-1
我希望我的HTML代码包含从外部文件运行的php代码。我不断收到错误太多的重定向,我不知道为什么。当运行它没有包含PHP代码在HTML文件中的作品,但我希望PHP代码运行在我的HTML和CSS下面。要求HTML显示PHP
这是我的HTML代码:
<nav id="search">
<form action="./results.php" method="get">
<input type="text" name="q" id="search_bar" placeholder="" value="Search..." maxlength="30" autocomplete="off" onMouseDown="active();" onBlur="inactive();" />
<input type="submit" id="search_button" value="Compare!" />
</form>
</nav>
<section>
<?php include("results.php");?>
</section>
PHP代码搜索栏:
$conn = mysqli_connect("localhost", "root", "project", "videogames");
if(mysqli_connect_errno()){
echo "failed to connect: " .mysqli_connect_error();
}
$output = '';
if(isset($_GET['q']) && $_GET['q'] !== ' '){
$searchq = $_GET['q'];
$q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error());
$c = mysqli_num_rows($q);
if($c == 0){
$output = 'No Search Results for <b>"' . $searchq . '"</b>';
} else {
while($row = mysqli_fetch_array($q)){
$name = $row['name'];
$image_path = $row['image_path'];
$developer_name = $row['developer_name'];
$platform = $row['platform'];
$store = $row['store'];
$price = $row['price'];
$output .= '<br><table class="tg">
<tr>
<th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th>
<th class="tg-031e" colspan="4">' . $name . '</th>
<th class="tg-031e" colspan="2">' . $platform . '</th>
</tr>
<tr>
<td class="tg-031e" colspan="4">' . $developer_name . '</td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
</tr>
<tr>
<td class="tg-031e" colspan="4">£' . $price . '</td>
<td class="tg-031e" colspan="2">' . $store . '</td>
</tr>
<tr>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e"></td>
<td class="tg-031e" colspan="2">Button</td>
</tr>
<br>
</table>';
}
}
} else {
header("location: ./");
}
print("$output");
mysqli_close($conn);
您的代码容易受到[** SQL注入攻击**](https://en.wikipedia.org/wiki/SQL_injection)的影响。你应该使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)准备带有绑定参数的语句,如[**这篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步喷射功能于PHP)。 –
这意味着你永远重定向,你在'else {header(“Location:./”); }'。 'if'语句达到它总是*返回false并转到'else'的状态。 – Nytrix
只适用于SSI https://httpd.apache.org/docs/current/howto/ssi.html – JustOnUnderMillions