PHP Search Script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
phphelpseeker
Forum Commoner
Posts: 30
Joined: Fri May 01, 2009 3:19 pm

PHP Search Script

Post by phphelpseeker »

If I click on any alphabet, my search result should give me information about all users whose lastname starts with that letter. Here is my HTML Code:

Code: Select all

 
 
<!DOCTYPE  HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd">  
 <html>  
   <head>  
     <meta  http-equiv="Content-Type" content="text/html;  charset=iso-8859-1">   
     <title>Search  Contacts</title>  
   </head>  
   <p><body>   
     <h3>Search  Contacts Details</h3>  
     <p>You  may search either by first or last name</p>  
     <form  method="post" action="search.php?go"  id="searchform">   
       <input  type="text" name="name">   
    </form>
<p><a  href="?by=A">A</a> | <a  href="?by=B">B</a> | <a  href="?by=C">C</a> | <a  href="?by=D">D</a> | <a  href="?by=E">E</a> | <a  href="?by=F">F</a> | <a  href="?by=G">G</a> | <a  href="?by=H">H</a> | <a  href="?by=I">I</a> | <a  href="?by=J">J</a> | <a  href="?by=K">K</a> | <a  href="?by=L">L</a> | <a  href="?by=M">M</a> | <a  href="?by=N">N</a> | <a  href="?by=O">O</a> | <a  href="?by=P">P</a> | <a  href="?by=Q">Q</a> | <a  href="?by=R">R</a> | <a  href="?by=S">S</a> | <a  href="?by=T">T</a> | <a  href="?by=U">U</a> | <a  href="?by=V">V</a> | <a  href="?by=W">W</a> | <a  href="?by=X">X</a> | <a  href="?by=Y">Y</a> | <a  href="?by=Z">Z</a></p>    
   </body>  
 </html>  
 
 
Here is my Query. Can anybody suggect me whether this is correct?

Code: Select all

 
if(isset($_GET['by'])){   
$letter=$_GET['by'];   
//connect  to the database   
$db=mysql_connect  ("servername", "username",  "password") or die ('Could not connect to database ' . mysql_error());   
//-select  the database to use   
 $mydb=mysql_select_db("yourDatabase");   
 //-query  the database table   
 $sql="SELECT  ID, FirstName, LastName FROM Contacts WHERE Lastname LIKE '%" . $letter . ";   
 //-run  the query against the mysql query function   
 $result=mysql_query($sql);     
$numrows=mysql_num_rows($result);   
echo  "<p>" .$numrows . " results found for " . $letter . "</p>";   
while($row=mysql_fetch_array($result)){   
$FirstName  =$row['FirstName'];   
$LastName=$row['LastName'];   
$ID=$row['ID'];   
//-display  the result of the array   
 echo  "<ul>\n";   
 echo  "<li>" . "<a  href=\"search.php?id=$ID\">"   .$FirstName . " " . $LastName .  "</a></li>\n";   
 echo  "</ul>";   
 }   
 }   
 
Thank you.
Priya
Last edited by Benjamin on Wed May 06, 2009 5:40 pm, edited 1 time in total.
Reason: Changed code type from text to php, html.
Yossarian
Forum Contributor
Posts: 101
Joined: Fri Jun 30, 2006 4:43 am

Re: PHP Search Script

Post by Yossarian »

Code: Select all

 
 
if( isset($_GET['by']) && strlen( $_GET['by']  === 1  ){   
// check the bounds! any more that 1 letter, get rid of em!
 
$letter=$_GET['by'];  
 
//connect  to the database  
$db=mysql_connect  ("servername", "username",  "password") or die ('Could not connect to database ' . mysql_error());  
//-select  the database to use  
 $mydb=mysql_select_db("yourDatabase");  
 //-query  the database table  
 $sql="SELECT  ID, FirstName, LastName FROM Contacts WHERE Lastname LIKE '" . $letter . "%'";  // wild card at the end of the match
 //-run  the query against the mysql query function  
 $result=mysql_query($sql);    
$numrows=mysql_num_rows($result);  
 
echo  '<p>' .$numrows . ' results found for ' . $letter . '</p>' . PHP_EOL;  
 
echo '<ul>' . PHP_EOL ; // start your UL
 
while($contact=mysql_fetch_array($result)){  
 
  $name = $contact['FirstName'] . ' ' .  $contact['LastName'] ;
  echo  '<li><a  href="search.php?id=' .$contact['ID']. '">'   .$name .  '</a></li>' . PHP_EOL ;  
 
 }
echo  '</ul>' . PHP_EOL;  // end your UL
  
 }  else {
// send em back to the start ! maybe they are hackers !
 
header('Location: /index.php" );
exit();
 
}
 
Thats untested, but should go.

Couple of things, do not just pass variables into sql statements - go and look up "sql injection". Valid input should be a single letter, there are lots of ways to check for that, I used one of the simplest functions as an example.

Outputting " in html, if you are doing that it makes sense to stick to using echo 'this' so you dont get into all that escaping nonsense. Investigate using echo like that for a while, its very much up to you what you do, I am just showing some alts.

Ideally you would have your else { fail } at the top of the script, so its clear where it belongs.

Your loop should output just the LI s not the UL.

See how I changed $row to $contact? Get used to calling variables by descriptive names*

* I made the mistake of thinking every row had to be called $row for absolutely years, what a mess my code was ...

Use PHP_EOL to output an End Of Line so your source code makes some sense

HTH
Post Reply