Search Engine Prob

[dream25]

Hi.. i have one more doubt.. please clear  it.. i wrote a code for search engine.. if i run that code.. its shows.. nothing.. the code has follows..

 

 

<html>

<body>

Search:

<form method='post' action='search.php'>

<input type='text' name='search' size='25' maxlength='25'>

<input type='Submit' name=' Search ' value='Submit'>

</form>

</body>

</html>

 

 

 

<?php

 

$host="localhost";

$username="root";

$password="";

$db_name="database1";

$tbl_name="table1";

if(isset($_POST['submit']))

{

 

  echo "Your Name Is

" . $_POST['search'] ;

 

mysql_connect("$localhost", "$username", "$password")or die("Cannot connect");

mysql_select_db("$db_name")or die("Cannot select database");

 

$search=$_POST["search"];

 

$result = mysql_query("SELECT * FROM '$tbl_name' WHERE name LIKE '%$search%'");

 

while($r=@mysql_fetch_array($result))

{ 

 

//change the names to your columns

  $topic=$r["topic"];

  $message=$r["message"];

  $name=$r["name"];

  $date=$r["date"];

  $id=$r["id"];

 

  //display the row

  echo "$id | $topic by $name at $date

 

$message";

}

if(!search){

echo "Please enter a search.";

}

else

{

echo "Sorry, there were no searches with the criteria of $search.";

}

}

?>

Thanks In Advance

[Lumio]

Please use code-tags!

 

The solution:

Your sql-query has an error. You see nothing because you ignore the error with the @

The error is here: FROM '$tbl_name'. You only need those single quotes for values. For tables and coumns use a gravis: `

$result = mysql_query("SELECT * FROM `$tbl_name` WHERE name LIKE '%$search%'");

 

also your code can be hacked very easy