simple mysql database search. Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jwrigh26
Forum Newbie
Posts: 7
Joined: Wed Jul 23, 2008 10:35 pm

simple mysql database search. Help

Post by jwrigh26 »

Hey Everybody,
if anyone knows why this happens, I would love to here the explanation.
I've built a simple search bar for a forum I'm building. Everything is working how I want it to,
but whenever I put a " ' " in the search bar and check for say man's best friend , something happens and I get a blank screen with no errors or any feedback to let me know what's going on.

is this a glitch from mysql or what???? :banghead:

here is the code for the search bar

Code: Select all

<?php
/*  Program:  search.php
  *  Desc:  allow search of database.  
  */
  include ("functions_main.inc");
@$SearchString=(htmlentities($_POST[SearchString]));
if ($SearchString == "") {
echo "Nothing to Search For";
exit();
}
/* Connect to myql*/
 
$cxn = Connect_to_db("forumVars.inc");
$result= mysqli_query($cxn,"SELECT * FROM Post,Thread WHERE body LIKE '%$SearchString%'AND parent_thread=thread.id ORDER BY post.id") or die(mysql_error());
$Numrows=mysqli_num_rows($result);
 
echo "<h1>Search Results</h1><hr>";
/*find out if it's a bad search*/
if ($Numrows==0){
    echo "<h4>No results were found</h4>";
    }else{
/*if not print out subject and body of post */
for ($i = 0; $i < mysqli_num_rows ($result ); $i++)
        {
    $row = mysqli_fetch_assoc( $result  );
    
    Echo   '<a href="viewThread.php?threadID='.$row['parent_thread'].'">'
    .$row['subject']. "</a></br>\n".$row['body'] ."<hr>";
    } 
?>
}
If anybody could answer it would be most GREAT :D
desmi
Forum Commoner
Posts: 64
Joined: Sun Jun 15, 2008 4:55 am

Re: simple mysql database search. Help

Post by desmi »

You need to mysql_real_escape_string() your searchstring.. that search is also very insecure without it..


edit: Just noticed you're using mysqli, check out the corresponding command for it..
jwrigh26
Forum Newbie
Posts: 7
Joined: Wed Jul 23, 2008 10:35 pm

Re: simple mysql database search. Help

Post by jwrigh26 »

Thanks for pointing that out.
Kind of feel dumb. :dubious:
That solved the problem perfectly

Cheers,
Justin
Post Reply