mattbrown Posted January 10, 2007 Share Posted January 10, 2007 I have made a function to run a simple search facility on my site but for some reason the mysql queries are not getting put together right heres the function:[code]function search($searchStr, $searchBy) { //Declare our globals global $hostname, $username, $password; //Find out what we're searching for and construct the query switch ($searchBy) { case 1: //Search by barcode $searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode='%s'", mysql_real_escape_string($searchStr)); break; case 2: //Search by title $searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE name LIKE '%%%s%%'", mysql_real_escape_string($searchStr)); break; case 3: //Search by description $searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE description LIKE '%%%s%%'", mysql_real_escape_string($searchStr)); break; case 4: //Search by barcode, title, description $searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level MATCH (productCode, name, description) AGAINST ('%s') FROM bgy_CubeCart_inventory", mysql_real_escape_string($searchStr)); break; } //Connect to the database and run the query $link = mysql_connect("$hostname" , "$username" , "$password")or die(mysql_error()); mysql_select_db('barkersgifts'); $searchResult = mysql_query($searchQuery); mysql_close($link); if (mysql_num_rows($searchResult)) { return $searchResult; } else { return "No Results Found"; } }[/code]if i change [code]$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode='%s'", mysql_real_escape_string($searchStr));[/code]to[code]$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode='$searchStr'",);[/code]Then it works ok but using mysql_real_escape_string() the query that get constructed is as followsSELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode=''I have used mysql_real_escape_string() in other functions and it seems to work just fine :-Sany help would be very much appreciated Link to comment https://forums.phpfreaks.com/topic/33622-can-anybody-tell-me-why-this-wont-work-s/ Share on other sites More sharing options...
mattbrown Posted January 10, 2007 Author Share Posted January 10, 2007 After a little bit more messing around and comparing this to my other functions the answer has become obvious $link = mysql_connect("$hostname" , "$username" , "$password")or die(mysql_error()); mysql_select_db('barkersgifts'); needs to be before the line where mysql_real_escape_string() is used, for obvious reasons. Link to comment https://forums.phpfreaks.com/topic/33622-can-anybody-tell-me-why-this-wont-work-s/#findComment-157625 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.