2017-04-25 35 views
-1

我希望我的HTML代码包含从外部文件运行的php代码。我不断收到错误太多的重定向,我不知道为什么。当运行它没有包含PHP代码在HTML文件中的作品,但我希望PHP代码运行在我的HTML和CSS下面。要求HTML显示PHP

这是我的HTML代码:

<nav id="search"> 
     <form action="./results.php" method="get"> 
      <input type="text" name="q" id="search_bar" placeholder="" value="Search..." maxlength="30" autocomplete="off" onMouseDown="active();" onBlur="inactive();" /> 
      <input type="submit" id="search_button" value="Compare!" /> 
     </form> 
    </nav> 

    <section> 

     <?php include("results.php");?> 

    </section> 

PHP代码搜索栏:

$conn = mysqli_connect("localhost", "root", "project", "videogames"); 

if(mysqli_connect_errno()){ 
    echo "failed to connect: " .mysqli_connect_error(); 
} 

$output = ''; 

if(isset($_GET['q']) && $_GET['q'] !== ' '){ 
    $searchq = $_GET['q']; 


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error()); 

    $c = mysqli_num_rows($q); 
    if($c == 0){ 
     $output = 'No Search Results for <b>"' . $searchq . '"</b>'; 
    } else { 
     while($row = mysqli_fetch_array($q)){ 
      $name = $row['name']; 
      $image_path = $row['image_path']; 
      $developer_name = $row['developer_name']; 
      $platform = $row['platform']; 
      $store = $row['store']; 
      $price = $row['price']; 

      $output .= '<br><table class="tg"> 
         <tr> 
          <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th> 
          <th class="tg-031e" colspan="4">' . $name . '</th> 
          <th class="tg-031e" colspan="2">' . $platform . '</th> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">' . $developer_name . '</td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">£' . $price . '</td> 
          <td class="tg-031e" colspan="2">' . $store . '</td> 
          </tr> 
          <tr> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e" colspan="2">Button</td> 

         </tr> 
         <br> 
         </table>'; 

     } 
    } 
} else { 
    header("location: ./"); 
} 
print("$output"); 
mysqli_close($conn); 
+8

您的代码容易受到[** SQL注入攻击**](https://en.wikipedia.org/wiki/SQL_injection)的影响。你应该使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)准备带有绑定参数的语句,如[**这篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步喷射功能于PHP)。 –

+0

这意味着你永远重定向,你在'else {header(“Location:./”); }'。 'if'语句达到它总是*返回false并转到'else'的状态。 – Nytrix

+0

只适用于SSI https://httpd.apache.org/docs/current/howto/ssi.html – JustOnUnderMillions

回答

0

你并不真的需要在那里header('Location: ...')

试试这样说:

$conn = mysqli_connect("localhost", "root", "project", "videogames"); 

if(mysqli_connect_errno()){ 
    echo "failed to connect: " .mysqli_connect_error(); 
} 

$output = ''; 

if(isset($_GET['q']) && $_GET['q'] !== ' '){ 
    $searchq = $_GET['q']; 


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error()); 

    $c = mysqli_num_rows($q); 
    if($c == 0){ 
     $output = 'No Search Results for <b>"' . $searchq . '"</b>'; 
    } else { 
     while($row = mysqli_fetch_array($q)){ 
      $name = $row['name']; 
      $image_path = $row['image_path']; 
      $developer_name = $row['developer_name']; 
      $platform = $row['platform']; 
      $store = $row['store']; 
      $price = $row['price']; 

      $output .= '<br><table class="tg"> 
         <tr> 
          <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th> 
          <th class="tg-031e" colspan="4">' . $name . '</th> 
          <th class="tg-031e" colspan="2">' . $platform . '</th> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">' . $developer_name . '</td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          </tr> 
          <tr> 
          <td class="tg-031e" colspan="4">£' . $price . '</td> 
          <td class="tg-031e" colspan="2">' . $store . '</td> 
          </tr> 
          <tr> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e"></td> 
          <td class="tg-031e" colspan="2">Button</td> 

         </tr> 
         <br> 
         </table>'; 

     } 

     echo $output; 
    } 

    mysqli_close($conn); 
} 

没事的时候已被搜查。但你将浏览器重定向;这意味着它会保持重定向,导致超时。

祝你好运!

NOTE:除此之外,请看Alex Howansky在评论中写的内容。您的代码不安全,安全。