[PHP] Need Help!
- Thread starter computerpro
- Start date
DJ Stephen
Fully Optimized
- Messages
- 3,275
lol, its my fault, Sorry 
David Lindon
Golden Master
- Messages
- 15,233
If its still showing all files, add a line to echo $search to make sure its not blank because if it is MySQL will return all rows otherwise
computerpro
In Runtime
- Messages
- 238
Alright thanks alot, however you cleaned up my code but it didnt fix my prob. My prob is when the form is submitted with nothing in the text field it forwards you to the search.php page (like its supposed to do) but it shows every file saved to my table
yes, it would do that...
you are selecting where like.
consider a windows search...
if you search for *.txt you expect every text file to be returned.
if you search for *a* you expect every file to be returned that has an 'a' in it.
if you search for * you expect every file to be returnde...
the wildcard charecter in SQL isn't * it's %
so your query is actualy
return all records like *keyword*
if there is no keyword your search is:
return all records like **
which is all records.
it's not an error on the page!
the only thing that you can do is check to see if the keyword is blank and then escape the whole process.
you are selecting where like.
consider a windows search...
if you search for *.txt you expect every text file to be returned.
if you search for *a* you expect every file to be returned that has an 'a' in it.
if you search for * you expect every file to be returnde...
the wildcard charecter in SQL isn't * it's %
so your query is actualy
return all records like *keyword*
if there is no keyword your search is:
return all records like **
which is all records.
it's not an error on the page!
the only thing that you can do is check to see if the keyword is blank and then escape the whole process.
PHP:
<form action="search.php" method="post">
<p align="Center">
<input type="text" name="search" size="15" maxlength="150" value="" />
<input type="image" name="submit" src="search.jpg" width="75" height="18">
</p>
</form>
<?php
$search = $_REQUEST['search'];
if ($search=='')
{
echo "you must specify a search keyword.";
exit();
}
mysql_connect("localhost","db_searcher","abc123");
mysql_select_db("db_search");
//guard agains injection attack!
if( get_magic_quotes_gpc() )
{
$search = stripslashes( $search );
}
//check if this function exists
if( function_exists( "mysql_real_escape_string" ) )
{
$search = mysql_real_escape_string( $search );
}
//for PHP version < 4.3.0 use addslashes
else
{
$search = addslashes( $search );
}
$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");
while($r=mysql_fetch_array($result))
{
$title = $r["title"];
$description = $r["description"];
$keyword =$ r["keyword"];
$url = $r["url"];
echo "$title <br>
$description <br>
$url <br>";
}
?>
