SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict XiledWeb's Avatar
    Join Date
    May 2005
    Location
    Nashville
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Search query finds all results instead of categories

    So, I have a database with sports related articles, and I'm having problems with users running a specific search.

    The user can search by author, category and 'containing text'. Despite that, it returns all articles listed in the database.

    Another (several many) pair of sitepoint eyes would be appreciated.

    Code:
    $authors = @mysql_query('SELECT id, name FROM author');
    if (!$authors) {
      exit('<p>Unable to obtain author list from the database.</p>');
    }
    
    $cats = @mysql_query('SELECT id, name FROM category');
    if (!$cats) {
      exit('<p>Unable to obtain category list from the database.</p>');
    }
    ?>
    
    <form action="articlelist.php" method="post">
    <p>View articles satisfying the following criteria:</p>
    <label>By author:
    <select name="aid" size="1">
      <option selected value="">Any Author</option>
    <?php
    while ($author = mysql_fetch_array($authors)) {
      $aid = $author['id'];
      $aname = htmlspecialchars($author['name']);
      echo "<option value='$aid'>$aname</option>\n"; 
    }
    ?>
    </select></label><br />
    <label>By category:
    <select name="cid" size="1">
      <option selected value="">Any Category</option>
    <?php
    while ($cat = mysql_fetch_array($cats)) {
      $cid = $cat['id'];
      $cname = htmlspecialchars($cat['name']);
      echo "<option value='$cid'>$cname</option>\n"; 
    }
    ?>
    </select></label><br />
    <label>Containing text: <input type="text" name="searchtext" /></label><br />
    <input type="submit" value="Search" />
    </form>

  2. #2
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    California
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It appears that you aren't actually using the form data that the user provides to you.

    PHP Code:
    if (isset($_POST['cid']))
     {
         // you have the cat id now
     }
     else
     {
       // display form
     $authors = @mysql_query('SELECT id, name FROM author');
       if (!$authors) {
         exit('<p>Unable to obtain author list from the database.</p>');
       }
       
       $cats = @mysql_query('SELECT id, name FROM category');
       if (!$cats) {
         exit('<p>Unable to obtain category list from the database.</p>');
       }
       ?>
       
       <form action="articlelist.php" method="post">
       <p>View articles satisfying the following criteria:</p>
       <label>By author:
       <select name="aid" size="1">
         <option selected value="">Any Author</option>
       <?php
       
    while ($author mysql_fetch_array($authors)) {
         
    $aid $author['id'];
         
    $aname htmlspecialchars($author['name']);
         echo 
    "<option value='$aid'>$aname</option>\n"
       }
       
    ?>
       </select></label><br />
       <label>By category:
       <select name="cid" size="1">
         <option selected value="">Any Category</option>
       <?php
       
    while ($cat mysql_fetch_array($cats)) {
         
    $cid $cat['id'];
         
    $cname htmlspecialchars($cat['name']);
         echo 
    "<option value='$cid'>$cname</option>\n"
       }
       
    ?>
       </select></label><br />
       <label>Containing text: <input type="text" name="searchtext" /></label><br />
       <input type="submit" value="Search" />
       </form>
     
     
     <?php
     
    }
    ?>
    I haven't tested the code, nor is it complete. Let me know if you need anything else.
    The Banana Stand - an Arrested Development fansite
    LC-3 Help - tutorials on the LC-3 educational assembly language

  3. #3
    SitePoint Addict XiledWeb's Avatar
    Join Date
    May 2005
    Location
    Nashville
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That still results in all the articles being returned in the search.

  4. #4
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    California
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by XiledWeb
    That still results in all the articles being returned in the search.
    Yes, as it should. If you use a different query such as

    PHP Code:
    $query 'SELECT * FROM cats WHERE id = ' $_POST['cid']; 
    once you have the post data ($_POST['cid']) then you should be good.
    The Banana Stand - an Arrested Development fansite
    LC-3 Help - tutorials on the LC-3 educational assembly language

  5. #5
    SitePoint Addict XiledWeb's Avatar
    Join Date
    May 2005
    Location
    Nashville
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by thirteenlisk

    PHP Code:
    $query 'SELECT * FROM cats WHERE id = ' $_POST['cid']; 
    Which would replace what exactly?

  6. #6
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    California
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if (isset($_POST['cid']))
       {
           // you have the cat id now
        $query = 'SELECT * FROM cats WHERE id = ' . $_POST['cid'];

        // this is a separate part of the code
        // query again and format your list with the results
       }
       else
       {
         // display form
       $authors = @mysql_query('SELECT id, name FROM author');
         if (!$authors) {
           exit('<p>Unable to obtain author list from the database.</p>');
         }
         
         $cats = @mysql_query('SELECT id, name FROM category');
         if (!$cats) {
           exit('<p>Unable to obtain category list from the database.</p>');
         }
         ?>
         
         <form action="articlelist.php" method="post">
         <p>View articles satisfying the following criteria:</p>
         <label>By author:
         <select name="aid" size="1">
           <option selected value="">Any Author</option>
         <?php
         
    while ($author mysql_fetch_array($authors)) {
           
    $aid $author['id'];
           
    $aname htmlspecialchars($author['name']);
           echo 
    "<option value='$aid'>$aname</option>\n"
         }
         
    ?>
         </select></label><br />
         <label>By category:
         <select name="cid" size="1">
           <option selected value="">Any Category</option>
         <?php
         
    while ($cat mysql_fetch_array($cats)) {
           
    $cid $cat['id'];
           
    $cname htmlspecialchars($cat['name']);
           echo 
    "<option value='$cid'>$cname</option>\n"
         }
         
    ?>
         </select></label><br />
         <label>Containing text: <input type="text" name="searchtext" /></label><br />
         <input type="submit" value="Search" />
         </form>
       
       
       <?php
       
    }
      
    ?>
    Again, this isn't complete code. In the new portion of code (within the if statement) you will be able to display the results of the user's form actions. This is separate than actually showing the form itself.

    By the way, is there any other code you're using?
    The Banana Stand - an Arrested Development fansite
    LC-3 Help - tutorials on the LC-3 educational assembly language

  7. #7
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    TIP/WARNING: dont forget to santise ALL user input BEFORE using it in your query. DONT use raw POST values in your sql line.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  8. #8
    SitePoint Addict XiledWeb's Avatar
    Join Date
    May 2005
    Location
    Nashville
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by thirteenlisk

    By the way, is there any other code you're using?
    Apart from the database connections code, no, this is all I'm using for the form.

  9. #9
    SitePoint Addict XiledWeb's Avatar
    Join Date
    May 2005
    Location
    Nashville
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ
    TIP/WARNING: dont forget to santise ALL user input BEFORE using it in your query. DONT use raw POST values in your sql line.
    Thanks for the tip - but I'm fairly new to PHP and SQL so that doesn't mean much right now. I know it should...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •