Posted: Mon Jul 08, 2002 6:00 am
Okay, I've made some changes to the search_result.php script that I think you will find useful. I've added an option at the bottom to re-order the fetched data. I accomplish this by copying part of the form from search_form.php and adding two hidden variables containing the search column and text. The form is posted to the same page and the query is rebuilt and sent to the database. I've also fixed a couple of minor bugs. Try it out!
/josa
search_result.php
/josa
search_result.php
Code: Select all
<?php
include('../georgedb.php');
//Make a list of column names that are valid. It's a good practice
//not to trust variables passed from a form and this approach makes
//it harder to forge post variables in order to run for example a
//malicious SQL command.
$valid_columns = array('category' => 1,
'date' => 1,
'name' => 1);
//This is the base query we are building on.
$query = "SELECT * FROM articles";
//-------------------- 1. Add WHERE clause
//We check against the list of legal columns to make sure nobody
//tampered with the form data.
if($valid_columnsї"{$_POSTї'search_column']}"] == 1) {
$query .= " WHERE {$_POSTї'search_column']} LIKE";
}
//-------------------- 2. Add search text ('%text%')
//This small hack checks if magic quotes are enabled and escapes
//the string based on that. If magic quotes are enabled all form
//data is automatically escaped. By doing this check we avoid
//escaping the string twice.
$query .= " '%" . ((get_magic_quotes_gpc() == 1) ?
$_POSTї'search_text'] : addslashes($_POSTї'search_text'])) . "%'";
//-------------------- 3. Add ORDER BY clause
if($valid_columnsї"{$_POSTї'order_by']}"] == 1) {
$query .= " ORDER BY {$_POSTї'order_by']}";
}
//-------------------- 4. Add ASC/DESC
//Choose ascending or descending sort order. I use a ternary operator
//which can look a bit strange if you're not used to them.
$query .= $_POSTї'sort_order'] == "asc" ? " ASC" : " DESC";
$result = mysql_query($query);
?>
<html>
<head><title>Search result</title></head>
<body>
<center>
<table border="0" cellspacing="1">
<tr>
<td width="10"></td>
<td width="100"><b><font face="Verdana" size="2">Date</font></b></td>
<td width="315"><b><font face="Verdana" size="2">Title</font></b></td>
<td width="163"><b><font face="Verdana" size="2">Category</font></b></td>
</tr>
<?php
if(mysql_num_rows($result) == 0) {
?>
<tr>
<td> </td>
<td colspan="3"><font face="verdana" size="2">No articles found...</font></td>
</tr>
</table>
<?php
} else {
while($data = mysql_fetch_assoc($result)) {
?>
<tr>
<td width="10"></td>
<td width="100"><font face="verdana" size="2"><?=$dataї'date']?></font></td>
<td width="315"><font face="verdana" size="2"><a href="<?=$dataї'link']?>" style="color:#000000"><?=$dataї'name']?></a></font></td>
<td width="163"><font face="verdana" size="2"><a href="<?=$dataї'catlink']?>" style="color:#000000"><?=$dataї'category']?></a></font></td>
</tr>
<?php
}
?>
</table>
<form action="search_result.php" method="post" name="sort_form">
<table border="0" cellspacing="1">
<tr>
<td><font face="verdana" size="2">order by </font></td>
<td>
<font face="verdana" size="2">
<select name="order_by">
<option value="category">Category</option>
<option value="date">Date</option>
<option value="name">Title</option>
</select>
</font>
</td>
<td><font face="verdana" size="2"><input type="radio" name="sort_order" value="asc" checked>ascending</font></td>
<td><font face="verdana" size="2"><input type="radio" name="sort_order" value="desc">descending</font></td>
<td><font face="verdana" size="2"><input type="submit" name="submit" value="Sort"></font></td>
</tr>
</table>
<input type="hidden" name="search_column" value="<?=$_POSTї'search_column']?>">
<input type="hidden" name="search_text" value="<?=$_POSTї'search_text']?>">
</form>
<?php
}
?>
</center>
</body>
</html>