的時候已被搜查。但你將瀏覽器重定向;這意味着它會保持重定向,導致超時。

祝你好運!

NOTE:除此之外,請看Alex Howansky在評論中寫的內容。您的代碼不安全,安全。

來源

2017-04-25 14:35:55 Thoby

相關問題

 相關問題