我正在为我的网站开发一个简单的搜索引擎,我设法用php和MySQL数据库制作了一个搜索引擎,它可以工作,但只有当我先放一个空格,然后输入时,它才会显示结果,直接在我自己制作的消息中给出输入结果,即没有搜索结果的地方。
示例, 上面是它现在的工作方式,下面是一个没有空格的示例工作方式:
清晰可见的图像链接:https://i.stack.imgur.com/mD0rO.png
这是我的代码:
<!DOCTYPE html>
<html>
<head>
<title>Search</title>
</head>
<body>
<center>
<form action='search.php' method='get'>
<input type='text' name='k' placeholder='Search' size='50' />
<input type='submit' value='Search'>
</form>
<?php
$k = $_GET['k'];
$terms = explode(" ", $k);
$query = "SELECT * FROM search_engine WHERE ";
foreach ($terms as $each){
$i++;
if ($i == 1)
$query .= "keywords LIKE '%$each$' ";
else
$query .= "OR keywords LIKE '%$each%' ";
}
// connect
mysql_connect ("***", "***", "***") or die("Could not connect to database!");
mysql_select_db ("***") or die("Could not find database!");
$query = mysql_query($query);
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($row = mysql_fetch_assoc($query)){
$id = $row['id'];
$title = $row['title'];
$description = $row['description'];
$keywords = $row['keywords'];
$link = $row['link'];
echo "<br><br> Results: $title <br> Description: $description <br> Link: $link ";
}
}
else
echo "<br><br>No results found for $k";
//
?>
</center>
</body>
</html>
有人知道为什么它只适用于输入前的空格吗?此外,我从一些人那里听说代码不保存,有人能告诉我是否可以在不对我的代码进行多次更改的情况下使其成为saver吗。
提前感谢!
您可能应该稍微清理一下您的代码,并保护它免受注入之类的攻击。
但是这些对代码的更改应该会得到想要的结果:
<?php
$results = '';
if(!empty($_GET['k'])) {
$search = trim($_GET['k']);
$sql = explode(" ", $search);
$sql = "keywords LIKE '%" . implode("%' OR keywords LIKE '%", $sql) . "%'";
$sql = "SELECT * FROM search_engine WHERE " . $sql;
mysql_connect ("***", "***", "***") or die("Could not connect to database!");
mysql_select_db ("***") or die("Could not find database!");
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($row = mysql_fetch_assoc($query)){
$id = $row['id'];
$title = $row['title'];
$description = $row['description'];
$keywords = $row['keywords'];
$link = $row['link'];
$results .= "<br><br> Results: {$title} <br> Description: {$description} <br> Link: {$link}";
}
}
else {
$results = "<br><br>No results found for {$search}";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Search</title>
</head>
<body>
<center>
<form action='search.php' method='get'>
<input type='text' name='k' placeholder='Search' size='50' />
<input type='submit' value='Search'>
</form>
<?php echo $results; ?>
</center>
</body>
</html>
数组索引从零开始,当你分解social
时,你会得到:
[0 => 'social']
分解前面有空格的social
可以得到:
[
0 => '',
1 => 'social'
]
在您的循环中,您正在测试$i == 1
,因此它当然只在第二个实例中起作用。
现在,无论如何,这都是错误的做法。
您的代码容易受到SQL注入的影响。请参阅:http://php.net/manual/en/security.database.sql-injection.php和https://stackoverflow.com/a/60496/388566
与其构建这样的查询,不如使用prepared语句和regex,如下所示:
$stmt = $pdo->prepare('SELECT * FROM search_engine WHERE keywords REGEXP :keywords');
$stmt->execute(array('keywords' => 'social|something|something-else|etc'));
确保您正确验证您的关键字:
$keywords = trim($_GET['k'];
if (!preg_match('/^['w's]*$/', $keywords)) {
//validation failed, do no proceed
}
$keywords = implode('|', explode(' ', $keywords)));