<form action="search.php" method="post">
<p align="Center">
<input type="text" name="search" size="15" maxlength="150" value="" />
<input type="image" name="submit" src="search.jpg" width="75" height="18">
</p>
</form>
<?php
$search = $_REQUEST['search'];
if ($search=='')
{
echo "you must specify a search keyword.";
exit();
}
mysql_connect("localhost","db_searcher","abc123");
mysql_select_db("db_search");
//guard agains injection attack!
if( get_magic_quotes_gpc() )
{
$search = stripslashes( $search );
}
//check if this function exists
if( function_exists( "mysql_real_escape_string" ) )
{
$search = mysql_real_escape_string( $search );
}
//for PHP version < 4.3.0 use addslashes
else
{
$search = addslashes( $search );
}
$result = mysql_query("SELECT * FROM product WHERE keyword LIKE '%$search%'");
while($r=mysql_fetch_array($result))
{
$title = $r["title"];
$description = $r["description"];
$keyword =$ r["keyword"];
$url = $r["url"];
echo "$title <br>
$description <br>
$url <br>";
}
?>