Jump to content

[SOLVED] PHP/Mysql search does'nt return the results


Recommended Posts

Hi I have the following HTML form and a script that is supposed to search a database and return results. However when they are executed nothing is returned even though it should as I am searching for somthing that i know is in the database.

HTML Form:
[code]<html>
<h2>Search</h2>
<form name="search" method="post" action="search.php">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="software_name">Software Name</option>
<Option VALUE="catagory">Catagory</option>
<Option VALUE="description">Description</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
</html>[/code]


PHP Script:
[code]<?php
$searching = $_POST['searching'];
$field = $_POST['field'];
$find = $_POST['find'];
//This is only displayed if they have submitted the form
if ($searching =="yes")
{
echo "<h2>Results</h2><p>";

//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term";
exit;
}

// Otherwise we connect to our Database
require ("admin/connect.php");

// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'");

//And we display the results
?>
<table width="1417" border="1" align="center">
  <tr>
    <td width="149"><div align="center">Picture</div></td>
    <td width="171"><div align="center">Name</div></td>
    <td width="171"><div align="center">Catagory</div></td>
    <td width="149"><div align="center">Description</div></td>
    <td width="149"><div align="center">Version</div></td>
<td width="149"><div align="center">More Options</div></td>
  </tr>
<?
while($result_ar = @mysql_fetch_array($data)){
?>
  <tr>
    <td><div align="center"><? echo "$result_ar[product_pic]" ?></div></td>
<td><div align="center"><? echo "$result_ar[software_name]" ?></div></td>
    <td><div align="center"><? echo "$result_ar[catagory]" ?></div></td>
    <td><div align="center"><? echo "$result_ar[description]" ?></div></td>
    <td><div align="center"><? echo "$result_ar[version]" ?></div></td>
<td><div align="center">more stuff</div></td>
  </tr>
<?
}

//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=@mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}

//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>[/code]
Have you tried echoing the query to make sure it looks like it is supposed to?  Are you sure it's even executing the query?  You don't do any validation on the result of the query or check to make sure you've got some rows coming back before you start building the table.

You're also not doing any validation on the input from the form.  Talk about a possibly security issue.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.