21,886
社区成员
发帖
与我相关
我的任务
分享
<html>
<head>
<title> Book-O-Rama Catalog Search</title>
</head>
<body>
<h1>Book-O-Rama Catalog Search</h1>
<?php
//create short variable names
$searchtype=$_POST['searchtype'];
$searchterm=trim($_POST['searchterm']);
if (!$searchtype || !$searchterm) {
exit('You have not entered search detais,please go back again');
}
if (!get_magic_quotes_gpc()){
$searchtype=addslashes($searchtype);
$searchterm=addslashes($searchterm);
}
@ $db=new mysqli('localhost','root','password','books');
if (mysqli_connect_errno()){
echo "could not connect to database,please try again later.".mysqli_connect_errno();
exit;
}else {
$sql ="select * from books where".$searchtype."like'%".$searchterm."%'";
$result=$db->query($sql);
$num_result=$result->num_rows;
for ($i=0;$i<=$num_result;$i++){
$row=$result->fetch_assoc();
echo "<p>".($i+1)."title:";
echo htmlspecialchars(stripslashes($row['author']));
echo "Author:".stripslashes($row->newsauthor);
echo "ISBN:".stripslashes($row->newsISBN);
echo "price:".stripslashes($row->newsprice)."</p>";
}
}
$result->free();
$db->colse();
?>
</body>
</html>
$sql ="select * from books where ".$searchtype." like '%".$searchterm."%'";
if ($result=$db->query($sql)) {
$num_result=$result->num_rows;
for ($i=0;$i<=$num_result;$i++){
$row=$result->fetch_assoc();
echo "<p>".($i+1)."title:";
echo htmlspecialchars(stripslashes($row['author']));
echo "Author:".stripslashes($row->newsauthor);
echo "ISBN:".stripslashes($row->newsISBN);
echo "price:".stripslashes($row->newsprice)."</p>";
}
}else{
echo "fail.";
exit;
}