[PHP] Need Help!

computerpro · May 24, 2007

Hey,

I created a PHP search script today and am having a problem with it. It should be fairly easy to solve but whenever I click the "search" button (with the text field empty) it takes me to the searchresults.php page and shows all the indexed info in that table. I hope you understand and can help me!

Someone like root!

DJ Stephen · May 26, 2007

I code php too!

Can you please post the code you are having problems with then I can try my best to help you fix it!

computerpro · May 26, 2007

Okay here is the form:

<form action="search.php" method="post">
<P ALIGN="Center">
<input type="text" name="search" size="15" maxlength="150" value="" />
<input type="image" name="submit" src="search.jpg" width="75" height="18">
</p>
</form>

search.php

<?php

$search = $_GET['search'];
$search = strip_tags($search);

?>

<?php

mysql_connect("localhost","db_searcher","abc123");

mysql_select_db("db_search");

$search=$_POST["search"];

$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");

while($r=mysql_fetch_array($result))
{

$title=$r["title"];
$description=$r["description"];
$keyword=$r["keyword"];
$url=$r["url"];

echo "$title <br>
$description <br>
$url <br>";

}
?>

It searches keywords

J03 · May 27, 2007

If you change the php script to:

PHP:

<?php

$search = $_POST['search'];
$search = strip_tags($search);

?>


<?php

mysql_connect("localhost","db_searcher","abc123");


mysql_select_db("db_search");

$search=$_POST["search"];


$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");


while($r=mysql_fetch_array($result))
{


$title=$r["title"];
$description=$r["description"];
$keyword=$r["keyword"];
$url=$r["url"];


echo "$title <br>
$description <br>
$url <br>";

}
?>

It may work - The form was submitting it as POST data, and the PHP was trying to get GET data.

DJ Stephen · May 27, 2007

PHP:

<form action="search.php" method="post">
<p align="Center">
<input type="text" name="search" size="15" maxlength="150" value="" />
<input type="image" name="submit" src="search.jpg" width="75" height="18"> 
</p>
</form>

search.php

PHP:

<?php
$search = strip_tags($_POST['search']);
?> 


<?php

mysql_connect("localhost","db_searcher","abc123"); 
mysql_select_db("db_search"); 

$search = strip_tags($_POST["search"]);


$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");


while($r=mysql_fetch_array($result))
{ 


$title = $r["title"];
$description = $r["description"];
$keyword =$ r["keyword"];
$url = $r["url"];


echo "$title <br> 
$description <br> 
$url <br>";

}
?>

Have fixed it plus cleaned a few bits of code up.

computerpro · May 27, 2007

I tried that code and it still doesnt work. When I press submit it still shows me all the sites indexed.

Any other ideas?

root · May 29, 2007

try putting the query into a query manager,
does it show the same thing/give the same results?

I've updated the script slightly.
the strip_tags function is all well and good, but this is the super beefy guarding against injection attacks version,

PHP:

<form action="search.php" method="post">
<p align="Center">
<input type="text" name="search" size="15" maxlength="150" value="" />
<input type="image" name="submit" src="search.jpg" width="75" height="18"> 
</p>
</form>  


 


<?php

mysql_connect("localhost","db_searcher","abc123"); 
mysql_select_db("db_search"); 


//guard agains injection attack!

    if( get_magic_quotes_gpc() )
    {
          $search = stripslashes( $search );
    }
    //check if this function exists
    if( function_exists( "mysql_real_escape_string" ) )
    {
          $search = mysql_real_escape_string( $search );
    }
    //for PHP version < 4.3.0 use addslashes
    else
    {
          $search = addslashes( $search );
    }


$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");


while($r=mysql_fetch_array($result))
{ 


$title = $r["title"];
$description = $r["description"];
$keyword =$ r["keyword"];
$url = $r["url"];


echo "$title <br> 
$description <br> 
$url <br>";

}
?>

computerpro · May 29, 2007

Thanks root, however I got this error:

Parse error: parse error, unexpected T_STRING, expecting T_VARIABLE or '$' in /home/url/public_html/b2/search.php on line 86

Any ideas where it went wrong

root · May 30, 2007

umm...

even if you didn't split that into two files there are only 54 lines in the code I posted, so I've absolutely no idea!

that's the kind of error you might get if you missed off a semi colon off the end of a line though.

computerpro · May 30, 2007

alright, but just to be sure, the code you posted is 100% error free?

[PHP] Need Help!

computerpro

In Runtime

DJ Stephen

Fully Optimized

computerpro

In Runtime

J03

~~~~~~~~

DJ Stephen

Fully Optimized

computerpro

In Runtime

root

Site Team

computerpro

In Runtime

root

Site Team

computerpro

In Runtime

Similar threads