I am brand new to PHP as you might gues with my nest question…
I am trying to get a simple “if else” to work.
$result = mysql_query("SELECT * FROM items
WHERE title='$_POST[query]'");
if (title=="$result")
echo "Have a nice weekend!";
else
echo "Have a nice day!";
I think this bit is wrong…
if (title=="$result")
If the contents of the “title” field in the table in the DB matches the “query” input by the user the output should be “Have a nice weekend!” and if not it should be “Have a nice day!”
i.e., put the curly brackets around all the echo statements, so the echo statements become the “body” of the while loop, as its called.
The LIKE bit tells MySQL to match (part of) a string.
So if there is a column with the string ScallioXTX and I do LIKE “%allio%” it will match.
The % tells MySQL: “any numer of characters can be here”. So “allio%” doesn’t match ScallioXTX, because it doesn’t match the Sc at the start.
//GET DATA FROM DATABASE
$title_query = $_POST['query'];
$result = mysql_query("SELECT * FROM items
WHERE title='" . mysql_real_escape_string($title_query) . "'
");
//DISPLAY SEARCH RESULTS
if(mysql_num_rows($result) != 0)
{
while($row = mysql_fetch_array($result))
echo $row['code'] . "<br />";
echo $row['title'] . "<br />";
echo $row['maindesc'] . "<br />";
echo "<img src='http://localhost/foos/images/".$row['itemimg'] . "' /><br />";
}
else {
echo 'there are no results!';
}
// FOOTER
require("footer.php");
//DISCONNECT FROM DATABASE
mysql_close($con);
?>
I have kind of sorted the ‘else’ problem. What you told me worked, but, now only the contents of “code” is being output to the browser. Before it was showing contents of all fields as called for: code, title, maindesc, itemimg.
Also I added the ‘sanitizer’ you mentioned, thanks for that. I can’t figure out how to add the like statement into my code now though. I keep getting errors. This is what I have been trying to include…
SELECT * FROM items WHERE title LIKE '%$title_query%'
The reason that only ‘code’ is showing is because you haven’t put brackets around the while clause. If you don’t use brackets, only the first line after the clause is executed.
With regards to the query, what errors are you getting? The code should be like:
$title_query = mysql_real_escape_string($_POST['query']);
$result = mysql_query("
SELECT *
FROM items
WHERE title LIKE '%" . $title_query . "%'
");
Sorry to sound like a complete noob but what does the sanitizing bit do?
I now have this code thanks to the help of you guys here…
//GET DATA FROM DATABASE
$title_query = $_POST['query'];
$result = mysql_query("SELECT * FROM items
WHERE title='$title_query'");
//DISPLAY SEARCH RESULTS
while($row = mysql_fetch_array($result))
if(mysql_num_rows($result) != 0) {
echo $row['code'] . "<br />";
echo $row['title'] . "<br />";
echo $row['maindesc'] . "<br />";
echo "<img src='http://localhost/foos/images/".$row['itemimg'] . "' /><br />";
}
else {
echo 'there are no results!';
}
Basically users input a word in a search box and then the php looks in the database for a matching title. I am just messing around making a mini search engine for my site. (watch out Google I’m on my way lol)
Trouble is that when there are no matching titles the code should echo “there are no results!” but it doesn’t.
Can you tell me where i’m going wrong again please.
The sanitizing filters the data to prevent people from injecting SQL their own SQL code which could manipulate your database. More info.
The else problem is caused because you’ve placed the check inside the loop. However, if there are no rows then the loop will never run, causing the text to never be displayed. So rather than checking the amount of rows each time the loop runs, you should check beforehand:
if (mysql_num_rows($result) != 0)
{
// while statement here
}
else
{
echo 'there are no results!';
}
Since you’re building a search engine, you might want to match titles that are similar to what was entered, rather than having to be an identical match. You can do this using:
SELECT * FROM items WHERE title LIKE '%$title_query%'
The problem isn’t your if/else per se, it’s with how you’re accessing your query. mysql_query() returns an object, not a single value. What you are really looking for would be more like this:
/*
Note: You should also validate this,
as you shouldn't trust user input.
Especially when it's going directly into a DB query.
*/
$title = 'The Title You Are Checking Against';
$title_query = $_POST['query'];
$result = mysql_query("SELECT * FROM items
WHERE title='$title_query'");
if(mysql_num_rows($result) != 0) {
$data = mysql_fetch_object($result);
if($title == $data->title) {
echo 'Have a nice weekend!';
}
else {
echo 'Have a nice day!';
}
}
I Don’t understand this bit. Am I supposed to assign a title to check against here? The titles I need to check against are stored in the DB in a field name “title”
lol)