亮点在PHP中的搜索关键字不突出正确

Question

我想强调在PHP中搜索我的搜索结果，但它强调了undesiraby

我用下面

//connection to db 
define('DB_HOST', 'localhost'); 
define('DB_NAME', 'dbname'); 
define('DB_USERNAME','root'); 
define('DB_PASSWORD',''); 

$con = mysqli_connect(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME); 
if(mysqli_connect_error()) echo "Failed to connect to MySQL: " . mysqli_connect_error(); 


//get search term 
$searchTerm = $_GET['term']; 

$result = mysqli_query($con, "SELECT `location` FROM `locations` WHERE TRIM(location) LIKE '%".($_GET['term'])."%'"); 

$data = array(); 
while ($row = mysqli_fetch_assoc($result)) 
{ 

     $name = str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>", $row['location']); 
     array_push($data, $name); 
} 



//return json data 

echo json_encode($data); 

代码可以说我搜索的词makutano 我最终得到的结果类似一个下面显示：

我希望它只是突出makutano，但它不能按预期工作。

如果我删除str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>"代码我的结果将低于

我的数据库位置为diplayed图像中看上去像

我在哪里从去错了我码？任何帮助将不胜感激

Answer 1

如果你想显示你必须将字符串（我与implode()做）的信息，而不是创建一个JSON对象：一旦你创建一个字符串

//get search term 
$searchTerm = htmlspecialchars($_GET['term']); 

$result = mysqli_query($con, "SELECT `location` FROM `locations` WHERE TRIM(`location`) LIKE '%".($_GET['term'])."%'"); 

$data = array(); 
while ($row = mysqli_fetch_assoc($result)) 
{ 
    $name = $row['location']; 
    array_push($data, $name); 
} 

$string = '"' . implode('","', $data) . '"'; 
$newString = str_replace($searchTerm, "<span style='background-color:pink;'>$searchTerm</span>", $string); 
echo $newString; 

那么您可以执行替换以将标记添加到字符串。

---

Your script is at risk for SQL Injection Attacks.了解了MySQLi约prepared语句。我通过使用htmlspecialchars()完成了此代码中的最低限度。