xboxundone
05-03-2006, 02:01 PM
The code below is kept in a file called search.php I call this file with an include to the index page performing a search function. The issue is the search is in the top right corner and the results end up appearing in the top right corner instead of in the main text part of the page.I use and include to make the search work on my main index page. The problem is when someone searches it replaces the search box with the results in the same section when i want it to post the results in the main section... your help is appareciated.
// Get the absolute path for including files
$path = __FILE__;
$path = str_replace('search.php', '', $path);
include_once($path . 'settings.php');
echo '<form action="' , $_SERVER['PHP_SELF'] , '?action=search" method="post">
<table border=0>
<td valign=top>Search For a Specific Magazine:</td><td valign=top><input id="keyword" name="keyword" size="32" type="text"><br>
<td valign=top><input type=submit value="Search" name="ok"></td>
</table>
</form>';
if ($_GET['action'] == 'search')
{
$search = addslashes($_POST['keyword']); // THIS FUNCTION IS EXTREMEMLY IMPORTANT!
// How would you like it if a user tried to search with a mysql_query command
// and deleted you'r entire db?
// This funtion says NO to things like that :P
// All searches with characters like this will be edited: ", ', \, NULL,
// And added slashes. nice function!
$connection = mysql_connect ($db_server, $db_user, $db_passwd) or die("Could not connect to db");
$database = mysql_select_db($db_name, $connection);
$result = mysql_query('SELECT * FROM ' . $db_prefix . 'news WHERE maintext LIKE "%' . $search . '%" OR titletext LIKE "%' . $search . '%"', $connection);
if($search == '%') { // We do not want the user to search for % (it would output everything)
echo 'Please type a valid search keyword!';
}
elseif($search == '') { // We do not want the user to search for nothing
echo 'Please type a valid search keyword!';
}
else
{
echo '<u>Result of your search (<i>' , $search , '</i>):<br><br></u>';
$i = 1;
While ($row = mysql_fetch_assoc($result)) {
echo $i ;
echo ".";
echo " ";
echo '<a href="news-' . $row['id'] . '.html">' , stripslashes($row['subject']) , '</a><br><br>';
$i++;
}
// Get the absolute path for including files
$path = __FILE__;
$path = str_replace('search.php', '', $path);
include_once($path . 'settings.php');
echo '<form action="' , $_SERVER['PHP_SELF'] , '?action=search" method="post">
<table border=0>
<td valign=top>Search For a Specific Magazine:</td><td valign=top><input id="keyword" name="keyword" size="32" type="text"><br>
<td valign=top><input type=submit value="Search" name="ok"></td>
</table>
</form>';
if ($_GET['action'] == 'search')
{
$search = addslashes($_POST['keyword']); // THIS FUNCTION IS EXTREMEMLY IMPORTANT!
// How would you like it if a user tried to search with a mysql_query command
// and deleted you'r entire db?
// This funtion says NO to things like that :P
// All searches with characters like this will be edited: ", ', \, NULL,
// And added slashes. nice function!
$connection = mysql_connect ($db_server, $db_user, $db_passwd) or die("Could not connect to db");
$database = mysql_select_db($db_name, $connection);
$result = mysql_query('SELECT * FROM ' . $db_prefix . 'news WHERE maintext LIKE "%' . $search . '%" OR titletext LIKE "%' . $search . '%"', $connection);
if($search == '%') { // We do not want the user to search for % (it would output everything)
echo 'Please type a valid search keyword!';
}
elseif($search == '') { // We do not want the user to search for nothing
echo 'Please type a valid search keyword!';
}
else
{
echo '<u>Result of your search (<i>' , $search , '</i>):<br><br></u>';
$i = 1;
While ($row = mysql_fetch_assoc($result)) {
echo $i ;
echo ".";
echo " ";
echo '<a href="news-' . $row['id'] . '.html">' , stripslashes($row['subject']) , '</a><br><br>';
$i++;
}