Welcome to WebmasterWorld Guest from 54.234.38.8

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

cut down description from database

     
1:24 am on Nov 12, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 2, 2006
posts:187
votes: 0


I'm displaying a description from a database using php. The descriptions that are in the database are going to be fairly large. I don't want to display the entire description on the webpage, only a portion of it. Here is my code:

$dbh=mysql_connect ("localhost", "username, "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("search");
$searchterm=$_POST['searchterm'];
$searchterm= trim($searchterm);

if (!$searchterm) {
echo 'You have not entered a search term. Please try again.';
exit;
}
if (!get_magic_quotes_gpc()) {
$searchterm = addslashes($searchterm);
}

$query = "SELECT * FROM site_data WHERE description LIKE '%$searchterm%'";
$result = mysql_query($query);

$num_results = mysql_num_rows($result);

echo "<p>Number of Results found for <i><strong>$searchterm</strong></i>: $num_results</p>";

for ($i=0; $i <$num_results; $i++) {
/*$row = $result->fetch_assoc();*/
$row = mysql_fetch_assoc($result);
echo '<p>'.($i+1).': ';
echo stripslashes($row['page_title']);
echo '<br />';
echo stripslashes($row['description']);
echo '<br />';
echo stripslashes($row['url']);
echo '</p>';
}
?>

2:09 am on Nov 12, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 4, 2007
posts:73
votes: 0


I had the same question a while back... check this thread.

[webmasterworld.com...]

R

2:11 am on Nov 12, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 2, 2006
posts:187
votes: 0


Thanks I'll try out the suggestions from that thread.
7:24 pm on Nov 12, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:July 12, 2007
posts:766
votes: 0


Although this is off topic -
if (!get_magic_quotes_gpc()) {
$searchterm = addslashes($searchterm);
}

You are only adding slashes to your data, not using the mysql_real_escape_string [uk2.php.net], so your string could be safer.
You may want to use something like -

if (get_magic_quotes_gpc()) {
$searchterm = stripslashes($searchterm);
}
$searchterm = mysql_real_escape_string($searchterm);
11:18 pm on Nov 12, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 2, 2006
posts:187
votes: 0


Thanks for the tip.