FatBobsFeet Posted May 4, 2015 Share Posted May 4, 2015 For starters, I have only been using PHP for about 2 months now. So, if you feel that there is something I should know, please feel free. I'm all ears. Secondarily, I have been working on this for a couple weeks now and have tried several different angles. I've been to the manual a thousand times, gotten a few bits of advice from Stack Overflow, and looked through YouTube, which is where I found this tutorial: This one. So, I've been through this tutorial a few times. I recreated the search in the video, and now I'm attempting to convert elements of it to my own project. Problem is, it doesn't seem to be parsing things correctly. I will try to explain below. Here is a hastebin with the original code from the video: index page and functions page. And here is my code: search page and functions page. Basically, this code accepts a bunch of values from possible inputs, parses them, and then creates a custom SQL statement. In the original code, the 'locations' are a bunch of checkboxes and one or more can be selected, and the SQL statement is verbose and complex. In my code, the 'categories' are a bunch of checkboxes where one or more can be selected, and the SQL statement is much simpler. That's really why I can't figure out what is going wrong. Here are a few things I have tried so far: 1) I commented out the code and used a generic SQL statement, to make sure the values were being queried and displayed correctly. They were. 2) I've watched the tutorial several times to make sure I have the code correct, and as far as I can tell, I do. 3) I've checked the content of variables, etc., to make sure they are getting sent properly, which they appear to be. 4) Since nothing is coming up as a result of this search currently, I removed some of the NOT symbols (!) from the code, and, lo and behold, everything is now a search result. (In other words, it is either ALL or NOTHING. Not very helpful for a search function.) This is what makes me think things are not getting parsed correctly. I hope this is enough information to get you started. If not, let me now what else I can offer. Thanks for any assistance you can offer! Quote Link to comment Share on other sites More sharing options...
Solution fastsol Posted May 4, 2015 Solution Share Posted May 4, 2015 It's a bit hard to figure out from what you've provided in the code files. In one function page you are using mysql and connecting with in each function, which is not a wise idea. Then in the search file you seem to be using PDO, but I can't know for sure cause there isn't any connection info in that page or the other function page. So why the 2 different connection types? As for your problem at hand, have you tried echoing the $sql var just before this line to see if the query string is constructed properly and has the values you expect it to? $searchResults = $db->query($sql); Plus you're not sanitizing the search data in any way, so you're wide open for sql injection. You should be using PDO and prepared statements, not mysql since those functions are now deprecated as of PHP5.5 and honestly haven't been a normal used group of functions for several years now. Quote Link to comment Share on other sites More sharing options...
jcbones Posted May 5, 2015 Share Posted May 5, 2015 I concur, you need to echo out the fully built search query to see what it says, if it is correct, and if it interacts with the database like you expect. Quote Link to comment Share on other sites More sharing options...
FatBobsFeet Posted May 7, 2015 Author Share Posted May 7, 2015 (edited) I understand completely about SQL injection, in fact I posted advice about it for someone else on here just the other day. I am just tweaking the slightly outdated code to see if I can make it work right now, and will add that before it goes live. The PDO vs MySQLi issues are also due to the fact that one is the original old code, and one is my new updated code. Thank you for suggesting I echo out the $sql variable right before the query. I had done this before, and got the expected results, but… this time it led me on the right path. In the switch, I had the cases written out like this (no single quotes): case 'search_city': array_push($queries, "city = $search_city"); and had also tried this (single quotes AND percent sign): case 'search_city': array_push($queries, "city = '%$search_city%'"); but apparently it needed to simply be this (single quotes only): case 'search_city': array_push($queries, "city = '$search_city'"); Edited May 7, 2015 by FatBobsFeet 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.