如何在新窗口中回顯搜索查詢結果?

[英]how to echo out search query results in new window?


I'm trying to figure out how to echo search results into a new window.

我正在試圖弄清楚如何將搜索結果回顯到一個新窗口。

Basically a user can type in the search bar location, name etc and it will bring up 5 user results of how ever many users exist for that result. This is to limit space usage. Then a user can click view more results and is taken to another page where it carry's the query across and should echo out only those users matching the query in the search; i.e those users in 'london'.

基本上,用戶可以鍵入搜索欄位置,名稱等,它將顯示5個用戶結果,表明該結果有多少用戶。這是為了限制空間使用。然后,用戶可以單擊查看更多結果,並將其帶到另一個頁面,在該頁面中進行查詢,並且應僅回顯那些與搜索中的查詢匹配的用戶;即那些在'倫敦'的用戶。

But at the moment all my users are displaying and i don't know why this is. can someone please show me where I'm going wrong. Thanks.

但目前我的所有用戶都在顯示,我不知道為什么會這樣。有人可以告訴我我哪里出錯了。謝謝。

Here's my search.php page limiting search results to 5:

這是我的search.php頁面,將搜索結果限制為5:

<?php
//PHP CODE STARTS HERE

if(isset($_GET['submit'])){

// Change the fields below as per the requirements
$db_host="localhost";
$db_username="root";
$db_password="";
$db_name="";
$db_tb_atr_name="display_name";

//Now we are going to write a script that will do search task
// leave the below fields as it is except while loop, which will display results on screen

mysql_connect("$db_host","$db_username","$db_password");
mysql_select_db("$db_name");

$query=mysql_real_escape_string($_GET['query']);


$query_for_result=mysql_query("SELECT *
                        FROM ptb_stats
                        WHERE display_name like '%".$query."%' OR location LIKE '%".$query."%' OR age LIKE '%".$query."%' OR nationality LIKE '%".$query."%' OR ethnicity LIKE '%".$query."%' OR hobbies LIKE '%".$query."%' OR local_station LIKE '%".$query."%' LIMIT 5");
echo "<div class=\"search-results\">";
while($data_fetch=mysql_fetch_array($query_for_result))

{

    echo "<div class=\"text\"><a href=\"profile.php?id={$data_fetch['user_id']}\" class=\"search\">";
    echo "<div class=\"spacing\"><img width=35px height= 30px src=\"data/photos/{$data_fetch['user_id']}/_default.jpg\" class=\"boxgridsearch\"/> "; 
     echo substr($data_fetch[$db_tb_atr_name], 0,160);
    echo "</a></div></div>";

}
echo "<div class=\"morebutton-search\"><a href=\"search_results.php?to=%$query%\" target=\"_blank\" \">+ view more results</a></div>";


mysql_close();
}

?>

And Here's my more_search_results.php page to display all results matching query:

這是我的more_search_results.php頁面,顯示匹配查詢的所有結果:

<?php
$db_host="localhost";
$db_username="root";
$db_password="";
$db_name="";
$db_tb_atr_name="display_name";

//Now we are going to write a script that will do search task
// leave the below fields as it is except while loop, which will display results on screen

mysql_connect("$db_host","$db_username","$db_password");
mysql_select_db("$db_name");

$query=mysql_real_escape_string($_GET['query']);


$query_for_result=mysql_query("SELECT *
                        FROM ptb_stats
                        WHERE display_name like '%".$query."%' OR location LIKE '%".$query."%' OR age LIKE '%".$query."%' OR nationality LIKE '%".$query."%' OR ethnicity LIKE '%".$query."%' OR hobbies LIKE '%".$query."%' OR local_station LIKE '%".$query."%'");
echo "<div class=\"search-results\">";
while($data_fetch=mysql_fetch_array($query_for_result))

{

    echo "<div class=\"boxgrid caption\"><a href=\"profile.php?id={$data_fetch['user_id']}\"><img width=140px height=180px src=\"data/photos/{$data_fetch['user_id']}/_default.jpg\"><div class=\"cover boxcaption\">"; ?>
    <h58><? echo substr($data_fetch[$db_tb_atr_name], 0,160);?></a></h58> 
    </div>
    </div>
<? } ?>

1 个解决方案

#1


0  

You're trying to get a variable called query when you actually passed to in your link. You get all records because your query is testing for LIKE '%%', which will match everything.

當您實際傳遞到鏈接中時,您正試圖獲取一個名為query的變量。您獲得所有記錄,因為您的查詢正在測試LIKE'%%',它將匹配所有內容。

This line is wrong...

這條線錯了......

echo "<div class=\"morebutton-search\"><a href=\"search_results.php?to=%$query%\" target=\"_blank\" \">+ view more results</a></div>";

It should be...

它應該是...

echo "<div class=\"morebutton-search\"><a href=\"search_results.php?query=$query\" target=\"_blank\" \">+ view more results</a></div>";

Also, notice how you're already applying the wildcard % in more_search_results.php so sending the extra %s in the parameter is unnecessary.

另外,請注意您已經在more_search_results.php中應用通配符%,因此不需要在參數中發送額外的%s。

Please note: you should refrain from using the mysql_ family of functions. They are deprecated and unsafe. Using them could lead to a SQL Injection. You should resort to using parametized queries with either MySQLi or PDO.

請注意:您應該避免使用mysql_系列函數。它們已被棄用且不安全。使用它們可能會導致SQL注入。您應該使用MySQLi或PDO的參數化查詢。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2013/02/03/724e69d0f99acc015d49e85e81beed61.html



 
粤ICP备14056181号  © 2014-2020 ITdaan.com