我开始为我的小型房地产业务创建一个网站.我玩了一些函数http://www.php.net mysql,我设法通过AJAX访问页面并返回搜索引擎的html内容.
我有一个已经填充了公寓和房屋的数据库
问题是如果公寓名称是"公寓"我返回html内容,如果"公寓有3个房间"它不再写任何东西.
我不明白我错在哪里:
<?php
$search = $_GET['selected'];
$link = mysql_connect('localhost', 'root', '');
mysql_select_db('houses', $link);
function searchHouse($search, $link){
$query = "select * from houses where name=$search limit 1";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$query2 = "select * from houses_info where house_id=$row[id]";
$result2 = mysql_query($query2);
$row = mysql_fetch_assoc($result2);
return $row;
}
$result = searchHouse($search, $link);
echo $result['house_sq'];
echo "<br>";
echo $result['house_rooms'];
echo "<br>";
echo $result['house_bathrooms'];
echo "<br>";
echo $result['house_address'];
?>
mysql_*功能已弃用且不再维护.它是页面顶部的红色框,通知您.MySQL喷射孔那里,你没有逃避$string可言$string如:'$string'PDO来摆脱坏的代码和SQL注入漏洞.你可以将这2个选项包装成一个选择:
<?php
function searchHouse($search, $link){
$search = mysql_real_escape_string($search);
$query = "select * from houses_info where house_id IN (select * from houses where name='".$search."' limit 1)";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
return $row;
}
?>
既然你已经开始建立那个网站了,你可以开始学习PDO,阅读本教程,你的代码会更像这样:
<?php
$db = new PDO('mysql:host=localhost;dbname=houses;charset=UTF-8', 'root', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$search = $_GET['selected'];
function searchHouse($search){
global $db;
$query = $db->prepare("select * from houses_info where house_id IN (select * from houses where name=:search limit 1)");
$query->execute(array(':search' => $search));
$row = $query->fetch(PDO::FETCH_ASSOC);
return $row;
}
$result = searchHouse($search);
?>