only returning 1 row.

[seany123]

i have this code which is basically to search for values in my players table... and return all rows which are true.

 

<?php

include("lib.php");
define("PAGENAME", "Player Search");
$player = check_user($secret_key, $db);

$trimmed = trim($_GET['username']);

switch ($_GET['act'] == "find") {
case "search":
    if(!$_GET['username']) //No username entered
    {
        header("Location: search.php");
    }
    
    $query = $db->execute("select username from `players` where `username`like '%$trimmed%'");
    $member = $query->fetchrow;
    
    if ($query->recordcount() == 0) {
        include("templates/private_header.php");
        echo "<p>This player doesn't exist!<p>";
        echo "<a href=\"search.php\">Search Again</a><p>";
        include("templates/private_footer.php");
    }
    
    $query = $db->execute("select username from `players` where `username`like '%$trimmed%'");
    $member = $query->fetchrow;
    
    while ($member = $query->fetchrow()) {
        include("templates/private_header.php");
        echo "<table width='100%' border='0' cellspacing='10'>";
        echo "<td>Player: <a href=\"profile.php?id=" . $member['username'] . "\"> ". $member['username'] ." </a></td>";
        echo "<td><a href=\"mail.php?act=compose&to=" . $member['username'] . "\">Mail</a> | <a href=\"battle.php?act=attack&username=" . $member['username'] . "\">Battle</a></td>";
        echo "</table>";
        exit;
        include("templates/private_footer.php");
    }
    
    default:
    
    include("templates/private_header.php");
    echo "<fieldset>\n";
    echo "<p>";
    echo "<legend><b>Search for a player</b></legend>\n";
    echo "<form method=\"get\" action=\"search.php?act=find\">\n<input type=\"hidden\" name=\"act\" value=\"find\" />\n";
    echo "Username:   <input type=\"text\" name=\"username\" /><br />\n";
    echo "<input type=\"submit\" value=\"Search\" />\n";
    echo "<p>";
    echo "</form>\n";
    include("templates/private_footer.php");
}

?>

 

but for some reason it only echo's 1 row.

 

any ideas?

[seany123]

anyone able to help me with this?

[mrMarcus]

you need to make a few changes...

 

1. you query is wide open for SQL injections .. use mysql_real_escape_string() on you vars going to the db.

 

2. add a space between `username` & like.

 

3. switch ($_GET['act'] == "find") ??  what is that?  just use:

switch ($_GET['act'])

 

4. add breaks to your switch cases:

<?php
case something:
  echo 'something';
  break;
?>

 

to avoid further execution of cases.  if there are no break; present, and the first case evaluates true, the rest of the conditions will also execute, which may be a disastrous thing.

 

AND, why do you have the same query executing twice in the same condition?

 

you're probably looking to do something like this (eliminate that second, redundant db query:

 

<?php
$query = $db->execute("select username from `players` where `username` like '%{$trimmed}%'");
$member = $query->fetchrow;
    
if ($query->recordcount() == 0) {
include("templates/private_header.php");
echo "<p>This player doesn't exist!<p>";
echo "<a href=\"search.php\">Search Again</a><p>";
include("templates/private_footer.php");
}
else {
while ($member = $query->fetchrow())
{
        include("templates/private_header.php");
        echo "<table width='100%' border='0' cellspacing='10'>";
        echo "<td>Player: <a href=\"profile.php?id=" . $member['username'] . "\"> ". $member['username'] ." </a></td>";
        echo "<td><a href=\"mail.php?act=compose&to=" . $member['username'] . "\">Mail</a> | <a href=\"battle.php?act=attack&username=" . $member['username'] . "\">Battle</a></td>";
        echo "</table>";
        exit;
        include("templates/private_footer.php");
    }
}
?>

 

how many records should it be returning?  and are you sure about that?