Jump to content

Can anybody tell me why this wont work :-S

mattbrown

By mattbrown
in PHP Coding Help

 Share

Recommended Posts

mattbrown Newbie

mattbrown

Posted
Posted
I have made a function to run a simple search facility on my site but for some reason the mysql queries are not getting put together right heres the function:

[code]function search($searchStr, $searchBy) {
//Declare our globals
global $hostname, $username, $password;

//Find out what we're searching for and construct the query
switch ($searchBy) {
case 1: //Search by barcode
$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM
bgy_CubeCart_inventory WHERE productCode='%s'",
mysql_real_escape_string($searchStr));
break;

case 2: //Search by title
$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM
bgy_CubeCart_inventory WHERE name LIKE '%%%s%%'",
mysql_real_escape_string($searchStr));
break;

case 3: //Search by description
$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM
bgy_CubeCart_inventory WHERE description LIKE '%%%s%%'",
mysql_real_escape_string($searchStr));
break;

case 4: //Search by barcode, title, description
$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level MATCH
(productCode, name, description) AGAINST ('%s') FROM
bgy_CubeCart_inventory",
mysql_real_escape_string($searchStr));
break;
}

//Connect to the database and run the query
$link = mysql_connect("$hostname" , "$username" , "$password")or die(mysql_error());
mysql_select_db('barkersgifts');
$searchResult = mysql_query($searchQuery);
mysql_close($link);


if (mysql_num_rows($searchResult)) {

return $searchResult;
} else {
return "No Results Found";
}

}
[/code]

if i change
[code]$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode='%s'",
mysql_real_escape_string($searchStr));[/code]

to

[code]$searchQuery = sprintf("SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode='$searchStr'",);[/code]

Then it works ok but using mysql_real_escape_string() the query that get constructed is as follows

SELECT productCode, image, price, name, sale_price, stock_level FROM bgy_CubeCart_inventory WHERE productCode=''

I have used mysql_real_escape_string() in other functions and it seems to work just fine :-S

any help would be very much appreciated



Link to comment
Share on other sites
mattbrown Newbie

mattbrown

Posted
  • Author
Posted
After a little bit more messing around and comparing this to my other functions the answer has become obvious

$link = mysql_connect("$hostname" , "$username" , "$password")or die(mysql_error());
mysql_select_db('barkersgifts');


needs to be before the line where mysql_real_escape_string() is used, for obvious reasons.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.