seany123 Posted November 19, 2009 Share Posted November 19, 2009 okay well im currently trying to create a search player page for my game... this is what i want to be able to search for.... <html> <form method='' action='test.php'> <table> <tr> <td> ID: </td> <td> <input type='text' name='id'> </td> </tr> <tr> <td> Username: </td> <td> <input type='text' name='username'> </td> </tr> <tr> <td> Level: </td> <td> <input type='text' name='minlevel'> to <input type='text' name='maxlevel'> </td> </tr> <tr> <td> Money: </td> <td> $<input type='text' name='minlevel'> or more </td> </tr> <tr> <td> Location: </td> <td> <select name="cityid"> <option name="London" value="1">London</option> <option name="Newyork" value="2">New york</option> <option name="Birmingham" value="3">Birmingham</option> <option name="Atlanta" value="4">Atlanta</option> <option name="Washington" value="5">washington</option> <option name="Tokyo" value="6">Tokyo</option> <option name="Moscow" value="7">Moscow</option> <option name="Berlin" value="8">Berlin</option> <option name="Madrid" value="9">Madrid</option> <option name="sydney" value="10">Sydney</option> <option name="Chicargo" value="11">Chicargo</option> <option name="Singapore" value="12">Singapore</option> <option name="Mexico city" value="13">Mexico city</option> <option name="Phoenix" value="14">Phoenix</option> <option name="Amsterdam" value="15">Amsterdam</option> <option name="Oslo" value="16">Oslo</option> <option name="Boston" value="17">Boston</option> <option name="HongKong" value="18">Hong Kong</option> <option name="LasVegas" value="19">Las Vegas</option> <option name="Austin" value="20">Austin</option> <option name="Miami" value="21">Miami</option> <option name="Dublin" value="22">Dublin</option> <option name="Oakland" value="23">Oakland</option> <option name="Milan" value="24">Milan</option> <option name="Istanbul" value="25">Istanbul</option> <option name="Toronto" value="26">Toronto</option> <option name="Rome" value="27">Rome</option> </select> </td> </tr> <tr> <td> Attackable: </td> <td> <select name="attackable"> <option name="Yes" value="1">Yes</option> <option name="No" value="2">No</option> </td> </tr> <tr> <td> Status: </td> <td> <select name="onlinestatus"> <option name="Online" value="1">Online</option> <option name="Offline" value="2">Offline</option> </td> </tr> <tr> <td> <input type='submit' name='submit' value='Search!'> </td> </tr> </table> </form> </html> But im needing some help: firstly i dont know if the above form should be a POST or GET? this is a sql dump of the table ill be searching in: -- phpMyAdmin SQL Dump -- version 3.2.0.1 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Nov 19, 2009 at 03:13 AM -- Server version: 5.1.37 -- PHP Version: 5.3.0 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; -- -------------------------------------------------------- -- -- Table structure for table `players` -- CREATE TABLE IF NOT EXISTS `players` ( `id` int(11) NOT NULL AUTO_INCREMENT, `rm` varchar(11) COLLATE latin1_general_ci NOT NULL DEFAULT '0', `username` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `password` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `email` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `xaccess` tinyint(4) NOT NULL DEFAULT '0', `registered` int(11) NOT NULL DEFAULT '0', `last_active` int(11) NOT NULL DEFAULT '0', `ip` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `level` int(11) NOT NULL DEFAULT '1', `maxlevel` int(11) NOT NULL DEFAULT '500', `points` bigint(255) NOT NULL DEFAULT '0', `money` bigint(255) NOT NULL DEFAULT '0', `bank` int(11) NOT NULL DEFAULT '0', `maxbank` int(11) NOT NULL DEFAULT '30000000', `hp` int(11) NOT NULL DEFAULT '100', `maxhp` int(11) NOT NULL DEFAULT '100', `exp` int(11) NOT NULL DEFAULT '0', `maxexp` int(11) NOT NULL DEFAULT '494', `energy` int(11) NOT NULL DEFAULT '10', `maxenergy` int(11) NOT NULL DEFAULT '10', `nerve` int(11) NOT NULL DEFAULT '10', `maxnerve` int(11) NOT NULL DEFAULT '10', `awake` int(11) NOT NULL DEFAULT '100', `maxawake` int(11) NOT NULL DEFAULT '100', `strength` bigint(255) NOT NULL DEFAULT '10', `defense` bigint(255) NOT NULL DEFAULT '10', `speed` bigint(255) NOT NULL DEFAULT '10', `total` bigint(255) NOT NULL DEFAULT '30', `interest` tinyint(1) NOT NULL DEFAULT '0', `kills` int(11) NOT NULL DEFAULT '0', `deaths` int(11) NOT NULL DEFAULT '0', `searchdowntown1` int(11) NOT NULL DEFAULT '1', `searchdowntown2` int(11) NOT NULL DEFAULT '1', `luckydip` int(11) NOT NULL DEFAULT '1', `Players_Job_ID` int(11) NOT NULL DEFAULT '0', `P_Job_Skill` int(11) NOT NULL DEFAULT '0', `ref` int(11) NOT NULL DEFAULT '0', `dead_time_remaining` int(11) NOT NULL DEFAULT '0', `weapon_used_id` int(11) NOT NULL DEFAULT '0', `killed_by_id` int(11) NOT NULL DEFAULT '0', `city_id` int(11) NOT NULL DEFAULT '1', `gender` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT 'Unknown', `house_id` int(11) NOT NULL DEFAULT '0', `style` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `crimes_failed` int(11) NOT NULL DEFAULT '0', `crimes_sucess` int(11) NOT NULL DEFAULT '0', `staff` int(11) NOT NULL DEFAULT '0', `investment_id` varchar(11) COLLATE latin1_general_ci NOT NULL DEFAULT '0', `investment_time` int(11) NOT NULL DEFAULT '0', `prison` int(11) NOT NULL DEFAULT '0', `prison_caught` int(11) NOT NULL DEFAULT '0', `prison_bust` int(11) NOT NULL DEFAULT '0', `hospital` int(11) NOT NULL DEFAULT '0', `crimes_money` bigint(11) NOT NULL DEFAULT '0', `news` int(11) NOT NULL DEFAULT '1', `notepad` text COLLATE latin1_general_ci NOT NULL, `recover` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `ncolor` int(11) NOT NULL DEFAULT '0', `ncolorid` varchar(20) COLLATE latin1_general_ci NOT NULL DEFAULT 'CC0000', `banned` varchar(11) COLLATE latin1_general_ci NOT NULL DEFAULT '0', `signature` text COLLATE latin1_general_ci NOT NULL, `battle_money` bigint(11) NOT NULL DEFAULT '0', `battle_won` bigint(11) NOT NULL DEFAULT '0', `battle_lost` bigint(11) NOT NULL DEFAULT '0', `quote` varchar(50) COLLATE latin1_general_ci NOT NULL DEFAULT 'No Quote', `rating` int(11) NOT NULL DEFAULT '0', `avatar` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '', `gang_id` int(11) DEFAULT NULL, `gang_upgrade` int(1) NOT NULL DEFAULT '0', `gang_edit` int(1) NOT NULL DEFAULT '0', `gang_vault` int(1) NOT NULL DEFAULT '0', `gang_members` int(1) NOT NULL DEFAULT '0', `gang_mail` int(1) NOT NULL DEFAULT '0', `gang_crime` int(1) NOT NULL DEFAULT '0', `gang_ranks` int(1) NOT NULL DEFAULT '0', `battle_total` int(11) NOT NULL DEFAULT '0', `lottery` int(1) NOT NULL DEFAULT '0', `validated` int(11) NOT NULL DEFAULT '0', `validkey` varchar(255) COLLATE latin1_general_ci NOT NULL, `up_date` int(11) NOT NULL, `strength_bonus` int(11) NOT NULL, `strength_bonus_time` int(11) NOT NULL, `defense_bonus` int(11) NOT NULL, `defense_bonus_time` int(11) NOT NULL, `speed_bonus` int(11) NOT NULL, `speed_bonus_time` int(11) NOT NULL, `weapon_strength_bonus` int(11) NOT NULL, `weapon_defense_bonus` int(11) NOT NULL, `weapon_speed_bonus` int(11) NOT NULL, PRIMARY KEY (`id`), KEY `searchdowntown` (`searchdowntown1`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci PACK_KEYS=1 AUTO_INCREMENT=1010 ; -- -- Dumping data for table `players` -- INSERT INTO `players` (`id`, `rm`, `username`, `password`, `email`, `xaccess`, `registered`, `last_active`, `ip`, `level`, `maxlevel`, `points`, `money`, `bank`, `maxbank`, `hp`, `maxhp`, `exp`, `maxexp`, `energy`, `maxenergy`, `nerve`, `maxnerve`, `awake`, `maxawake`, `strength`, `defense`, `speed`, `total`, `interest`, `kills`, `deaths`, `searchdowntown1`, `searchdowntown2`, `luckydip`, `Players_Job_ID`, `P_Job_Skill`, `ref`, `dead_time_remaining`, `weapon_used_id`, `killed_by_id`, `city_id`, `gender`, `house_id`, `style`, `crimes_failed`, `crimes_sucess`, `staff`, `investment_id`, `investment_time`, `prison`, `prison_caught`, `prison_bust`, `hospital`, `crimes_money`, `news`, `notepad`, `recover`, `ncolor`, `ncolorid`, `banned`, `signature`, `battle_money`, `battle_won`, `battle_lost`, `quote`, `rating`, `avatar`, `gang_id`, `gang_upgrade`, `gang_edit`, `gang_vault`, `gang_members`, `gang_mail`, `gang_crime`, `gang_ranks`, `battle_total`, `lottery`, `validated`, `validkey`, `up_date`, `strength_bonus`, `strength_bonus_time`, `defense_bonus`, `defense_bonus_time`, `speed_bonus`, `speed_bonus_time`, `weapon_strength_bonus`, `weapon_defense_bonus`, `weapon_speed_bonus`) VALUES (1, '47', 'adminsean', '', '', 100, 1220148866, 1258600027, '90.218.116.186', 3, 500, 186848, 95042589, 29719978, 155000000, 30, 30, 1378, 1482, 36, 43, 12, 12, 9923, 10000, 100000, 5353013, 414066, 5818688, 0, 19, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 'Male', 16, '', 284, 736, 5, '0', 0, 0, 0, 0, 0, 5193938, 0, '1,2,2,3,4,5,4,5,4,5,44,84', 'n8wOy8fK', 1, 'Crimson', '0', '<b>Hello1</b>', 65280619, 114, 7, 'HELLO', 0, 'http://oregonstate.edu/cws/webtrain/sites/default/files/image-administrator.png', 5, 0, 0, 0, 0, 0, 0, 0, 71, 0, 1, '121458c9600c1ea6fa179c70950575a8', 0, 5, 30, 5, 30, 10, 30, 5, 0, 0), (59, '3', 'test', 'test', '', 0, 1234920355, 1258205130, '90.215.170.130', 51, 500, 166005, 107530793, 154690573, 155000000, 1190, 1190, 8275, 25200, 121, 121, 209, 209, 100, 100, 1, 70, 1, 210, 0, 0, 3, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, '0', 2, '', 5, 116, 0, '0', 0, 0, 0, 0, 0, 13629321, 0, '', '', 1, 'Orange', '0', '', -8629670, 0, 6, 'No Quote', 0, 'http://realitytvmagazine.sheknows.com/blog/images/2008/10/beautygeek.jpg', 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, 1, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (60, '0', 'test2', '', '', 0, 1234925411, 1241003664, '90.215.170.130', 1, 999, 500, 4512500, 0, 30000000, 100, 100, 0, 50, 10, 10, 10, 10, 100, 100, 1, 1, 1, 30, 0, 0, 2, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, '0', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 0, '', '0', '', -250000, 0, 2, 'No Quote', 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (61, '0', 'booher', 'jacob', '', 0, 1236203628, 1242739566, '75.93.182.126', 1, 999, 39467, 121838, 0, 30000000, 100, 100, 0, 50, 10, 10, 10, 10, 100, 100, 1, 1, 1, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 2, '0', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '0@OPEao', 0, '', '0', '', -13212, 0, 3, 'No Quote', 0, 'http://www.e-potpourri.com/wp-content/uploads/2007/11/limited-edition-ak47-machine-gun-pendants.jpg', 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (62, '0', 'jojo', 'qw123', 'dfgdf@hotmail.com', 0, 1237381878, 1247706532, '194.66.185.53', 2, 999, 16830029, 89834650, 29904914, 30000000, 110, 110, 750, 988, 21, 21, 11, 11, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Other', 0, '', 0, 2, 1, '0', 0, 0, 0, 0, 0, 3000, 0, '', '', 0, '', '0', '', -5409211, 0, 3, 'No Quote', 0, 'http://www.ripten.com/wp-content/uploads/2008/05/wow-lk-siteupdate-52008.jpg', 5, 0, 0, 0, 0, 0, 0, 0, 3, 0, 1, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (63, '0', 'deadmandom', '', '', 0, 1237381937, 1243781077, '194.66.185.193', 35, 500, 0, 14100000, 59944508, 60000000, 550, 550, 5168, 17294, 360447, 360447, 286, 286, 10000, 10000, 134156967, 51813908, 21760580, 207731355, 0, 1, 3, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Male', 16, '', 17, 113, 0, '0', 0, 0, 0, 0, 0, 929730, 0, 'attack chris', '', 0, '', '0', 'chris sucks cock', 7370287, 6, 6, 'c', 0, 'http://i643.photobucket.com/albums/uu160/deadmandom/NewPicture4.jpg?t=1242811829', 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 1, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (65, '0', 'bigdaddy', '', '', 0, 1239965892, 1246492252, '79.69.33.43', 351, 500, 4595, 33494573, 117400000, 117500000, 200, 200, 73716, 260499, 350, 350, 351, 351, 10000, 10000, 3717580, 3167343, 3169338, 10054261, 0, 0, 2, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Other', 16, '', 4, 23, 0, '0', 0, 0, 0, 0, 0, 98290, 0, 'dom is gay?', '', 1, 'DeepSkyBlue', '0', '', 273214759, 34, 18, 'SH1T', 1, 'http://g-ecx.images-amazon.com/images/G/01/askville/137733_9336096_mywrite/boobs_for_me.jpg', 0, 0, 0, 0, 0, 0, 0, 0, 52, 0, 1, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (73, '0', 'test7', '', '', 0, 1242660805, 1242660805, '', 1, 500, 0, 0, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 0, 'CC0000', '0', '', 0, 0, 1, 'No Quote', 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (70, '0', 'jack', '', '', 0, 1242660151, 1242660151, '', 1, 500, 0, 347238, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 0, 'CC0000', '0', '', -38525, 0, 2, 'No Quote', -1, '', 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (74, '0', 'hello', '', '', 0, 1242752764, 1242860240, '', 1, 500, 73, 219058, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 0, 'CC0000', '0', '', -36439, 0, 4, 'No Quote', 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 1, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (75, '0', 'hello555', '', '', 0, 1242753054, 1242753054, '', 301, 500, 0, 12532189, 0, 30000000, 730, 730, 5, 163899, 501, 501, 123, 123, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 0, 'CC0000', '0', '', 19151754, 84, 2, 'No Quote', 0, '', NULL, 0, 0, 0, 0, 0, 0, 0, 41, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (76, '0', 'test123', '', '', 0, 1242753364, 1242753364, '', 1, 500, 0, 0, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 0, '', '', 1, 'limegreen', '0', '', 0, 0, 1, 'No Quote', 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (1007, '0', 'testsean', '', '', 0, 1246235081, 1246236821, '90.215.170.143', 1, 500, 0, 0, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 1, '', 'n8wOy8fK', 0, 'CC0000', '0', '', 0, 0, 1, 'No Quote', 0, '', NULL, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, '954ec4510778c52d993abe36fe1990cd', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (1008, '0', 'asd', '', '', 0, 1247652705, 1247652705, '60.52.38.76', 1, 500, 0, 0, 0, 30000000, 100, 100, 0, 494, 10, 10, 10, 10, 100, 100, 10, 10, 10, 30, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 'Unknown', 0, '', 0, 0, 0, '0', 0, 0, 0, 0, 0, 0, 1, '', '', 0, 'CC0000', '0', '', 0, 0, 0, 'No Quote', 0, '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, '467315171204b7696cdec617b768865a', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); But my problem is i dont know how to to do it... for example if someone wrote in the username box.... "est" how do i use est to find all usernames with "est" in them.... how do i set it so if nothing was inserted in the for example level box's to set minlevel to 0 and maxlevel to 500 etc... Quote Link to comment Share on other sites More sharing options...
seany123 Posted November 19, 2009 Author Share Posted November 19, 2009 i currently have this: if ($_POST['submit']){ if (!$_POST['id']){ $_POST['id'] == NULL; } if (!$_POST['minlevel']){ $_POST['minlevel'] = 0; } if (!$_POST['maxlevel']){ $_POST['maxlevel'] = 500; } echo $_POST['id']; $query = $db->execute("SELECT * FROM players WHERE level >= '".$_POST['minlevel']."' && level <= '".$_POST['maxlevel']."' && id = '".$_POST['id']."'"); while($member = $query->fetchrow()) { echo" <tr> <td>"; echo $member['username']; echo "</td> </tr>"; } Another example... if i didnt type anything in ID field... how do i search for $_POST['id'] if its NULL.... how would i get this to work? Quote Link to comment Share on other sites More sharing options...
emopoops Posted November 19, 2009 Share Posted November 19, 2009 <form action="post"> because i heard it more secure. then u have to post the variables. $var1 = mysql_real_escape_string($_POST[var1]); then do mysql to get the things that match or whatever your doing i dont quite understand if u want to echo something onto the page u might have to do a loop if theres more than one column or something. what r u trying to do with the information in the mysql databasE? Quote Link to comment Share on other sites More sharing options...
premiso Posted November 19, 2009 Share Posted November 19, 2009 <form action="post"> because i heard it more secure. It is technically more secure, but for a search function how secure do you need it? Depending on what the search is for, if you are looking for people to be able to link or bookmark a search you want to do it with GET as it allows for that, you cannot bookmark post data. Quote Link to comment Share on other sites More sharing options...
emopoops Posted November 19, 2009 Share Posted November 19, 2009 well thats true. but you also leave ur site open for attacks more often the more u use get. im pretty sure that once the op realizes this they will steer clear from the get variable excpet for like pagination or something thats very simple to use. here u can just go right ahead and use post. who wants to bookmark a searcha nyways? therses a form for new searches. im pretty sure that there is no valid reason to use get here folks Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted November 19, 2009 Share Posted November 19, 2009 Look into the LIKE command in mysql. For example $sql = "SELECT * FROM user WHERE username LIKE 's%'" that would match all usernames that start with s. The % acts as a wildcard. You can set it to the beginning also $sql = "SELECT * FROM user WHERE username LIKE '%s'" that would match all usernames that end with s $sql = "SELECT * FROM user WHERE username LIKE '%est%'" that would match all usernames that have an est in them, for examle, lester ester bestMan bestInTheWorld etc. And using GET is perfectly fine if you protect against mysql injections. Google does it, and being able to bookmark certain searches can be extremely useful. Edit: tutorial Quote Link to comment Share on other sites More sharing options...
emopoops Posted November 19, 2009 Share Posted November 19, 2009 im going to have to disagree with you there, sometimes popular sites like google... do NOT always choose the best routes.... and it will be their downfall. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted November 19, 2009 Share Posted November 19, 2009 So the downfall of Google is going to be the fact that it uses get variables in search queries? No offense but i'm not going to hold my breath. I'm going to side with Google, the absolute king of search engines, and hugely prominent figure in web development. I'm sure a company that can create its own programming language, phone operating system, computer operating system, one of the most popular geolocation software and API, among other things won't be destroyed by something as trivial as $_GET vs $_POST variables. Any good "hacker" can alter post variables as easily as get variables, and as long as you take the correct precautions (which aren't that difficult to begin with) you'll be fine. Quote Link to comment Share on other sites More sharing options...
emopoops Posted November 19, 2009 Share Posted November 19, 2009 i wouldnt be so sure hon Quote Link to comment Share on other sites More sharing options...
premiso Posted November 19, 2009 Share Posted November 19, 2009 well thats true. but you also leave ur site open for attacks more often the more u use get. im pretty sure that once the op realizes this they will steer clear from the get variable excpet for like pagination or something thats very simple to use. here u can just go right ahead and use post. who wants to bookmark a searcha nyways? therses a form for new searches. im pretty sure that there is no valid reason to use get here folks Ok, sorry to be so disagreeable to this statement, but seriously? You believe this...then you have a long ways to go. POST data is just as in secure as GET data. The only difference is you do not see post data, but I can easily mimic a search form and post any data I want to his site. So any flaws that the GET would have the POST would have, which is why you code for sanitizing data and do checks before you query your database etc. To say that POST data is more secure than GET, is kind of ludicrous, yes for a Password form I would agree because the password is not appended onto the url and thus not saved in your browser history. But either way that password is passed un-encrypted as raw text to the script which is why we have SSL sites, which does have encryption tied to it. But a site without SSL, potentially anyone in between your computer and the server can sniff that password out, which is why any site that does some type of financial information tends to have SSL. The valid reason to use get in this situation is to allow people to link/bookmark search results. Doing this will also help content be search engine friendly, as you can create a sitemap of common searches and have google spider them, many sites do this and they also save searches that people have searched for to put on that sitemap automatically. If I were you, before you present items as fact I would do some reading up on them in the future. i wouldnt be so sure hon I would be, because I have been web programming for 11 years now. And at least 7 of them was devoted to learning and understanding search engine optimization. among other things won't be destroyed by something as trivial as $_GET vs $_POST variables. Any good "hacker" can alter post variables as easily as get variables, and as long as you take the correct precautions (which aren't that difficult to begin with) you'll be fine. Yep, you code for attacks in either scenario POST or GET for this reason and the reasons I stated (which is basically along the same lines) POST is just as insecure as GET. ...and it will be their downfall. Ok so how many programmers with PHD degrees does google have working for them? Seriously, their downfall is that they use GET data in basically every single one of their applications, their Google Maps, Google API's all use GET data...come on now. Take the time and actually do the research. The single best search engine we have ever seen on the internet is going to fall because they use GET data instead of POST data? Quote Link to comment Share on other sites More sharing options...
seany123 Posted November 19, 2009 Author Share Posted November 19, 2009 Look into the LIKE command in mysql. For example $sql = "SELECT * FROM user WHERE username LIKE 's%'" that would match all usernames that start with s. The % acts as a wildcard. You can set it to the beginning also $sql = "SELECT * FROM user WHERE username LIKE '%s'" that would match all usernames that end with s $sql = "SELECT * FROM user WHERE username LIKE '%est%'" that would match all usernames that have an est in them, for examle, lester ester bestMan bestInTheWorld etc. And using GET is perfectly fine if you protect against mysql injections. Google does it, and being able to bookmark certain searches can be extremely useful. Edit: tutorial okay i understand that to a certain degree... however what about if for example i didnt put anything in the id form... how do i do the query so it doesnt search for ID == NULL.. Quote Link to comment Share on other sites More sharing options...
premiso Posted November 19, 2009 Share Posted November 19, 2009 You omit that from the search, here is a tutorial I created about creating dynamic searches, perhaps it will help you out... http://www.phpfreaks.com/tutorial/simple-sql-search Not sure if you have already looked at it, but perhaps it will help you understand more of what needs to be done... Quote Link to comment Share on other sites More sharing options...
seany123 Posted November 19, 2009 Author Share Posted November 19, 2009 You omit that from the search, here is a tutorial I created about creating dynamic searches, perhaps it will help you out... http://www.phpfreaks.com/tutorial/simple-sql-search Not sure if you have already looked at it, but perhaps it will help you understand more of what needs to be done... is there no possible way to keep it in the query just get it to look for nothing. Quote Link to comment Share on other sites More sharing options...
premiso Posted November 19, 2009 Share Posted November 19, 2009 is there no possible way to keep it in the query just get it to look for nothing. If it is null, why would you want it in the query? And the way you can keep it in the query is add an OR after it: ID is NULL OR (other expressions here) But doing that basically renders the ID useless anyways so why not just omit it if it is not needed? Quote Link to comment Share on other sites More sharing options...
seany123 Posted November 19, 2009 Author Share Posted November 19, 2009 is there no possible way to keep it in the query just get it to look for nothing. If it is null, why would you want it in the query? And the way you can keep it in the query is add an OR after it: ID is NULL OR (other expressions here) But doing that basically renders the ID useless anyways so why not just omit it if it is not needed? im finding it pretty difficult to understand how to omit it... this is the code i currently have... its all done very simply: <?php if ($_POST['submit']){ if (!$_POST['minlevel']){ $_POST['minlevel'] = 0; } if (!$_POST['maxlevel']){ $_POST['maxlevel'] = 500; } if (!$_POST['money']){ $_POST['money'] = 0; } $username = $_POST['username']; $query = $db->execute("SELECT * FROM players WHERE level >= '".$_POST['minlevel']."' && level <= '".$_POST['maxlevel']."' && username LIKE '%$username%' && money >= '".$_POST['money']."'"); while($member = $query->fetchrow()) { echo" <tr> <td>"; echo $member['username']; echo "</td> </tr>"; } } ?> Quote Link to comment Share on other sites More sharing options...
seany123 Posted November 19, 2009 Author Share Posted November 19, 2009 anyway to do it like that? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.