Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: Search Help

  1. #1
    Regular Coder
    Join Date
    Nov 2004
    Location
    Perth, UK
    Posts
    105
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Search Help

    I am trying to write a search form for my website which uses PHP and SQL. The SQL works fine, but the PHP doesn't.

    The user types in a value, and the PHP is supposed to return results based on that value. For example, if the value was 'Game', then all the games available to download would be displayed.

    The PHP code is as follows:
    Code:
    <?php
      // create short variable names
      $searchterm=$HTTP_POST_VARS['searchterm'];
      
      @ $db = mysql_pconnect(server:port', 'username', 'password');
    
      if (!$db)
      {
         echo 'Error: Could not connect to database.  Please try again later.';
         exit;
      }
    
      mysql_select_db('chris_college');
      $query = "select * from programs where progtype = '$searchterm'";
      
      $result = mysql_query($query);
      $num_results = mysql_num_rows($result);
    	print $query ;
      echo '<p>Number of results found: '. $num_results .'</p>';
      for ($i = 0; $i < $num_results; $i++)
      {
         $row = mysql_fetch_array($result);
         echo "Title: ", $row['title'];
         echo '<br>';
         echo "Version: ",$row['version'];
         echo '<br>';
         echo "Type: ", $row['progtype'];
    	 echo '<br>';
    	 echo "Link: ", $row['link'];
         echo '</p>';
      }
    ?>
    You will notice where it says 'print $query'. I put that in to see if the PHP was receiving the value entered by the user. However, at the top of the page it says:

    select * from programs where progtype = ''
    I have no idea why it's not working, as I see no problems with my code, and I use the exact same method at college with no problems.

    Until this is fixed, you can see for yourself why it doesn't work.

    http://www.curquhart.co.uk/search.html

    Many thanks for the help.
    Geodesic_D
    "I'd much rather be called GeodesicDragon."

  • #2
    New Coder
    Join Date
    Sep 2006
    Posts
    51
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By default, and for good reasons (register_long_arrays), is off, use....

    PHP Code:
    $searchterm $_POST['searchterm']; 
    Instead of...

    PHP Code:
    $searchterm $HTTP_POST_VARS['searchterm']; 
    Also validate your incoming data and use mysql_real_escape_string($_POST['searchterm']), in your query for string type $variables. If they are expected to be (INT), then you only need to use intval ( $_POST['integer_type'] );

  • #3
    Regular Coder
    Join Date
    Nov 2004
    Location
    Perth, UK
    Posts
    105
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks!
    Geodesic_D
    "I'd much rather be called GeodesicDragon."


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •