PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have a search form on my main page which the user can insert some text and then select a table to search in. The problem is, is that the search brings up every record in the database. It worked before I inserted the list menu to choose a table to search in.
your code was written with register_globals assumed on, when they likely aren't, and shouldn't be.
please choose topics to threads wisely. The dashes and "please help" stuff is not how to get us to help faster. We help everyone at the same general speed, if we can. Personally, there is almost nothing that a topic can say that'd make me read it earlier than any other thread.
$search and $selection are both empty because they do not exist. $_POST['search'] and $_POST['selection'] do, however.
it's very important to sanitize the information coming in from the user, as SQL injection is very possible here.
by the way, your where clause checks a string if it's like another string, not a column reference. You may need to translate the information about $selection when it comes in so that it has the proper name, as I think your code will give the index in most browsers. At any rate, you need to verify that $selection is one of the marks you expect..
if(!$_POSTї'selection']){ echo "You did not select your selection"; } // Only use this line if you want to ensure they make a selection
if(!$_POSTї'search']){ echo "You did not submit any search criteria"; } // Only use this line if you want to ensure that they entered search criteria.
// clean up information for safe passing to database
$search = mysql_real_escape_string(strip_tags($_POSTї'search']));
$selection = mysql_real_escape_string(strip_tags($_POSTї'search']));
/* Note, sanitizing the selection field may not be mandatory because it's coming from a select box, but is always encouraged because someone could submit information via the URL. And only use mysql_real_escape_string if you're using a MySQL database. */