PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi all - trial by php fire this - I'm trying to do a simple form that submits to a php page that then conducts a search on my db. For some reason the vars are not being passed across. Any suggestions would be great!
keywordsearch keeps coming up blank. I've tried _GET and _POST without effect. The rest of the search code then fails because it has nothing to search on. Thoughts and ideas would be great thanks!
Stabbing in the dark:
Try var_dump($_POST); on the second page at the top to see what is coming through.
Make sure if you have a if(isset($_POST['submit'])) type statement make sure the field is named submit.
These kinds of problems are almost always name/label problems, double check everything.
function filterBadWords($string){
return preg_replace("/drop|insert|delete|;/", "", $string);
}
$keywordsearch = filterBadWords($keywordsearch);
I've commented this out for now and things are working again.
Now I get an error with my returned dataset - I think there is something wrong with it.
This is the output:
keywordsearch = unix
unix query = SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE unix
result_unix =
Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /files/home1/snt00/searchCoursesResults.php on line 350
$query_unix = "SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE " . $keywordsearch;
$result_unix;
//connect to database
mysql_connect($host,$username,$password);
@mysql_select_db($database) or die("Unable to select database");
//get results
$result_unix = mysql_query($query_unix);
//debug
echo "result_unix = " . $result_unix;
//close the db
mysql_close();
$num_unix=mysql_numrows($result_unix); // errors on this line
...
Any thoughts or ideas would be great thanks!
frank
Last edited by sleazyfrank on Tue Aug 23, 2005 9:59 am, edited 2 times in total.
$query_unix = 'SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE "%' . $keywordsearch . '%"';
Now when I do a search on 'unix' or 'Unix' or even 'UNIX' and I echo out the number of records returned that match - I get num_unix = null. Therefore obviously no matches are being made. Except there are records in the db which have Unix in the CourseTitle. So what gives?
right to the end of the of the php code, therefore keeping the db open until the last minute. Perhaps not efficient, but for now it ensures my db is open until I have completely finished with it.
I am still getting:
Search Courses - Results
keywordsearch = unix
unix query = SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE "unix"
result_unix = Resource id #2
Matching courses: num_unix = null
I assume my query is correct. I can see my keyword is being passed from my form okay; I don't understand what Resource id #2 means though.
Hi - hmmmm; okay in pseudo-code, this is what I am doing:
Setup DB vars
Create anti-sql injection functions
_REQUEST keywordsearch var
echo out keywordsearch
run keywordsearch through anti-sql injection function
build query_unix
echo out query_unix
create $result_unix var
connect to db using mysql_connect
get results using $result_unix = mysql_query($query_unix);
echo out result_unix
create $num_unix=mysql_numrows($result_unix);
echo out a table plus initial TR with TD containing headers
if statement - if($num_unix != null){
start a while loop getting fields out of the result and echoing them into the next table row
}
if statement - if($num_unix == null){
echo "num_unix = null";
}
so $num_unix is always coming out null for some reason. Previous experience in using these statements hasn't done this; this is the first time - the only difference between this and previous code is that I am supplying a search term for the query, ie the keywordsearch.
Ok, thanks for your help on this btw. I inserted your debug echo and result_unix now = nothing. PHP errored on
$result = mysql_fetch_array($result, MYSQL_ASSOC);
so I changed it to
$result = mysql_fetch_array($result_unix, MYSQL_ASSOC);
The echo is echo "result_unix = " . $result[CourseTitle]. "<br />";
Thanks for the heads up on mysql_num_rows - DW now highlights it in blue - d'oh.