1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:34 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Search function with PHP

I'm trying to implement a search function with PHP and mySQL

         

MartinWeb

2:42 am on Jun 21, 2007 (gmt 0)

10+ Year Member



Hi, I'm trying to implement a search function with PHP and mySQL, but right now it's not working. The script should take a search word entered in from a form, and search the database by author or title (the searcher will select which) for the word sought. I think it has something to do with the single and double quotes, because the syntax looks correct, but any help at all would be appreciated. Here're the lines of code in question from the form and the search script:
the form:
<form target="mainFrame" action="search.php" method="post">
Search: <input name="search" type="text"><br>
Sort by:
<select name="col">
<option value="Author">Author</option>
<option value="Title">Title</option>
</select>
<input type="submit" name="submit" value="Search">
</form>

from the search.php code:
if($_POST['col']=="Author"){
$q="SELECT * FROM 'BookNook' WHERE 'Author' LIKE $_POST[search]" ;}
if($_POST['col']=="Title"){
$q="SELECT * FROM 'BookNook' WHERE 'Title' LIKE $_POST[search]" ;}

And if you want to see the site they're being used on, it's here: <snip>.
I'm new to PHP and mySQL, so I'd appreciate any help. Thanks. =]

Here's the rest of the php code in search.php if anyone's interested:
<? include('connect.php');?>
<?php
$db=mysql_select_db($dbase,$dbh) or die("Could not select database");
if($_POST['col']=="Author"){
$q="SELECT * FROM 'BookNook' WHERE 'Author' LIKE $_POST[searchs]" ;}
if($_POST['col']=="Title"){
$q="SELECT * FROM 'BookNook' WHERE 'Title' LIKE $_POST[search]" ;}
$result=mysql_query($q) or die ("Could not execute query: $q.".mysql_error());
while($row=mysql_fetch_array($result)){
$id=$row["id"];
$Title=$row["Title"];
$cover=$row["cover"];
$Author=$row["Author"];
$Rating=$row["Rating"];
$viewcount=$row["viewcount"];?>
<tr class="row">
<td class="cover"><img src="<?php echo "$cover";?>"></td>
<td class="title"><?php echo "<a href=\" view.php?id=$id\">"?><?php echo "$Title";?></a> <br>
by <?php echo "$Author";?>
<br> Rating: <?php echo "$Rating";?></td>
</tr>
<?php }?>

[edited by: eelixduppy at 3:08 am (utc) on June 21, 2007]
[edit reason] removed personal link - see charter [/edit]

eelixduppy

3:39 am on Jun 21, 2007 (gmt 0)



Hello, and Welcome to WebmasterWorld.

There are a few problems with your syntax. The first is, you cannot put an array in a string like that. The second is, your LIKE syntax is incorrect. The third is, you are matching the string exactly; I'm not sure if this is what you want, but my guess is no. And the fourth is that you are not escaping your variables. So, try something like this: 


if($_POST['col']=="Author"){
$q="SELECT * FROM `BookNook` WHERE `Author` LIKE '%".[url=http://www.php.net/mysql-real-escape-string]mysql_real_escape_string[/url]($_POST[search])."%'"; }
else if($_POST['col']=="Title"){
$q="SELECT * FROM `BookNook` WHERE `Title` LIKE '%".mysql_real_escape_string($_POST[search])."%'"; }

We also have a thread in our library that may help: Developing MySQL Search Query [webmasterworld.com].

Good luck!

MartinWeb

12:54 am on Jun 25, 2007 (gmt 0)

10+ Year Member



Hi. The code works better exept I get this eror message ( It is okay exept I get this eror message.

Code-

if($_POST['col']=="Author"){
$q="SELECT * FROM `BookNook` WHERE `Author` LIKE '%".mysql_real_escape_string($_POST[search])."%'"; }
else if($_POST['col']=="Title"){
$q="SELECT * FROM `BookNook` WHERE `Title` LIKE '%".mysql_real_escape_string($_POST[search])."%'"; }

Eror message-

Fatal error: Call to undefined function: mysql_real_escape_string() in /www/cgi/Books/search.php on line 43

Can you tell me what is wrong with it?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:34 am May 2, 2026