Jump to content

FatBobsFeet

New Members
  • Posts

    3
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by FatBobsFeet

  1. I understand completely about SQL injection, in fact I posted advice about it for someone else on here just the other day. I am just tweaking the slightly outdated code to see if I can make it work right now, and will add that before it goes live. The PDO vs MySQLi issues are also due to the fact that one is the original old code, and one is my new updated code. Thank you for suggesting I echo out the $sql variable right before the query. I had done this before, and got the expected results, but… this time it led me on the right path. In the switch, I had the cases written out like this (no single quotes): case 'search_city': array_push($queries, "city = $search_city"); and had also tried this (single quotes AND percent sign): case 'search_city': array_push($queries, "city = '%$search_city%'"); but apparently it needed to simply be this (single quotes only): case 'search_city': array_push($queries, "city = '$search_city'");
  2. I'm not sure what your problem is if these suggestions are not helping, but it is always good to weed out other possibilities. I noticed that on lines #38 and #39 you are using mysql functions. These are deprecated (no longer used) and should be replaced with mysqli, like you have earlier in your code. mysql_query (php.net) mysql_fetch_row (php.net) Also, I noticed that in your opening sentence, you have the variable "$FirsttName" [<-- notice there are two of the letter t ] but in your code below it is spelled with only one. Be sure to check your actual code for misspellings; this is one common source of errors.
  3. For starters, I have only been using PHP for about 2 months now. So, if you feel that there is something I should know, please feel free. I'm all ears. Secondarily, I have been working on this for a couple weeks now and have tried several different angles. I've been to the manual a thousand times, gotten a few bits of advice from Stack Overflow, and looked through YouTube, which is where I found this tutorial: This one. So, I've been through this tutorial a few times. I recreated the search in the video, and now I'm attempting to convert elements of it to my own project. Problem is, it doesn't seem to be parsing things correctly. I will try to explain below. Here is a hastebin with the original code from the video: index page and functions page. And here is my code: search page and functions page. Basically, this code accepts a bunch of values from possible inputs, parses them, and then creates a custom SQL statement. In the original code, the 'locations' are a bunch of checkboxes and one or more can be selected, and the SQL statement is verbose and complex. In my code, the 'categories' are a bunch of checkboxes where one or more can be selected, and the SQL statement is much simpler. That's really why I can't figure out what is going wrong. Here are a few things I have tried so far: 1) I commented out the code and used a generic SQL statement, to make sure the values were being queried and displayed correctly. They were. 2) I've watched the tutorial several times to make sure I have the code correct, and as far as I can tell, I do. 3) I've checked the content of variables, etc., to make sure they are getting sent properly, which they appear to be. 4) Since nothing is coming up as a result of this search currently, I removed some of the NOT symbols (!) from the code, and, lo and behold, everything is now a search result. (In other words, it is either ALL or NOTHING. Not very helpful for a search function.) This is what makes me think things are not getting parsed correctly. I hope this is enough information to get you started. If not, let me now what else I can offer. Thanks for any assistance you can offer!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.