Php search code only search one keyword

web1868 · September 10, 2013, 5:34pm

i have created a search engine but it will only search one variable, city or gender but not both. if i try to search both my oldest variable keeps being overwritten.

<html>
<head>
<title></title>
</head>
<body bgcolor="grey">
<form action="search5.php" method="GET">
<center>
<h1> search city</h1>
<fieldset>
<input type='text' size='60' name='search[]' value='city'></br></br>
<h1> search gender<h1>
<input type='checkbox' name='search[]' value='male'><p>male</p></br>
<input type='checkbox' name='search[]' value='female'><p>female</p>
<input type='submit' name='submit' value='Search'></br></br></br>
</fieldset>
</center>
</form>
</body>
</html>

<?php

if(isset($_GET['submit']))

$button = $_GET ['submit'];

if(isset($_GET['search']))

$search = $_GET ['search'];
    
if(strlen($search)<=1)
echo "Search term too short";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";

mysql_connect("localhost","root","39bounty");
mysql_select_db("customerdb");
    

$search_exploded = explode (" ", $search);
    
foreach($search_exploded as $search_each)
{
$x=0;
$x++;
$construct="";
if($x==1)
$construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
else

$construct .= " AND city LIKE '%$search_each%' AND gender like '%search_each%;";
    
}
  
$constructs ="SELECT * FROM members WHERE $construct";
$run = mysql_query($constructs);
    
$foundnum = mysql_num_rows($run);
    
if ($foundnum==0)
echo " Try different words with similar
 meaning</br>3. Please check your spelling";
else
{ 
  
echo "$foundnum results found !<p>";
  
$per_page = 1;
$start =(isset($_GET['start']) ? $_GET['start']: 0);
$max_pages = ceil($foundnum / $per_page);
if(!$start)
$start=0; 
$getquery = mysql_query("SELECT * FROM members WHERE $construct LIMIT $start, $per_page");
  
while($runrows = mysql_fetch_assoc($getquery))
{
$user = $runrows ['user'];
$city = $runrows ['city'];
$gender=$runrows ['gender'];


   
echo "

<a href='$city,'><b>user</b></a><br>
<a href='members.php?view=$user'>profile</a>
$user<br>

";
    
}

Drummin · September 10, 2013, 7:39pm

Viewing your php post above, the colors (blue and red) should be a good indicator of what might be wrong with this section.

$construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
else

$construct .= " AND city LIKE '%$search_each%' AND gender like '%search_each%;";

}

foreach($search_exploded as $search_each){
	$x=0;
	$x++;
	$construct="";
	if($x==1){
		$construct .= " city LIKE '%$search_each%' or gender like '%$search_each%'";
	}else{
		$construct .= " AND city LIKE '%$search_each%' AND gender like '%$search_each%'";
	}
}

Drummin · September 10, 2013, 8:19pm

It’s a very bad idea to query directly from GET or POST without sanitizing data, striping out any tags, and escaping special characters. It would be very easy for someone to hack into your database. You should also move away from mysql and BIND values before using them in your query. Hate to bring all that down on you but if you’re just learning, you might look into PDO.

Michael_Morris1 · September 11, 2013, 3:14am

web1868:


if(isset($_GET['submit']))

$button = $_GET ['submit'];

if(isset($_GET['search']))

$search = $_GET ['search'];

if(strlen($search)<=1)
echo "Search term too short";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";

No. $search is an array, not a string. Why? Because you made it an array when you gave it the name attribute of “search”. PHP should throw a warning about this, turn your error reporting on.