Jump to content

Recommended Posts

I hate to admit defeat.  I created this musical instrument database using various forums.  Miraculously it works great except I cannot enter two words in the search form.  Anyone have any ideas?  Hopefully it is just a tweak..  Here is the PHP part, the form is in an .htm file and passes to this php page.

 

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<title><b> Fender Instruments </b></title>
</head>

<body>

<p><p align="center"><b><a href="http://www.thrume.net/recordapp/webservices/fendersearch.htm"><font size="4">Click
Here to Search Again!</a></b></p>

</body>

</html>


<?

mysql_connect("fenderjazzxxxxxx.com","fenderjazz","password..XXXXXX");
@mysql_select_db("fenderjazz") or die( "Unable to select database");

$term = $_POST['term'];
 
$result = mysql_query("select * from fenderjazz where description like '%$term%' ORDER BY salesprice DESC");


$num=mysql_numrows($result);

mysql_close();

echo "<b><center>FenderBlog.com</center></b><br><br>";

?>
<table border="0" cellspacing="2" cellpadding="2">
<tr>
<th><font face="Arial, Helvetica, sans-serif">Description</font></th>
<th><font face="Arial, Helvetica, sans-serif">Date Sold</font></th>
<th><font face="Arial, Helvetica, sans-serif">Sales Price</font></th>
</tr>

<?
$i=0;
while ($i < $num) {
$description=mysql_result($result,$i,"description");
$datesold=mysql_result($result,$i,"datesold");
$salesprice=mysql_result($result,$i,"salesprice");
?>

<tr>
<td><font face="Arial, Helvetica, sans-serif"><? echo "$description"; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo "$datesold"; ?></font></td>
<td>$<font face="Arial, Helvetica, sans-serif"><? echo number_format("$salesprice", 2, '.',','); ?></font></td>
</tr>
<?
++$i;
}
echo "</table>";


?>
 

 

Sorry, I'm very new to this.  What does this data sanitation do?  Is the code above what I need to make the search work with multiple words or does it do something else?  Also, where would this be placed in my code?

Thanks.

data sanitization is where you take what the user enters and clean it up, making it safe to send it to your back end.  if you aren't doing this then anyone could come along and enter a value in your form that will drop all your tables and leave you with nothing.  if you don't have any as of yet I would suggest that you include this. look into using mysql_real_escape_string() and also look into pregReplace to change all your spaces into either % or ? wildcards, depending on how loose you want to make the search.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.