搜索显示所有产品 [英] Search is showing all the products
问题描述
您好,当我从我在MYSQL中插入的所有产品都出现的关键字中搜索产品时,请帮助我,这是搜索的代码 我已按照评论中的内容进行了更正,但一直无法正常工作
Hello when i am searching a product from its keywords that i inserted in MYSQL all the products are appearing please help me this is the code of the search i corrected as in the comments but it is till not working
这是我的整个结果页
<!DOCTYPE html>
<?php
include ("functions/functions.php");
?>
<html>
<head>
<title>eRiviera</title>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="styles/style.css" media="all"/>
<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script>
<script src="js/menubarscript.js"></script>
</head>
<body>
<div class="main_wrapper">
<ul class="btn-circles">
<li><a href="#" class="round green">Login<span class="round">That is, if you already have an account.</span></a></li>
<li><a href="#" class="round red">Sign Up<span class="round">But only if you really, really want to.</span></a></li>
</ul>
<!--Header starts here-->
<div class="header_wrapper">
<!--Logo-->
<img id="logo" src="http://localhost/ecommerce/images/logo.png" width="500px" height="300px" alt="Logo" />
<!--Logo-->
</div>
<!--Header ends here-->
<!--Menu bar starts here-->
<div id='cssmenu'>
<ul>
<li class='active'><a href='index.php'>Home</a></li>
<li><a href='#'>Products</a></li>
<li><a href='#'>About</a></li>
<li><a href='#'>Contact</a></li>
<p style="float:right; margin-right:140px; margin-top:21px; color:red;">Welcome Guest!</p>
<li><a id="shopping_cart" style="margin:14px 0 0 0;left:750px; color:blue; font-size:12px;" href="cart.php">Shopping Cart</a></li>
</ul>
</div>
<form class="form-wrapper cf">
<input type="text" name="user_query" placeholder="Search here..." required>
<form method="get" action="results.php" enctype="multipart/form-data">
<button type="submit" name="search" value="Search">Search</button>
</form>
<ul id="cats">
<?php getCats(); ?>
</ul>
<!--Menu bar ends here-->
<!--Content wrapper starts here-->
<div class="content_wrapper">
<div id="content_area">
<div id="products_box">
<?php
if(isset$_GET['search'])) {
$search_query = $_GET['user_query'];
$get_pro = "select * from products where product_keywords like '%$search_query%'";
$run_pro = mysqli_query($con, $get_pro);
while($row_pro = mysqli_fetch_array($run_pro)) {
$pro_id = $row_pro['product_id'];
$pro_cat = $row_pro['product_cat'];
$pro_brand = $row_pro['product_brand'];
$pro_title = $row_pro ['product_title'] ;
$pro_price = $row_pro['product_price'];
$pro_image = $row_pro['product_image'];
echo "
<div id='single_product'>
<h3 id='product_title'>$pro_title</h3>
<img src='admin_area/product_images/$pro_image' width='180' height='200' />
<p><b> $ $pro_price <b></p>
<a id='details-button' href='details.php?pro_id=$pro_id'>Details</a>
<a href='index.php?pro_id=$pro_id'><button class='button'>Add to Cart</button></a>
</div>
";
}
}
?>
?>
</div>
</div>
</div>
<!--Content wrapper ends here-->
<div id="footer">
<h5 style="text-align:center; padding-top:30px;">©2014 eRiviera All Rights Reserved</h5>
</div>
<!--Main wrapper ends here-->
</body>
</html>
推荐答案
您的表单结构不正确-"user_query"字段不在表单之外,因此将永远不会设置$_GET['user_query'].尝试更改此内容:
Your form is not properly structured - the "user_query" field is outside of the form so $_GET['user_query'] would never be set. Try changing this:
<form class="form-wrapper cf">
<input type="text" name="user_query" placeholder="Search here..." required>
<form method="get" action="results.php" enctype="multipart/form-data">
<button type="submit" name="search" value="Search">Search</button>
</form>
对于这样的事情:
<div class="form-wrapper cf">
<form method="get" action="results.php" enctype="multipart/form-data">
<input type="text" name="user_query" placeholder="Search here..." required>
<button type="submit" name="search" value="Search">Search</button>
</form>
</div>
此外,正如其他几个人指出的那样,这很容易受到SQL注入的影响.这篇文章讨论了与您非常相似的情况:如何防止SQL注入在PHP中?
Also, as several others have noted, this is susceptible to SQL injection. This post discusses a scenario very similar to yours: How can I prevent SQL injection in PHP?
我强烈建议您通过验证服务运行生成的代码,以捕获html中的错误.确保使用生成的html(从浏览器中查看源代码"中复制),而不只是使用php文件中的代码,因为验证程序不会理解PHP. WWW联盟有一个很好的工具: http://validator.w3.org/#validate_by_input
I strongly suggest you run your generated code through a validation service in order to catch errors in your html. Be sure to use the generated html (copy from "view source" in browser), not just the code from your php file because the validator won't understand the PHP. The WWW Consortium has a good tool: http://validator.w3.org/#validate_by_input
这篇关于搜索显示所有产品的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
