【发布时间】:2020-10-30 22:37:45
【问题描述】:
我正在使用 PHP 建立一个在线商店(不是真实的)。我有一个搜索结果页面和一个完整的规格页面,完整的规格页面运行良好,但是当我创建一个也可以正常运行的购物车页面时,搜索结果页面不再返回任何内容。我在注释掉 if 语句和 while 语句时发现“未找到项目”消息确实有效,但如果这是有效搜索,则无法让它返回任何内容。几天后,我仍然无法弄清楚问题所在。我将包括添加到购物篮和表单代码,因为该表单也包含在有效的完整规格页面中。如果您能指出我正确的方向,将不胜感激。
**Search Bar code**
<?php
global $ConnectingDB;
if (isset($_GET["SearchButton"])) {
}
?>
<form class="mt-5" method="GET" action="searchResults.php" style="width: 100%;">
<div class="form-group">
<input class="form-control mb-2" type="text" name="Search" placeholder="Search for Item" value="">
<button class="btn btn-success" name="SearchButton" style="width: 100%;">Search</button>
</div>
</form>
搜索结果代码
$db = mysqli_connect("localhost", "root", "", "computerStore") or die (mysqli_error());
require_once("includes/functions.php");
require_once("includes/sessions.php");
include("addingToBasket.php");
?>
<html>
<head>
<title>Search Results</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.6.3/css/all.css">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<link rel="stylesheet" href="styles.css">
</head>
<body>
<?php
include("navbar.php");
?>
<div style="height: 15%;"></div>
<div class="container mt-5">
<?php
echo ErrorMessage();
echo SuccessMessage();
?>
<div class="row">
<div class="col-lg-12">
<?php
if (isset($_GET["productNumber"])) {
$Search = $db->real_escape_string($_GET["Search"]);
$sql = $db->query("SELECT * FROM products WHERE productName LIKE '%$Search%' OR productNumber LIKE '%$Search%' OR briefProductInfo LIKE '%$Search%'");
$result = new mysqli($db, $sql) or die("bad query: $sql");
$row = mysqli_fetch_assoc($result);
$count = mysqli_num_rows($result);
echo $count;
//stmt = $db->query($sql);
//$row = $stmt->fetchAll();
//echo count($row).' rows selected';
if ($sql->mysqli_num_rows > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$ProductName = $row["productName"];
$ProductNumber = $row["productNumber"];
$ProductType = $row["productType"];
$BriefProductInfo = $row["briefProductInfo"];
$FullProductInfo = $row["fullProductInfo"];
$Image = $row["image"];
$Price = $row["price"];
$Quantity = $row["quantity"];
include("form.php");
}
} else {
?> <div class="container"><h2><?php echo "Item has not been found, please try another search"; ?></h2></div>
<?php
}
}
?>
</div>
</div>
</div>
</body>
</html>
添加到购物篮代码
<?php
if (!(isset($_SESSION['cart']))) {
$_SESSION['cart'] = array();
} else {
echo "";
}
if (isset($_GET['clear'])) {
$_SESSION['cart'] = array();
}
if (isset($_GET['productNumber']) && isset($_GET['quantity'])) {
$ProductNumber = $_GET['productNumber'];
$Quantity = $_GET['quantity'];
if ($Quantity > 0) {
if(isset($_SESSION['cart'][$ProductNumber])) {
$_SESSION['cart'][$ProductNumber] += $Quantity;
} else {
$_SESSION['cart'][$ProductNumber] = $Quantity;
$_SESSION["SuccessMessage"] = "Item has been successfully added to your basket, feel free to continue shopping if there are more items to wish to purchase. However if you
do wish to buy now, amend the item quantity or you added the item by mistake and wish to remove it, please select the view basket link.";
}
}
}
?>
表格
while ($row = mysqli_fetch_assoc($result)) {
?>
<h2 class="mb-5"><?php echo $row["productName"] ?> - <?php echo $row["briefProductInfo"] ?></h2>
<p class="text-center mb-5"><?php echo $row["productNumber"] ?></p>
<img class="img-fluid mx-auto d-block mt-5 mb-5" src="images/<?php echo $row["image"] ?>" alt="Product Image">
<p style="text-align: justify;"><?php echo $row["fullProductInfo"] ?></p>
<h1 class="mt-5 mb-5" style="color: red;">£<?php echo $row["price"] ?></h1>
<p style="text-align: center;" id="numberAvailable"><?php echo $row["quantity"] ?> Available</p>
<form method="get" action="<?php $_SERVER["PHP_SELF"] ?>">
<div class="row mt-5 mb-5">
<div class="col-lg-2">
<p style="font-size: 170%;" id="numberRequested">Quantity</p>
</div>
<div class="col-lg-2 mt-1">
<select class="pt-2 pb-2" name="quantity" class="form-control" id="numberRequestedPulldown">
<?php
if ($row["quantity"] >= 5) {
for ($i = 1; $i <= 5; $i++) {
?>
<option value="<?php echo $i; ?>"><?php echo $i; ?></option>
<?php
}
} else {
for ($i = 1; $i <= $row["quantity"]; $i++) {
?> <option value="<?php echo $i; ?>"><?php echo $i; ?></option>
<?php
}
}
?>
</select>
<input type='hidden' name='productNumber' id='productNumber' value='<?php echo $row['productNumber'] ?>'>
</div>
<div class="col-lg-4 mt-1">
<input type="submit" class="btn btn-success btn-block" id="addToBasketLink" value="Add to Basket">
</div>
<div class="col-lg-4 mt-1">
<a href="computerStore.php?page=1" class="btn btn-danger btn-block">Return to Items List</a>
</div>
</div>
</form>
<?php
}
?>
【问题讨论】:
-
警告:您的代码容易受到MySQL Injections的攻击。
-
一些提示: 1.
isset()可以接受多个参数,所以isset($_GET['productNumber']) && isset($_GET['quantity'])可以变成isset($_GET['productNumber'], $_GET['quantity'])。 2. 如果value与文本相同,则声明<option>的value属性永远不会有任何好处。 3. 你应该只使用准备好的语句。 -
看这个:
$sql = $db->query("SELECT * FROM products WHERE productName LIKE '%$Search%' OR productNumber LIKE '%$Search%' OR briefProductInfo LIKE '%$Search%'"); $result = new mysqli($db, $sql)...你使用连接变量$db来执行一个mysqli-oop风格的查询查询,然后将结果对象保存到$sql。 (变量名的选择很糟糕——我推荐$result。)接下来,您尝试通过向它提供预先存在的连接对象($db)和查询的结果对象($sql)来实例化一个新的mysqli连接对象)。 php.net/manual/en/mysqli.construct.php -
我认为这是题外话错字,因为未来的研究人员不太可能如此偏离 php 手册并使用现有的 mysqli 连接变量调用新的 mysqli 连接。放弃您当前的技术并使用 mysqli 的 oop 样式准备好的语句。
-
那是否意味着 $sql = $result->query(SQL 语句)