|
PHP - Search Form Does Not Work Anymore?
Ok so a few days ago I was alerted that my site was vulnerable to XSS injections in my search form. I modified the php script to prevent any malicious activity by adding this to it:
Code: [Select] "/\<(script).*\>.*\<\/(script)\>/isU", " ", But now anytime I put anything into the search form nothing is returned. Please advice. Here is the script in it's entirety. Code: [Select] <?php mysql_connect ("localhost", "","") or die (mysql_error()); mysql_select_db (""); $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', "/\<(script).*\>.*\<\/(script)\>/isU", " ", $_POST['search'])); $sql = mysql_query("SELECT * FROM sales WHERE contact LIKE '%$search%' OR phone LIKE '%$search%' OR office LIKE '%$search%' OR town LIKE '%$search%' OR cross_streets LIKE '%$search%' OR description LIKE '%$search%' OR email LIKE '%$search%' OR price LIKE '%$search%' order by `date_created`"); echo "<strong>Click Headers to Sort</strong>"; echo "<br/><strong>Your Results for: </strong>"; echo $_POST['search']; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Price </th> <th> Bed </th> <th> Bath </th> <th> Contact </th> <th> Office </th> <th> Phone </th> </tr>"; while ($row = mysql_fetch_array($sql)){ echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/sales/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>$" . $row['price'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['contact'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['office'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> </tr>"; } echo "</table>"; print_r($apts) ?> Thanks Similar TutorialsCode: [Select] <?php require "global.php"; if ($_POST) { $name = $_POST['name']; $data = sprintf("INSERT INTO forums VALUES (DEFAULT,'$name')"); mysql_query($data); $fid = mysql_insert_id(); header( 'Location: viewforum.php?fid='.$fid); exit; } echo ' <form action="" method="POST"> <table> <tr><td>Forum Name: </td><td><input name="name" /></td></tr> </table> <input type="submit" value=" Add Forum " /> </form>'; ?> This added forums whenever I made one to my MySQL database in the table "forums" For whatever reason, whenever I make a forum, it makes it end in ".php?fid=0" and does not create the forum on the database. Any ideas? Thanks! I wrote
<?php Hi Guys, I am trying to get the below code to work - search form with textbox, dropdown and submit button. I found scripts on the web but the addition of the pagination just causes an error. I spent hours tweaking it but alas I cant see the solution. Perhaps someone could help please. I would love to see an example with 1 textbox, 2 dropdowns and a submit button or a link to such a tutorial. My googling has hit a dead end. In the below code I can run a search and the reults are listed on results.php. Results get screwed up when I go to pagination page 2,3,4 etc...I think i need to integrate $max somewhere in the Code: [Select] $data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'"); Thanks Code: [Select] <h2>Search</h2> <form name="search" method="post" action="results.php"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="fname">First Name</option> <Option VALUE="lname">Last Name</option> <Option VALUE="result">Profile</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> //results.php <? // Grab POST data sent from form $field = @$_POST['field'] ; $find = @$_POST['find'] ; $searching = @$_POST['searching'] ; //This is only displayed if they have submitted the form if ($searching =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } // Otherwise we connect to our Database mysql_connect("mysql.yourhost.com", "user_name", "password") or die(mysql_error()); mysql_select_db("database_name") or die(mysql_error()); // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'"); //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> <?php if(!isset($_REQUEST['pagenum'])) { $pagenum=1; } else { $pagenum=$_REQUEST['pagenum']; } //Here we count the number of results //Edit $data to be your query $rows = mysql_num_rows($data); //This is the number of results displayed per page $page_rows = 4; //This tells us the page number of our last page $last = ceil($rows/$page_rows); //this makes sure the page number isn't below one, or more than our maximum pages if ($pagenum < 1) { $pagenum = 1; } elseif ($pagenum > $last) { $pagenum = $last; } //This sets the range to display in our query $max = 'limit ' .($pagenum - 1) * $page_rows .',' .$page_rows; //This is your query again, the same one... the only difference is we add $max into it //$data = mysql_query("SELECT * FROM topsites $max") or die(mysql_error()); this works with pagination hmmm //This is where you display your query results //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['fname']; echo " "; echo $result['lname']; echo "<br>"; echo $result['info']; echo "<br>"; echo "<br>"; } echo "<p>"; // This shows the user what page they are on, and the total number of pages echo " --Page $pagenum of $last-- <p>"; // First we check if we are on page one. If we are then we don't need a link to the previous page or the first page so we do nothing. If we aren't then we generate links to the first page, and to the previous page. if ($pagenum == 1) { } else { echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=1'> <<-First</a> "; echo " "; $previous = $pagenum-1; echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$previous'> <-Previous</a> "; } //just a spacer echo " ---- "; //This does the same as above, only checking if we are on the last page, and then generating the Next and Last links if ($pagenum == $last) { } else { $next = $pagenum+1; echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$next'>Next -></a> "; echo " "; echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$last'>Last ->></a> "; } ?> Good evening, I am a newbie when it comes to programming, and I am yet learning. With several help from this forum, and other websites, I am able to finish my very first PHP project. It worked fine, as well as the search engine. However, it is foreseen that the application will be utilizing huge amount of data which would require pagination when viewing. And so I found a tutorial from php freaks as well. However, after I integrated the codes from my web application, the search engine suddenly stopped working. It is still, when I leave the field blank, which would display all data. However, if I type down a search query on the field, it still displays all data. Can anyone help me on this? Here's my complete code: <link href="add_client.css" rel="stylesheet" type="text/css"> <?PHP include("dbconnection.php"); $query = "SELECT * FROM records"; if(isset($_POST["btnSearch"])) { $query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' ORDER BY territory ASC" ; $result = mysql_query($query, $connection) or die(mysql_error()); } ?> <table width="760" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td><table width="760" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="199" align="center" valign="top"><a href="login.html"><img src="invent-asia.gif" alt="" width="152" height="58" border="0" /></a> <script type="text/javascript" src="menu.js"></script></td> <td width="176" align="right" valign="bottom"><a href="main.php"><img src="Home.jpg" width="104" height="20" border="0"/></a></td> <td width="130" align="right" valign="bottom"><img src="View.jpg" width="104" height="20" border="0"/></td> <td width="146" align="right" valign="bottom"><a href="add_client.php"><img src="Add.jpg" width="104" height="20" border="0"/></a></td> <td width="109" align="right" valign="bottom"> </td> </tr> </table></td> </tr> <tr> <td><table width="760" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="200" height="3" bgcolor="#1B1C78"><img src="images/topspacerblue.gif" alt="" width="1" height="3" /></td> <td width="560" bgcolor="#0076CC"><img src="images/topspacerlblue.gif" alt="" width="1" height="3" /></td> </tr> </table></td> </tr> <tr> <td height="553" align="center" valign="top" bgcolor="#F3FAFE"><br /> <form name="form" action="view_client.php" method="post"> <br /> <table width="351" border="0"> <tr> <td width="137" align="left" valign="middle">SEARCH RECORD:</td> <td width="144" align="center" valign="middle"><input type="text" name="search" /></td> <td width="56" align="left" valign="middle"><input type="submit" name="btnSearch" value="Search" /></td> </tr> </table> <br /> <table border="0" cellpadding="3" cellspacing="1" bordercolor="38619E" > <tr> <th width="80" align="center" bgcolor="#E0E8F3">Territory</th> <th width="330" align="center" bgcolor="#E0E8F3">Employer</th> <th width="160" align="center" bgcolor="#E0E8F3">Name</th> <th width="80" align="center" valign="middle" bgcolor="#E0E8F3"> </th> </tr> <?php $conn = mysql_connect('localhost','root','') or trigger_error("SQL", E_USER_ERROR); $db = mysql_select_db('invent-asia',$conn) or trigger_error("SQL", E_USER_ERROR); $sql = "SELECT COUNT(*) FROM records"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_row($result); $numrows = $r[0]; $rowsperpage = 10; $totalpages = ceil($numrows / $rowsperpage); if (isset($_GET['currentpage']) && is_numeric($_GET['currentpage'])) { $currentpage = (int) $_GET['currentpage']; } else { $currentpage = 1; } if ($currentpage > $totalpages) { $currentpage = $totalpages; } if ($currentpage < 1) { $currentpage = 1; } $offset = ($currentpage - 1) * $rowsperpage; $sql = "SELECT * FROM records LIMIT $offset, $rowsperpage"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); if($result) { for($i=0; $i<mysql_num_rows($result); $i++) { $id = trim(mysql_result($result, $i, "id")); $territory = trim(mysql_result($result, $i, "territory")); $employer = trim(mysql_result($result, $i, "employer")); $first_name = trim(mysql_result($result, $i, "first_name")); $last_name = trim(mysql_result($result, $i, "last_name")); echo "<td>".$territory."</td>"; echo "<td>".$employer."</td>"; echo "<td>".$last_name.", ".$first_name."</td>"; echo "<td><a href='edit_client.php?id=".$id."'>edit</a> | <a href='delete_client.php?id=".$id."'>delete</a> </td>"; echo "</tr>"; } } $range = 3; if ($currentpage > 1) { echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=1'><<</a> "; $prevpage = $currentpage - 1; echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$prevpage'><</a> "; } for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) { if (($x > 0) && ($x <= $totalpages)) { if ($x == $currentpage) { echo " [<b>$x</b>] "; } else { echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$x'>$x</a> "; } } } if ($currentpage != $totalpages) { $nextpage = $currentpage + 1; echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$nextpage'>></a> "; echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$totalpages'>>></a> "; } ?> </table> <p> <br /> </p> </form> <p> </p></td> </tr> <tr> <td height="38"><table width="760" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="200" height="35" align="center" bgcolor="#1B1C78" class=white><img src="images/topspacerblue.gif" alt="" width="1" height="3" /> <a href="disclaimer.html"><font color="#FFFFFF">Legal Disclaimer</font></a> </td> <td width="560" align="center" bgcolor="#0076CC" class=white><img src="images/topspacerlblue.gif" alt="" width="1" height="3" /> Copyright © 2006 - 2010 InventAsia Limited. All rights reserved. </td> </tr> </table></td> </tr> </table> Immediate response is very well appreciated. Thank you very much ^^ As per the code below I am trying to create a search page which enable people to search different databases in a simple method. However, the code searches each other. So if I put "What is your name?" into "Questions" it shows: Questions: "What is your name?" Answer: "Sorry, but we can not find an entry to match your query" But I am not searching the Answer database so it should just remain blank and should show: Questions: "What is your name?" Answer: (Blank) Does anyone know why it is doing this? Code: [Select] <h2>Questions</h2> <form name="search" method="post" action="<?=$PHP_SELF?>"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="category">Category</option> <Option VALUE="question">Question</option> <Option VALUE="notes">Notes</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <? //This is only displayed if they have submitted the form if ($searching =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM questions WHERE upper($field) LIKE'%$find%'"); //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['category']; echo " <br>" ; echo $result['question']; echo "<br>"; echo $result['notes']; echo "<br>"; echo "<br>"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } // close connection mysql_close(); ?> <h2>Answers</h2> <form name="search" method="post" action="<?=$PHP_SELF?>"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="answer">Answer</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <? //This is only displayed if they have submitted the form if ($searching =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM answers WHERE upper($field) LIKE'%$find%' LIMIT 0,10 "); //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['answer']; echo " <br>"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> Hi everyone, Would someone be able to help me out here, I cannot get this to work. Basically I have 3 pages, I with a search box which then run's a search script to display the results. Then the results are clickable, the idea is when the user clicks the result it takes them to another page which I want to display the info from the database.....if that makes sense, but when the link is clicked nothing is displaying. So here is what I have done so far: index.php - This is the page with the search box, code is : Code: [Select] <?php $dbhost = 'localhost'; $dbuser = '*********'; $dbpass = '********'; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = '***********'; mysql_select_db($dbname); ?> <form name="form" action="search.php" method="get"> <input type="text" name="q" /> <input type="submit" name="Submit" value="Search" /> </form> When they hit submit it takes them to the results page, code is: Code: [Select] <?php // Get the search variable from URL $var = @$_GET['q'] ; $trimmed = trim($var); //trim whitespace from the stored variable // rows to return $limit=10; // check for an empty string and display a message. if ($trimmed == "") { echo "<p>Please enter a search...</p>"; exit; } // check for a search parameter if (!isset($var)) { echo "<p>We dont seem to have a search parameter!</p>"; exit; } //connect to your database ** EDIT REQUIRED HERE ** mysql_connect("localhost","********","********"); //(host, username, password) //specify database ** EDIT REQUIRED HERE ** mysql_select_db("**********") or die("Unable to select database"); //select which database we're using // Build SQL Query $query = "select * from Fish where Commonn like \"%$trimmed%\" order by Commonn"; // EDIT HERE and specify your table and field names for the SQL query $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // If we have no results, offer a google search as an alternative if ($numrows == 0) { echo "<h4>Results</h4>"; echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>"; echo "<p><a href=\"http://www.google.com/search?q=" . $trimmed . "\" target=\"_blank\" title=\"Look up " . $trimmed . " on Google\">Click here</a> to try the search on google</p>"; } // next determine if s has been passed to script, if not use 0 if (empty($s)) { $s=0; } // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldn't execute query"); // display what the person searched for echo "<p>You searched for: "" . $var . ""</p>"; // begin to show results set echo "Results<br><br>"; $count = 1 + $s ; // now you can display the results returned while ($row= mysql_fetch_array($result)) { $title = $row["Commonn"]; echo "$count.) <a href='info.php?ID=$ID'>$title</a>" ; $count++ ; } $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> When they click the results from this page it takes them to another page which should (but doesnt) display the info from the mysql database, code is: Code: [Select] <?php // now you can display the results returned echo "$title" ; ?> Im really sorry if this is obvious or if I have dont something completely wrong but im very new to php and trying to learn on the job. Many Thanks in advance Jay Hey all, I need your help! So, I am the web designer for a small company, but I use that term loosely as I for the most part am limited to design through Dreamweaver and Muse. I know a decent amount of HTML off the top of mey head, but when it comes to PHP, yikes... My company asked me to make a simple searchable web page based on their price guide/catalog, built into their website. I have MySQL set up within their godaddy. I can use the SQL search functions to get the exact results back that I need, and the SQL cPanel gives me the following code: SELECT * FROM `SMQSQL` WHERE `Scott` = '(Whatever I search for)' ORDER BY `LINEID` ASC This makes sense to me up to here; this is very simple language, However, I have been pulling my hair out for days trying to get a simple search function as an actual PHP *PAGE* going. Basically, I need to set up a PHP form search (not hard) that will go back and log in to my SQL database named SMQ (not too bad yet), perform a search out of a specific column named Scott (getting a little harder, and somewhat lost), take the search results from specific columns (getting harder), and display them in a neat little table (now I'm lost). My SQL database is set up with the following columns: LINEID, Scott, Den, Color, Cond, 70, 70J, 75, 75J, 80, 80J, 85, 85J, 90, 90J, 95, 95J, 98, 98J, 100 Where LINEID is the index. LINEID is set to INT (5 char), the next 4 are TEXT (255 char, item descriptors), and the rest INT (9 char; prices). When the results are displayed, I would like all but the LINEID visible. I have tried and tried and tried playing with my PHP coding but am ready to shoot my computer. Here it is:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Online Search</title>
</head>
<body>
<h3>Search Online</h3>
<p>You may search by Catalog number. Please use the exact Catalog number or you may receive an error. Please note that if searching for more than a basic item, include the full Catalog number WITHOUT spaces.</p>
<form method="post" action="search.php?go" id="searchform">
<input type="text" name="Scott">
<input type="submit" name="submit" value="Search">
</form>
<?php
if(isset($_POST['submit'])){
if(isset($_GET['go'])){
$Scott=$_POST['Scott'];;
$db=mysql_connect ("localhost", "guestuser", "guestuser") or die ('Error connecting to the database. Error: ' . mysql_error());
$mydb=mysql_select_db("SMQ");
$sql="SELECT Scott, Den, Color, Cond, 70, 70J, 75, 75J, 80, 80J, 85, 85J, 90, 90J, 95, 95J, P98, 98J, 100 FROM SMQ WHERE Scott LIKE '%" . $Scott . "%';
$result=mysql_query($sql);
while($row=mysql_fetch_array($result)){
$Scott=$row['Scott'];
$Den=$row['Den'];
$Color=$row['Color'];
$Cond=$row['Cond'];
$70=$row['70'];
$70J=$row['70J'];
$75=$row['75'];
$75J=$row['75J'];
$80=$row['80'];
$80J=$row['80J'];
$85=$row['85'];
$85J=$row['85J'];
$90=$row['90'];
$90J=$row['90J'];
$95=$row['95'];
$95J=$row['95J'];
$98=$row['98'];
$98J=$row['98J'];
$100=$row['100'];
echo "<ul>\n";
echo "<li>" . "<a href=\"SMQ.php?id=$Scott\">" .$Scott . " " . $Den . " " . $Color . " " . $Cond . " " . $70 . " " . $70J . " " . $75 . " " . $75J . " " . $80 . " " . $80J . " " . $85 . " " . $85J . " " . $90 . " " . $90J . " " . $95 . " " . $95J . " " . $98 . " " . $98J . " " . $100 . "</a></li>\n";
echo "</ul>";
}
}
else{
echo "<p>Please enter a search query</p>";
}
?>
I know it's probably pretty bad, but hopefully at least you can get an idea of what I'm trying to accomplish. Please dear God tell me what I am doing wrong! I'm sure it will take a knowledgeable user 5 minutes to fix this, but you would be saving my skin!THANKS!!! Edited by mac_gyver, 14 August 2014 - 11:04 AM. removed link to op's cp and code tags please when posting code Hi, somehow I can't log-in on my testsite anymore... (username: user / pw: pass) I receive the following error message... Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/web1244/public_html/functions.php on line the code is as follows... <?php function get_fund($ISIN) { $ISIN = mysql_real_escape_string($ISIN); $qr = mysql_query("SELECT * FROM fund WHERE ISIN='".$ISIN."' "); if ( mysql_error() ) echo mysql_error(); if ( mysql_num_rows($qr) == 0 ) return NULL; return mysql_fetch_object($qr); } function show($var) { if(trim($_POST[$var])) return 'value="'.trim($_POST[$var]).'"'; return '';; } function checkForError($text, $result, $output) { if (in_array(($text), $result)) echo "<span style='color:#FF0000'>$output</span>"; else echo "$output"; } function exist($var) { if(isset($var)) if(trim($var) !== '') return TRUE; return FALSE; } function logged() { if(exist($_SESSION['login'])) return TRUE; return FALSE; } function loggedAdmin() { if(exist($_SESSION['admin'])) if($_SESSION['admin'] == aPass) return TRUE; return FALSE; } function loginAdmin() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(trim($_POST['username']) == aLogin) if(trim($_POST['password']) == aPass) $_SESSION['admin'] = aPass; } function login() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(mysql_ping()) { $query = "SELECT * FROM user WHERE login ='".mysql_real_escape_string($_POST['username'])."' AND password='".mysql_real_escape_string($_POST['password'])."'"; $res = mysql_query($query); if(mysql_num_rows($res)) { $resx=mysql_fetch_assoc($res); $_SESSION['login'] = $resx['id']; } } } function getAccounts($id = false) { $accounts= array(); $query = $id? " SELECT id, name FROM custody_ac WHERE id_client = '$id'" :"SELECT id, name FROM custody_ac WHERE id_client = '".$_SESSION['login']."'"; $qres=mysql_query($query); while($row = mysql_fetch_assoc($qres)) $accounts[] = $row; return($accounts); } ?> is there probably anyone who could tell me what I've done wrong, please? Thanks ozzo I found this nice search database script on line but the pagination does not work can someone tell me what is wrong with it ???? so i can work with it !!! here is the full code : Code: [Select] <?php // Get the search variable from URL $var = @$_GET['q'] ; $trimmed = trim($var); //trim whitespace from the stored variable // rows to return $limit=10; // check for an empty string and display a message. if ($trimmed == "") { echo "<p>Please enter a search...</p>"; exit; } // check for a search parameter if (!isset($var)) { echo "<p>We dont seem to have a search parameter!</p>"; exit; } //connect to your database ** EDIT REQUIRED HERE ** mysql_connect("localhost","username","password"); //(host, username, password) //specify database ** EDIT REQUIRED HERE ** mysql_select_db("database") or die("Unable to select database"); //select which database we're using // Build SQL Query $query = "select * from the_table where 1st_field like \"%$trimmed%\" order by 1st_field"; // EDIT HERE and specify your table and field names for the SQL query $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // If we have no results, offer a google search as an alternative if ($numrows == 0) { echo "<h4>Results</h4>"; echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>"; echo "<p><a href=\"http://www.google.com/search?q=" . $trimmed . "\" target=\"_blank\" title=\"Look up " . $trimmed . " on Google\">Click here</a> to try the search on google</p>"; } // next determine if s has been passed to script, if not use 0 if (empty($s)) { $s=0; } // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldn't execute query"); // display what the person searched for echo "<p>You searched for: "" . $var . ""</p>"; // begin to show results set echo "Results"; $count = 1 + $s ; // now you can display the results returned while ($row= mysql_fetch_array($result)) { $title = $row["1st_field"]; echo "$count.) $title" ; $count++ ; } $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> Hey I finally got this code working yesterday, when the user enters a name into the form and submits it the specific users details should be shown on the next page, this was working fine yesterday and when i turned my laptop on today it is not working, I am not getting any errors just not displaying the user details?? Any ideas? Heres the code Form: <table width="300" border="1" align="center" cellpadding="2" cellspacing="1" bgcolor="#9999cc"> <tr> <form name="form1" method="post" action="getdetails.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong><center>Personal Details</center> </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="submit" type="text" id="username"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Get Details"></td> </tr> </table> </td> </form> </tr> </table> getdetails.php <html> <head> <link rel="stylesheet" type ="text/css" href="anything2.css" </head> <body> <div id="container"> <div id="header"><img src="imagesb.jpg" alt="Cool Image" align="left"> <img src="images.jpg" alt="Cool Image" align="right"><center><b><font size="6.5"><br><br>User Details</b></center></font> </div> <div id="leftnav"><center> <br><br> <input type= "button" style="width:120px;" value="Home" onClick="window.location= 'home.php' "> <br><br> <input type= "button" style="width:120px;" value="Club Details" onClick="window.location= 'clubdetails.php' "> <br><br> <input type= "button" style="width:120px;" value="Future Events" onClick="window.location= 'futureevents.php' "> <br><br> <input type= "button" style="width:120px;" value="News" onClick="window.location= 'news.php' "> <br><br> <input type= "button" style="width:120px;" value="FAQ" onClick="window.location= 'faq.php' "> <br><br> <input type= "button" style="width:120px;" value="Wall" onClick="window.location= 'wall.php' "> <br><br> <input type= "button" style="width:120px;" value="About Us" onClick="window.location= 'about.php' "> </div> <div id="body"> <br><br> <?php mysql_connect ("localhost","root","") or die("Cannot connect to Database"); mysql_select_db ("test"); if (isset($_POST['Submit'])){ $username=mysql_real_escape_string(trim($_POST['Submit'])); $sql = "select * from memberdetails WHERE username='$username'"; $result = mysql_query ($sql); while ($row = mysql_fetch_array($result)) { $username= $row["username"]; $firstname= $row["firstname"]; $surname= $row["surname"]; $dob= $row["dob"]; $totalwins= $row["totalwins"]; $totalloses= $row["totalloses"]; $email= $row["email"]; $country= $row["country"]; $info= $row["info"]; echo "<b><u>Username:</b></u> $username<br>"; echo "<b><u>Firstname:</b></u> $firstname<br>"; echo "<b><u>Surname: </b> </u> $surname<br>"; echo "<b><u>Date of Birth:</b></u> $dob<br>"; echo "<b><u>Total Chess Wins:</b></u> $totalwins<br>"; echo "<b><u>Total Chess loses:</b></u> $totalloses<br>"; echo "<b><u>Email Address: </b></u> $email<br>"; echo "<b><u>Born in: </b></u> $country<br>"; echo "<b><u>Other Details:</b></u> $info<br><br><br>"; }} ?> <a href="delete.php">Delete User</a> <div id="footer">This is the footer</div> </body> </html> I'm not sure why, but once I added a search form in my nav menu, it made my other forms on the website such as login and signup form take them to where the search button would take them. any ideas??? I want to know how to display results from mysql database by filling in a form. but i have found a tutorial which shows typing in a text box which displays results. if i follow this tutorial will it help me to understand and create php coding to display results for my form? I Have been working on this search for for a while which is working but lacks a few feature i wanna add. 1st is if the make/model/price is empty i want to search the whole db I have attached the php file Also each card has a image and need help adding these to the search. the images are located in a uploads folder Iv grafted hard on this and need some help Also is this the correct way to process a form search? I just changed around my database and as such I need to update my search form. The way it used to work was a user could use the search bar to look for actors. In changing my database there in no longer a actor column, there are how ever actor_1, actor_2 ... until actor_7. What I am trying to do it set it up so my form looks the same but the back end will look in all the actor columns for the name. So when a user selects actor from the drop down menu it will look in all 7 actor columns. Here is what i had before that worked. for the search bar Code: [Select] <form action="/search.php" method="post"> <span class="rulesub">Search: </span><input type="text" name="search"> <select size="1" name="dropdown"> <option value="" selected>Search by...</option> <option value="title">Title</option> <option value="actors">Actors</option> <option value="difficulty">Difficulty 1-5</option> </select> <input type="Submit" value="Search" name="Submit"> </form> for the search page Code: [Select] $connect = mysql_connect('localhost', $username, $password) or die ("Unable to connect to host"); mysql_select_db($database) or die ("Unable to connect to database"); $search = empty($_POST['search'])? die ("Please enter search criteria.") : mysql_escape_string($_POST['search']); $dropdown = empty($_POST['dropdown'])? die ("Please select from search criteria.") : mysql_escape_string($_POST['dropdown']); $query = mysql_query("SELECT * FROM movie WHERE $dropdown Like '%$search%'") or die (mysql_error()); if(mysql_num_rows($query) == 0) { printf("Could not find $search while looking in $dropdown, please try again."); //exit; } else{ $num=mysql_numrows($query); mysql_close($connect); ?> Output thanks I have a search form and have set up php, but at the moment its not making the correct searches, what am i doing wrong. Help is appreciated. heres my php code: Code: [Select] <?php $server = ""; // Enter your MYSQL server name/address between quotes $username = ""; // Your MYSQL username between quotes $password = ""; // Your MYSQL password between quotes $database = ""; // Your MYSQL database between quotes $con = mysql_connect($server, $username, $password); // Connect to the database if(!$con) { die('Could not connect: ' . mysql_error()); } // If connection failed, stop and display error mysql_select_db($database, $con); // Select database to use // Query database $result = mysql_query("SELECT * FROM Properties"); // Set up our error check and result check array $error = array(); $results = array(); // First check if a form was submitted. // Since this is a search we will use $_GET if (isset($_GET['search'])) { $searchTerms = trim($_GET['search']); $searchTerms = strip_tags($searchTerms); // remove any html/javascript. if (strlen($searchTerms) < 10) { $error[] = "Search terms must be longer than 10 characters."; }else { $searchTermDB = mysql_real_escape_string($searchTerms); // prevent sql injection. } // If there are no errors, lets get the search going. if (count($error) < 1) { $searchSQL = "SELECT sid, sbody, stitle, sdescription FROM simple_search WHERE "; // grab the search types. $types = array(); $types[] = isset($_GET['images'])?"`simages` LIKE '%{$searchTermDB}%'":''; $types[] = isset($_GET['Location'])?"`sLocation` LIKE '%{$searchTermDB}%'":''; $types[] = isset($_GET['Number of bedrooms'])?"`snumberofbedrooms` LIKE '%{$searchTermDB}%'":''; $types = array_filter($types, "removeEmpty"); // removes any item that was empty (not checked) if (count($types) < 1) $types[] = "`simages` LIKE '%{$searchTermDB}%'"; // use the body as a default search if none are checked $andOr = isset($_GET['matchall'])?'AND':'OR'; $searchSQL .= implode(" {$andOr} ", $types) . " ORDER BY `sLocation`"; // order by title. $searchResult = mysql_query($searchSQL) or trigger_error("There was an error.<br/>" . mysql_error() . "<br />SQL Was: {$searchSQL}"); if (mysql_num_rows($searchResult) < 1) { $error[] = "The search term provided {$searchTerms} yielded no results."; }else { $results = array(); // the result array $i = 1; while ($row = mysql_fetch_assoc($searchResult)) { $results[] = "{$i}: {$row['sLocation']}<br />{$row['sNumberofbedrooms']}<br />{$row['sbody']}<br /><br />"; $i++; } } } } function removeEmpty($var) { return (!empty($var)); } if (!$result) { echo "Error running query:<br>"; trigger_error(mysql_error()); } elseif(!mysql_num_rows($result)) { // no records found by query. echo "No records found"; } else { $i = 0; echo '<div class="container" style="float:left;">'; while($row = mysql_fetch_array($result)) { // Loop through results $i++; echo '<div class="imageholder" style="float:left;">'; echo '<img class="image1" src="'. $row['images'] .'" />'; //image echo '</div>'; echo '<div class="textholder" style="font-family:helvetica; font-size:13px; float:left; padding-top:10px;">'; echo "<span style=\"color:green;\"><b>Displaying record $i<br>\n</b><br></span>"; echo "<b>" . $row['id'] . "</b><br>\n"; // Where 'id' is the column/field title in the database echo "Location: ". $row['Location'] . "<br>\n"; // Where 'location' is the column/field title in the database echo "Property Type: ". $row['Property_type'] . "<br>\n"; // as above echo "Bedrooms: ". $row['Number_of_bedrooms'] . "<br>\n"; // .. echo "Purchase Type: ". $row['Purchase_type'] . "<br>\n"; // .. echo "Price: ". $row['Price_range'] . "<br>\n"; // .. echo '</div>'; echo '<div style="clear:both"></div>'; } echo '</div>'; } mysql_close($con); // Close the connection to the database after results, not before. ?> hi im new to these stuff and appreciate any help.
im creating a simple form with 1 textbox and a search button. when the button is pressed a select query should run and check the mysql database and list that result on that same page. For example, lets say there is a textbox named Lastname, then the search button should search mysql and list down the last name matching that name.
Form code :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Search</title> </head> <body> <form action="post.php" method="GET"> <input type="text" name="query" /> <input type="submit" value="Search" /> </form> </body> </html>Any help? I need to show the result right bellow the button, and if no match found it should display an error : no match found thanks Hi, I was wondering could anyone help me here please, I'm pretty stuck and not sure what's wrong. I have also posted this topic on Daniweb if that is OK as I'm kind of stuck for time on this (If I'm not allowed post on multiple forums this can be deleted). I have a database that contains files and I want to be able to search those files by putting in a ID number into a textbox on my homepage of a website I'm working on. In my databse my doc_id is the primary key, and I want the user to be able to enter a document ID and have all the information returned to them. Can anyone help me here as I don't understand why it isn't working? Here is the code as it is at the moment - Code: [Select] <?php include 'connect_db.php'; include 'newheader.php'; function sanitize_data($data) { $data = array_map('trim',$data); $data = array_map('strip_tags',$data); $data = array_map('htmlspecialchars',$data); $data = array_map('mysql_real_escape_string',$data); return $data; } $post = sanitize_data($_POST); if (isset($_POST['searchID'])) { $find = $_POST['find']; $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); $field = $_POST['field']; $data = mysql_query("SELECT * FROM tc_tool.forms WHERE upper(".$field.") LIKE'%$find%'") or die(mysql_error()); while ($result = mysql_fetch_array( $data )) { echo $result['doc_number']; echo " "; echo $result['doc_title']; echo " "; echo "<br>"; echo "<br>"; } ?> The error returned to me is this - Incorrect parameter count in the call to native function 'upper' Here is the code to my button too if it is any use - Code: [Select] <body onLoad = "documentNumber.focus()"> <input type= "text" id= "documentNumber" name= "searchbyequipmenttype" class= "eSearchFormInput"/> <input type= "submit" name= "searchID" value="Search By Doc ID" /><br /> And I have no idea why it is, can anyone help if possible? I have tried it a few ways so if needed I'll post the other ways I've tried it. Thanks if anyone can help Hello!To search in a table from my database i use this: mysql_connect ("localhost", "","") or die (mysql_error()); mysql_select_db (""); $key = $_POST['key']; $sql = mysql_query("select * from internet_securitate where nume_produs like '%$key%'"); while ($row = mysql_fetch_array($sql)){ echo 'Produs ID: '.$row['internet_securitateID']; echo '<br/> Denumire Produs: '.$row['nume_produs']; echo '<br/> Descrie '.$row['descriere']; echo '<br/> Disponibilitate: '.$row['disponibilitate_produs']; echo '<br/><br/>'; } can i expand this to searh in 3 tables? :-? Hi, Hoping someone could help me, im not great at php programming and im trying to implement a search form which searches a sql database but for some reason its not working i keep on getting the following error.. " Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\site\contact\search.php on line 141" Im not sure why this happens and its really starting to bug me now :/ I have to pages to the search feature, one page which contains the <form> and the other with the PHP code.... the form.. <form method="get" action="search.php"> <label>Search Term: <input type="text" id="query" name="query"/> </label> <label> <select name="category" id="category"> <option value="none">Please Select a Type</option> <option value="teamname">Manager Name</option> <option value="manager">Team Name</option> <option value="age">Age Group</option> </select> </label> <input name="Search" type="submit" value="Search"/> </form> the PHP code.. <?php $query=$_GET['query']; $db_host="localhost"; $db_username="root"; $db_password=""; $db_name="info"; $db_tb_name="info"; $db_tb_atr_name=$_GET['category']; mysql_connect("$db_host","$db_username","$db_password"); mysql_select_db("$db_name"); $query_for_result=mysql_query("SELECT * FROM $tb_name WHERE $db_tb_atr_name like '%".$query."%'"); while($data_fetch=mysql_fetch_array($query_for_result)) { echo "<p>"; echo $data_fetch['table_attribute']; echo "</p>"; } mysql_close(); ?> Id be really great full for any light you guys could shed on this for me with thanks, fozze Hey guys, |
|||||||