BlackTyger

I am building a simple search engine script for my website which allows users to search for electronic devices that we have in our database. Here is the HTML code. <form name="search" action="search.php" method="get"> <input type="text" name="query" size="50" /> <input type="submit" name="submit" value="Search" /> </form> Here is the PHP code. <?php error_reporting(0); include 'config.php'; mysql_connect("localhost", "root", "password") or die(mysql_error()); mysql_select_db("maindatabase") or die(mysql_error()); // get the data from the form $search_query = $_GET['query']; // mysql query $query = mysql_query("SELECT * FROM `products` WHERE productName LIKE '%$search_query%'"); $count_rows = mysql_num_rows($query); echo "Results found: " . $count_rows; ?> Here is the problem: Whenever I enter a single keyword in the search, the search brings some results. BUT, whenever I enter multiple keywords, the search brings 0 rows. For example: I have a product called Sony Bravia Television 42 inches - 1080p HD in my database. When type "sony" in the search and press the search button, I only get 1 row as the result. But when I enter "sony television" in the seach, I get 0 row results. Why is that? What can I do to fix this problem? I want to return results that contain all the keywords that the search query had. Just like any search engine: Google, Yahoo, etc.

I made my website on my laptop (localserver) and it was working fine. But when I uploaded to my hosting account and tried to view it in my browser, all I get is a blank white screen. No errors, no messages. Just blank screen. I tried different hosts ... same problem ... but the website runs fine on my localhost. what could be the problem ??? I even contacted me hosting company and they told me that PHP server is running fine.

Here is my HTML code: <html> <head> <title>Simple Search Form</title> </head> <body> <form name="searchform" method="get" action="/search.php"> Select Gender: <select name="gender"> <option value="Male">Male</option> <option value="Female">Female</option> </select> Select City: <select name="gender"> <option value="all">All Cities</option> <option value="newyork">New York</option> <option value="toronto">Toronto</option> <option value="london">London</option> <option value="paris">Paris</option> </select> <form> </body> </html> Here is my PHP code: <?php // get the data from the search form # get the gender (male or female) $gender = $_GET['gender']; # get the city $city = $_GET['city']; // connect to mysql and select db mysql_connect('localhost', 'root', 'pass') or die(mysql_error()); mysql_select_db($test_db); // send query $query = mysql_query("SELECT * FROM `visitors_location` WHERE gender='$gender' AND city='$city'"); $count = mysql_num_rows($query); // display data while ( $show = mysql_fetch_assoc($query) ) { echo $gender . " " . $city; } ?> My script basically shows # of males or females in a specific city. How can I show all males in all cities? In other words, let's say I want to show # of Females from all those 4 cities combined. I don't know how to do that. Can someone please help me?

This website has been great so far. Whenever I post a question, I get answer within few minutes. I have another question today related to PHP pagination. My search page basically allows users to view users others users in a specific country. Basically, there is are two html drop downs on the search page. First one allows you to select gender (male or female) and other one allows you to select country. After the search button is pressed, it displays all the usernames of males in that country. my search page's url looks something like: http://localhost/search.php?gender=Male&country=Canada&searchbutton=Search I want to add pagination to this script. the search form has method=GET and 3 input options. one is gender and the other one is country and the last one is pageNum which is hidden. how can i add pagination to this???

Okay, thanks a million for your great help. I am kinda confused with this session id stuff. Can you please explain what do I need to do to regenerate an ID. I mean, do I just place the session_regenerate_id() anywhere in my code or are there any serious changes that i need to make?

Okay, friends! I forgot to mention some stuff .... The code that i posted above is just part of the actual code. Yes, I have data filtering in my actual code and all mysql filtering, too. My login and members page both have session_start(); at the top. And yes, the members.php file checks if the $_SESSION['username'] is registered or not. if it's not, then it sends the user back to the login page. I was worried about session stealing and fixation and session hijacking. Is there any way an attack can hijack my users' sessions and control their accounts? I read about session id hijacking on php.net and got worried.

If you are a PHP expert, then I really your help. I have a question regarding PHP sessions and their security. So here is my story ... I created a login script (login.php) for my website. When a user goes to the login.php page, they see a login form that they must fill with their username and password to login to the members' area and view their profile, etc. On that login page, when the user enters their username and password and then clicks the "Login" button, my script filters the data, sends MySQL query and checks if the login is valid. If the login is NOT valid, then they get a "Login Failed" message. If the login is valid, I register their username and the password in sessions and redirect them to the members.php page. Here is some of my code for my login.php page after mysql confirms the login is valid <?php $query = mysql_query('SELECT * FROM `users` WHERE username='$user' AND password='$pass'"); $numRows = mysql_num_rows($query); if ( $numRows ) { // login is valid $_SESSION['username'] = $user; $_SESSION['pass'] = $pass; // redirect user to members area header('Location: /members.php'); } else { // login is invalid echo "Login failed"; } ?> My question is ... is this login script secured? I mean, I am not generating any session id or any cookie. I am just storing the username and the password in two session variables and those are the things that i will use to display the user's profile, etc. Can attackers attack this script? Is this secured or is there any other way I can make it stronger?