Jump to content

Archived

This topic is now archived and is closed to further replies.

golyath

Mysql search not working

Recommended Posts

Hi i have written a simple searching script so that it builds a Sql statement and passes it back to another page for the results. It simply works with a check box if you want to see all items, and a drop down box if you want to serch with certain criterea and then a text box to enter the thing you are searching for...

e.g. drop down = Firstname textbox = Edward. Searching for all records where firstname = Edward.

this is the script:

    php:
    <?
        $crit=$_POST['crit'];
        $search=$_POST['search'];
       
        if($all == "all"){
            $sql="SELECT * FROM users";
            header("location:index.php?section=cPanel&control=members&ctrlMem=view&sqlCheck=$sql");
        }
        else{
            if($search == ""){
                header("location:index.php?section=error&error=missing");
            }
            else{
                $sql="SELECT * FROM users WHERE $crit = '$search'";
                //echo $sql;
                header("location:index.php?section=cPanel&control=members&ctrlMem=view&sqlCheck=$sql");
            }
        }

    ?>



this works fine if all is selected, and the Sql statement is sent back and works fine...

But... If you try to use the section where you are searching for a certian criteria, the sql errors out when usign it on the next page saying:

    php:Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource
    ?>



I have echoed out the sql when testing it to see if the sql statement is wrong, but i cant see anythign wrong with it:

SELECT * FROM users WHERE firstname = 'Edward'

If anyone can point me in the right direct it would be greatly appreciated.

Thanks

Share this post


Link to post
Share on other sites
That is saying that the function mysql_numrows is not a valid argument
$sql = $_GET["Check"];
mysql_query($sql);

but I would strong advice against doing this, it allows people to type in the address bar the new query, and do anything to your database

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.