Jump to content

Trying to Create Search Function

Go to solution Solved by fastsol,

Recommended Posts

For starters, I have only been using PHP for about 2 months now. So, if you feel that there is something I should know, please feel free. I'm all ears.


Secondarily, I have been working on this for a couple weeks now and have tried several different angles. I've been to the manual a thousand times, gotten a few bits of advice from Stack Overflow, and looked through YouTube, which is where I found this tutorial: This one. So, I've been through this tutorial a few times. I recreated the search in the video, and now I'm attempting to convert elements of it to my own project. Problem is, it doesn't seem to be parsing things correctly. I will try to explain below.


Here is a hastebin with the original code from the video: index page and functions page.


And here is my code: search page and functions page.


Basically, this code accepts a bunch of values from possible inputs, parses them, and then creates a custom SQL statement. In the original code, the 'locations' are a bunch of checkboxes and one or more can be selected, and the SQL statement is verbose and complex. In my code, the 'categories' are a bunch of checkboxes where one or more can be selected, and the SQL statement is much simpler. That's really why I can't figure out what is going wrong.


Here are a few things I have tried so far:


1) I commented out the code and used a generic SQL statement, to make sure the values were being queried and displayed correctly. They were.


2) I've watched the tutorial several times to make sure I have the code correct, and as far as I can tell, I do.


3) I've checked the content of variables, etc., to make sure they are getting sent properly, which they appear to be.


4) Since nothing is coming up as a result of this search currently, I removed some of the NOT symbols (!) from the code, and, lo and behold, everything is now a search result. (In other words, it is either ALL or NOTHING. Not very helpful for a search function.) This is what makes me think things are not getting parsed correctly.


I hope this is enough information to get you started. If not, let me now what else I can offer. Thanks for any assistance you can offer!

Link to comment
Share on other sites

  • Solution

It's a bit hard to figure out from what you've provided in the code files.  In one function page you are using mysql and connecting with in each function, which is not a wise idea.  Then in the search file you seem to be using PDO, but I can't know for sure cause there isn't any connection info in that page or the other function page.  So why the 2 different connection types? 


As for your problem at hand, have you tried echoing the $sql var just before this line to see if the query string is constructed properly and has the values you expect it to?

$searchResults = $db->query($sql);

Plus you're not sanitizing the search data in any way, so you're wide open for sql injection.  You should be using PDO and prepared statements, not mysql since those functions are now deprecated as of PHP5.5 and honestly haven't been a normal used group of functions for several years now.

Link to comment
Share on other sites

I understand completely about SQL injection, in fact I posted advice about it for someone else on here just the other day. I am just tweaking the slightly outdated code to see if I can make it work right now, and will add that before it goes live. The PDO vs MySQLi issues are also due to the fact that one is the original old code, and one is my new updated code.


Thank you for suggesting I echo out the $sql variable right before the query. I had done this before, and got the expected results, but… this time it led me on the right path.


In the switch, I had the cases written out like this (no single quotes):


case 'search_city':
array_push($queries, "city = $search_city");
and had also tried this (single quotes AND percent sign):
case 'search_city':
array_push($queries, "city = '%$search_city%'");
but apparently it needed to simply be this (single quotes only):
case 'search_city':
array_push($queries, "city = '$search_city'");
Edited by FatBobsFeet
  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.