Page 1 of 1

Problem Passing Variable in PHP 5

Posted: Sun Jul 13, 2008 9:46 am
by joyhh
Hi,

I'm stumped and hope someone here can help me

I have a php page with a search form that capture 2 variables 'where' and 'what'

I use a form on that page and capture the values in the form and pass them through the url to the search results page that queries my table and echoes back the search results.

Code: Select all

<form action="advsearchresults.php" method="get">

The search results page is not providing any records when I know they exit. I see the variables in the ensuing url

I editing the query and swapped literal text for the variables and the query ran and echoed the records back. But it won't process the variables. Here is the top section of my code. I have tried everything and cannot figure it out. It worked previously in php 4 but stopped when the host upgraded to php 5

Code: Select all

<?php require_once('Connections/dbh.php'); ?>
<?php
$maxRows_Recordset1 = 100;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
  $pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;
 
$colname_Recordset1 = "1";
if (isset($_POST[''])) {
  $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_POST[''] : addslashes($_POST['']);
}
 
/* Test $what  & $where$GETVARs for empty. If either are empty, return to main page.
 * Not classy, but more graceful than MySQL error.
 */
if (!isset($_GET['what']) || !isset($_GET['where'] ))  {
    header("Location: index.php");
    exit();
    }
 
mysql_select_db($database_piercin, $dbh);
$query_Recordset1 = sprintf("SELECT * FROM gallery WHERE $_GET['where'] LIKE $_GET['what'] ORDER BY artist ASC", $colname_Recordset1);
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $dbh) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
 
if (isset($_GET['totalRows_Recordset1'])) {
  $totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
  $all_Recordset1 = mysql_query($query_Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;
?>

I also used to have wildcards in the 'what' of % and not sure if that would still work or not. I'm willing to up the "containing" and make people search for complete but would love to put that functionality back in also.

Thanks in advance.

Joy

Re: Problem Passing Variable in PHP 5

Posted: Sun Jul 13, 2008 10:32 am
by jaoudestudios
In your sql query you must quote variables, and it is good practice not to parse the php variables as it is inefficient.

Like this...

Code: Select all

 
SELECT * FROM gallery WHERE ".$_GET['where']." LIKE '%".$_GET['what']".%' ORDER BY artist ASC
 
Hope that makes sense.

Re: Problem Passing Variable in PHP 5

Posted: Sun Jul 13, 2008 10:44 am
by joyhh
Thanks for the quick response. Is this something new in php 5? I used to have globals registers on and I didn't quotes but just had the variable and it worked fine until the host upgraded.

I'll give it a shot and let you know.

Joy
jaoudestudios wrote:In your sql query you must quote variables, and it is good practice not to parse the php variables as it is inefficient.

Like this...

Code: Select all

 
SELECT * FROM gallery WHERE ".$_GET['where']." LIKE '%".$_GET['what']".%' ORDER BY artist ASC
 
Hope that makes sense.

Re: Problem Passing Variable in PHP 5

Posted: Sun Jul 13, 2008 12:50 pm
by joyhh
This didn't work. Any other suggestions?

Re: Problem Passing Variable in PHP 5

Posted: Sun Jul 13, 2008 1:14 pm
by jaoudestudios
hmmm

Try changing isset to !empty.