View Full Version : Search Help

02-24-2007, 01:55 AM
I am trying to write a search form for my website which uses PHP and SQL. The SQL works fine, but the PHP doesn't.

The user types in a value, and the PHP is supposed to return results based on that value. For example, if the value was 'Game', then all the games available to download would be displayed.

The PHP code is as follows:

// create short variable names

@ $db = mysql_pconnect(server:port', 'username', 'password');

if (!$db)
echo 'Error: Could not connect to database. Please try again later.';

$query = "select * from programs where progtype = '$searchterm'";

$result = mysql_query($query);
$num_results = mysql_num_rows($result);
print $query ;
echo '<p>Number of results found: '. $num_results .'</p>';
for ($i = 0; $i < $num_results; $i++)
$row = mysql_fetch_array($result);
echo "Title: ", $row['title'];
echo '<br>';
echo "Version: ",$row['version'];
echo '<br>';
echo "Type: ", $row['progtype'];
echo '<br>';
echo "Link: ", $row['link'];
echo '</p>';

You will notice where it says 'print $query'. I put that in to see if the PHP was receiving the value entered by the user. However, at the top of the page it says:

select * from programs where progtype = ''

I have no idea why it's not working, as I see no problems with my code, and I use the exact same method at college with no problems.

Until this is fixed, you can see for yourself why it doesn't work.


Many thanks for the help.

02-24-2007, 02:28 AM
By default, and for good reasons (register_long_arrays), is off, use....

$searchterm = $_POST['searchterm'];

Instead of...

$searchterm = $HTTP_POST_VARS['searchterm'];

Also validate your incoming data and use mysql_real_escape_string($_POST['searchterm']), in your query for string type $variables. If they are expected to be (INT), then you only need to use intval ( $_POST['integer_type'] );

02-24-2007, 03:59 AM
Thanks! :) :D :thumbsup: