Jump to content


Photo

Mysql search not working


  • Please log in to reply
1 reply to this topic

#1 golyath

golyath
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 19 September 2006 - 03:55 PM

Hi i have written a simple searching script so that it builds a Sql statement and passes it back to another page for the results. It simply works with a check box if you want to see all items, and a drop down box if you want to serch with certain criterea and then a text box to enter the thing you are searching for...

e.g. drop down = Firstname textbox = Edward. Searching for all records where firstname = Edward.

this is the script:

    php:
    <?
        $crit=$_POST['crit'];
        $search=$_POST['search'];
       
        if($all == "all"){
            $sql="SELECT * FROM users";
            header("location:index.php?section=cPanel&control=members&ctrlMem=view&sqlCheck=$sql");
        }
        else{
            if($search == ""){
                header("location:index.php?section=error&error=missing");
            }
            else{
                $sql="SELECT * FROM users WHERE $crit = '$search'";
                //echo $sql;
                header("location:index.php?section=cPanel&control=members&ctrlMem=view&sqlCheck=$sql");
            }
        }

    ?>



this works fine if all is selected, and the Sql statement is sent back and works fine...

But... If you try to use the section where you are searching for a certian criteria, the sql errors out when usign it on the next page saying:

    php:Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource
    ?>



I have echoed out the sql when testing it to see if the sql statement is wrong, but i cant see anythign wrong with it:

SELECT * FROM users WHERE firstname = 'Edward'

If anyone can point me in the right direct it would be greatly appreciated.

Thanks

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 September 2006 - 04:50 PM

That is saying that the function mysql_numrows is not a valid argument
$sql = $_GET["Check"];
mysql_query($sql);

but I would strong advice against doing this, it allows people to type in the address bar the new query, and do anything to your database
Tell me the problem, I will try tell you the solution




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users