Jump to content

Need help with this search script

CodyNPaige

By CodyNPaige
in PHP Coding Help

 Share

Recommended Posts

CodyNPaige Newbie

CodyNPaige

Posted
Posted

When I open the page in browser it list everything that's in my DB without searching for anything. What is wrong to make it do this?

 

<form method="post" action="<?=$PHP_SELF?>">
<center>
    <table border="0" cellpadding="0" width="100%">
      <tr>
        <td width="30%">
  <p align="right">Search For GID Number:</p></td>
        <td width="80%"><input type="text" name="searchterm"></td>
      </tr>
</table>
</center>
<p align="left">
<input type="submit" value="Search"><br><br>
</form>

<?php
include('fbvar.php');

/*set varibles from form */
$searchterm = $_POST['searchterm'];
trim ($searchterm);

/*check if search term was entered*/
if (!$searchterm){
        echo 'Please enter a search term.';
}
/*add slashes to search term (')(")*/
if (!get_magic_quotes_gpc())
{
$searchterm = addslashes($searchterm);

}

/* connects to database*/
@ $dbconn = new mysqli($databaseserver, $databaseuser, $databasepass, $databasename); 
if (mysqli_connect_errno()) 
{
echo 'Error: Could not connect to database.  Please try again later.';
exit;
}

/*query the database*/
$query = "SELECT gid, gift FROM $gifts WHERE gift like '%".$searchterm."%' ORDER BY gid";
$result = $dbconn->query($query);

/*number of rows found*/
$num_results = $result->num_rows;

echo '<p>Found: '.$num_results.'</p>';
/*loops through results*/
for ($i=0; $i <$num_results; $i++)
{
$num_found = $i + 1;
$row = $result->fetch_assoc();
echo "$num_found. ".($row['gid']).' '.($row['gift'])." <br />";
}
/*free database*/
$dbconn->close();
//End of the Search Database form
?>

Link to comment
https://forums.phpfreaks.com/topic/253124-need-help-with-this-search-script/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

You should program with all errors displayed.

 

You've used $_POST['searchterm'] before making sure it exists.

You addslashes() to the posted data, when you should be stripping slashes if magic_quotes is enabled, and using mysqli->escape_string()

You've used $gifts in your query, though it hasn't been defined anywhere. If it's defined in the include, you should make sure it exists before using it.

You don't check if your query is executing successfully. mysqli->query() will return FALSE if the query has failed, and mysqli->error will be a string containing the error information.

 

To turn on errors, place the code in my signature at the TOP of your script.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.