markguitarplayer Posted May 29, 2013 Share Posted May 29, 2013 I hate to admit defeat. I created this musical instrument database using various forums. Miraculously it works great except I cannot enter two words in the search form. Anyone have any ideas? Hopefully it is just a tweak.. Here is the PHP part, the form is in an .htm file and passes to this php page. <html><head><meta http-equiv="Content-Language" content="en-us"><title><b> Fender Instruments </b></title></head><body><p><p align="center"><b><a href="http://www.thrume.net/recordapp/webservices/fendersearch.htm"><font size="4">ClickHere to Search Again!</a></b></p></body></html><?mysql_connect("fenderjazzxxxxxx.com","fenderjazz","password..XXXXXX");@mysql_select_db("fenderjazz") or die( "Unable to select database");$term = $_POST['term']; $result = mysql_query("select * from fenderjazz where description like '%$term%' ORDER BY salesprice DESC");$num=mysql_numrows($result);mysql_close();echo "<b><center>FenderBlog.com</center></b><br><br>";?><table border="0" cellspacing="2" cellpadding="2"><tr><th><font face="Arial, Helvetica, sans-serif">Description</font></th><th><font face="Arial, Helvetica, sans-serif">Date Sold</font></th><th><font face="Arial, Helvetica, sans-serif">Sales Price</font></th></tr><?$i=0;while ($i < $num) {$description=mysql_result($result,$i,"description");$datesold=mysql_result($result,$i,"datesold");$salesprice=mysql_result($result,$i,"salesprice");?><tr><td><font face="Arial, Helvetica, sans-serif"><? echo "$description"; ?></font></td><td><font face="Arial, Helvetica, sans-serif"><? echo "$datesold"; ?></font></td><td>$<font face="Arial, Helvetica, sans-serif"><? echo number_format("$salesprice", 2, '.',','); ?></font></td></tr><?++$i;}echo "</table>";?> Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted May 29, 2013 Share Posted May 29, 2013 where is your data sanitization? Quote Link to comment Share on other sites More sharing options...
markguitarplayer Posted May 29, 2013 Author Share Posted May 29, 2013 Sorry, I'm very new to this. What does this data sanitation do? Is the code above what I need to make the search work with multiple words or does it do something else? Also, where would this be placed in my code? Thanks. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted May 29, 2013 Share Posted May 29, 2013 data sanitization is where you take what the user enters and clean it up, making it safe to send it to your back end. if you aren't doing this then anyone could come along and enter a value in your form that will drop all your tables and leave you with nothing. if you don't have any as of yet I would suggest that you include this. look into using mysql_real_escape_string() and also look into pregReplace to change all your spaces into either % or ? wildcards, depending on how loose you want to make the search. Quote Link to comment Share on other sites More sharing options...
markguitarplayer Posted May 29, 2013 Author Share Posted May 29, 2013 Thanks for the advice. That is pretty scary. I'll look into those things. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.