[SOLVED] My form has errors - any suggestions??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

[SOLVED] My form has errors - any suggestions??

Post by sleazyfrank »

Hi all - trial by php fire this - I'm trying to do a simple form that submits to a php page that then conducts a search on my db. For some reason the vars are not being passed across. Any suggestions would be great!

Code: Select all

<FORM method="POST" action="searchCoursesResults.php">
			<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
			  <tr>
			  	<td colspan="2">
					<span class="storyBodyText">Course keyword search:</span> <input name="keywordsearch" type="text" id="keywordsearch" size="40">
				  </td>
			  </tr>
</table>
searchCourseResults.php =

Code: Select all

//get keywordsearch 
$keywordsearch = $_REQUEST['keywordsearch'];
echo 'keywordsearch = '.$keywordsearch . '<br />';
$keywordsearch = filterAlphanumeric($keywordsearch); 
$keywordsearch = filterBadWords($keywordsearch);
keywordsearch keeps coming up blank. I've tried _GET and _POST without effect. The rest of the search code then fails because it has nothing to search on. Thoughts and ideas would be great thanks!

frank
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Stabbing in the dark:
Try var_dump($_POST); on the second page at the top to see what is coming through.
Make sure if you have a if(isset($_POST['submit'])) type statement make sure the field is named submit.

These kinds of problems are almost always name/label problems, double check everything.

Good luck
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Many thanks - my data is now passing through from my form; this function was removing my search term:

Code: Select all

function filterBadWords($string){
         return preg_replace("/drop|insert|delete|;/", "", $string);
}
$keywordsearch = filterBadWords($keywordsearch);
I've commented this out for now and things are working again.

Now I get an error with my returned dataset - I think there is something wrong with it.

This is the output:

keywordsearch = unix
unix query = SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE unix
result_unix =
Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /files/home1/snt00/searchCoursesResults.php on line 350

and my code:

Code: Select all

$query_unix = "SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE " . $keywordsearch; 
        $result_unix;
        //connect to database
        mysql_connect($host,$username,$password); 
        @mysql_select_db($database) or die("Unable to select database"); 
        //get results
        $result_unix = mysql_query($query_unix);
        //debug
        echo "result_unix = " . $result_unix;
         //close the db
         mysql_close();
         $num_unix=mysql_numrows($result_unix);  // errors on this line
         ...
Any thoughts or ideas would be great thanks!

frank
Last edited by sleazyfrank on Tue Aug 23, 2005 9:59 am, edited 2 times in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

strings must be quoted for mysql to be able to understand them.
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Hi - okay had a bit of a rewrite and came up with

Code: Select all

$query_unix = 'SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE "%' . $keywordsearch . '%"';
Now when I do a search on 'unix' or 'Unix' or even 'UNIX' and I echo out the number of records returned that match - I get num_unix = null. Therefore obviously no matches are being made. Except there are records in the db which have Unix in the CourseTitle. So what gives?

cheers for help so far

frank
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

are you still running mysql_close() before that mysql_num_rows() ?
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Ummm....yes?
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

sleazyfrank wrote:Ummm....yes?
Well, thats your problem...if you close the connection before you finished using it, mysql_num_rows aint gonna work...thnk about it :wink:
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Hi - okay, I've moved

Code: Select all

//close the db
mysql_close();
right to the end of the of the php code, therefore keeping the db open until the last minute. Perhaps not efficient, but for now it ensures my db is open until I have completely finished with it.

I am still getting:


Search Courses - Results
keywordsearch = unix
unix query = SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE "unix"
result_unix = Resource id #2
Matching courses: num_unix = null

I assume my query is correct. I can see my keyword is being passed from my form okay; I don't understand what Resource id #2 means though.

thanks

frank
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Resource id #2 is just the identifier for the query you have just run
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Hi - hmmmm; okay in pseudo-code, this is what I am doing:

Setup DB vars
Create anti-sql injection functions
_REQUEST keywordsearch var
echo out keywordsearch
run keywordsearch through anti-sql injection function
build query_unix
echo out query_unix
create $result_unix var

connect to db using mysql_connect

get results using $result_unix = mysql_query($query_unix);
echo out result_unix
create $num_unix=mysql_numrows($result_unix);
echo out a table plus initial TR with TD containing headers

if statement - if($num_unix != null){
start a while loop getting fields out of the result and echoing them into the next table row
}
if statement - if($num_unix == null){
echo "num_unix = null";
}

so $num_unix is always coming out null for some reason. Previous experience in using these statements hasn't done this; this is the first time - the only difference between this and previous code is that I am supplying a search term for the query, ie the keywordsearch.

thanks

frank
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

To get the reult of the query you need the following

Code: Select all

$result_unix = mysql_query($query_unix); 

$result = mysql_fetch_array($result, MYSQL_ASSOC);

//debug 
 echo "result_unix = " . $result['the_db_field you want to return'];
also, FYI, it is mysql_num_rows not mysql_numrows
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

Post by sleazyfrank »

Ok, thanks for your help on this btw. I inserted your debug echo and result_unix now = nothing. PHP errored on
$result = mysql_fetch_array($result, MYSQL_ASSOC);
so I changed it to
$result = mysql_fetch_array($result_unix, MYSQL_ASSOC);

The echo is echo "result_unix = " . $result[CourseTitle]. "<br />";

Thanks for the heads up on mysql_num_rows - DW now highlights it in blue - d'oh.

frank
sleazyfrank
Forum Commoner
Posts: 40
Joined: Fri Aug 19, 2005 3:59 am
Location: Horsham, West Sussex

SQL query...

Post by sleazyfrank »

Hi all - which of these two queries has the correct syntax?

$query_unix = "SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE '%" . $keywordsearch . "%'";

$query_unix = 'SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE "%' . $keywordsearch . '%"';

And why, when I echo out this query, does it keep coming out as

unix query = SELECT * FROM coursesUnixLinux WHERE CourseTitle LIKE '%unix%'

thanks

frank
Sander
Forum Commoner
Posts: 38
Joined: Sat Aug 06, 2005 12:43 pm

Post by Sander »

The first one is the correct query.

It comes out like that because the variable $keywordsearch contains 'unix'.
Post Reply