-2
我是PHP中的新手。我正在寻找功能,但它工作不正常,我找不到原因。问题是; $查询已被发送和接受好然而它在数据库中找不到$查询,即使$查询存在。我认为,$ sql命令可能在某处出错,但无论如何都找不到。谢谢。根据用户输入搜索数据库
这里是我的代码:?asset_search.php
<?php
//Search data in database
$query = $_GET['query'];
$min_length = 3;
if(strlen($query) >= $min_length)
{
//$query = htmlspecialchars($query);
//$query = mysql_real_escape_string($query);
$query = strtoupper($query);
$sql = "SELECT * FROM asset WHERE ('asset_name' LIKE '%".$query."%')";
$result = mysqli_query($conn, $sql);
$row_cnt = mysqli_num_rows($result);
$count = 0;
if($row_cnt > 0)
{
echo "<table style='padding: 5px; font-size: 15px;'>";
echo "<tr><th style='width: 30px; border: 1px solid black; align:'center''>No</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Status</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Sub-identifier</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Name</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Asset Type</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Brand</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Service Tag/ Product Tag/ Product S/N</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>CSM Tag</th>";
echo "<th style='width: 200px; border: 1px solid black; align:'center''>Action</th></tr>";
while($row = mysqli_fetch_assoc($result))
{
echo "<tr><td align='center'>" . ++$count . "</td>";
echo "<td align='center'>" . $row["asset_status"] . "</td>";
echo "<td align='center'><a href='asset_viewfull.php?asset_id=" . $row["asset_id"] . "'><ins>" . $row["asset_subidentifier"] . "</a></ins></td>";
echo "<td align='center'>" . $row["asset_name"] . "</td>";
echo "<td align='center'>" . $row["asset_type"] . "</td>";
echo "<td align='center'>" . $row["asset_brand"] . "</td>";
echo "<td align='center'>" . $row["asset_sertag"] . "</td>";
echo "<td align='center'>" . $row["asset_csmtag"] . "</td>";
if($row["asset_status"] == "DISPOSE")
{
echo "<td align='center'><a href='asset_delete.php?asset_id=" . $row["asset_id"] . "'>Delete</a>";
echo " ";
echo "<a href='asset_print.php?asset_id=" . $row["asset_id"] . "'>Print</a></td></tr>";
}else
{
echo "<td align='center'><a href='asset_editform.php?asset_id=" . $row["asset_id"] . "'>Edit</a>";
echo " ";
echo "<a href='asset_delete.php?asset_id=" . $row["asset_id"] . "'>Delete</a>";
echo " ";
echo "<a href='asset_disposeform.php?asset_id=" . $row["asset_id"] . "'>Dispose</a>";
echo " ";
echo "<a href='asset_print.php?asset_id=" . $row["asset_id"] . "'>Print</a></td></tr>";
}
}
}else
{
echo "<tr> There is no asset in the database </tr>";
}
echo "</table>";
}
else
{
echo "<script languange = 'Javascript'>
alert('Minimum length is' .$min_length);</script>";
}
//Close connection
mysqli_close($conn);
$count = 0;
>
您可以直接在SQL控制台上运行查询并查看结果吗? 'SELECT * FROM asset WHERE(asset_name LIKE'%your query string here%')' – Raptor
[hello SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-在-PHP) – Sammitch