SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php search code only search one keyword

    i have created a search engine but it will only search one variable, city or gender but not both. if i try to search both my oldest variable keeps being overwritten.

    HTML Code:
    <html>
    <head>
    <title></title>
    </head>
    <body bgcolor="grey">
    <form action="search5.php" method="GET">
    <center>
    <h1> search city</h1>
    <fieldset>
    <input type='text' size='60' name='search[]' value='city'></br></br>
    <h1> search gender<h1>
    <input type='checkbox' name='search[]' value='male'><p>male</p></br>
    <input type='checkbox' name='search[]' value='female'><p>female</p>
    <input type='submit' name='submit' value='Search'></br></br></br>
    </fieldset>
    </center>
    </form>
    </body>
    </html>
    PHP Code:
    <?php

    if(isset($_GET['submit']))

    $button $_GET ['submit'];

    if(isset(
    $_GET['search']))

    $search $_GET ['search'];
        
    if(
    strlen($search)<=1)
    echo 
    "Search term too short";
    else{
    echo 
    "You searched for <b>$search</b> <hr size='1'></br>";

    mysql_connect("localhost","root","39bounty");
    mysql_select_db("customerdb");
        

    $search_exploded explode (" "$search);
        
    foreach(
    $search_exploded as $search_each)
    {
    $x=0;
    $x++;
    $construct="";
    if(
    $x==1)
    $construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
    else

    $construct .= " AND city LIKE '%$search_each%' AND gender like '%search_each%;";
        
    }
      
    $constructs ="SELECT * FROM members WHERE $construct";
    $run mysql_query($constructs);
        
    $foundnum mysql_num_rows($run);
        
    if (
    $foundnum==0)
    echo 
    " Try different words with similar
     meaning</br>3. Please check your spelling"
    ;
    else

      
    echo 
    "$foundnum results found !<p>";
      
    $per_page 1;
    $start =(isset($_GET['start']) ? $_GET['start']: 0);
    $max_pages ceil($foundnum $per_page);
    if(!
    $start)
    $start=0
    $getquery mysql_query("SELECT * FROM members WHERE $construct LIMIT $start$per_page");
      
    while(
    $runrows mysql_fetch_assoc($getquery))
    {
    $user $runrows ['user'];
    $city $runrows ['city'];
    $gender=$runrows ['gender'];


       
    echo 
    "

    <a href='
    $city,'><b>user</b></a><br>
    <a href='members.php?view=
    $user'>profile</a>
    $user<br>

    "
    ;
        
    }

  2. #2
    SitePoint Evangelist bronze trophy
    Join Date
    Feb 2013
    Posts
    500
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Viewing your php post above, the colors (blue and red) should be a good indicator of what might be wrong with this section.
    PHP Code:
    $construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
    else

    $construct .= " AND city LIKE '%$search_each%' AND gender like '%search_each%;";
        

    PHP Code:
    foreach($search_exploded as $search_each){
        
    $x=0;
        
    $x++;
        
    $construct="";
        if(
    $x==1){
            
    $construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
        }else{
            
    $construct .= " AND city LIKE '%$search_each%' AND gender like '%$search_each%'";
        }    


  3. #3
    SitePoint Evangelist bronze trophy
    Join Date
    Feb 2013
    Posts
    500
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    It's a very bad idea to query directly from GET or POST without sanitizing data, striping out any tags, and escaping special characters. It would be very easy for someone to hack into your database. You should also move away from mysql and BIND values before using them in your query. Hate to bring all that down on you but if you're just learning, you might look into PDO.

  4. #4
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,011
    Mentioned
    56 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by web1868 View Post
    Code php:
    if(isset($_GET['submit']))
     
    $button = $_GET ['submit'];
     
    if(isset($_GET['search']))
     
    $search = $_GET ['search'];
     
    if(strlen($search)<=1)
    echo "Search term too short";
    else{
    echo "You searched for <b>$search</b> <hr size='1'></br>";
    No. $search is an array, not a string. Why? Because you made it an array when you gave it the name attribute of "search[]". PHP should throw a warning about this, turn your error reporting on.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •