Are you checking to see if the form has been submitted?

if ($_POST) {
// all your databse stuff
}
else {
// display your form
}

Also are you redirecting people to another page to view the results of there search, or are you displaying those results on the original page?

<edit>
Just noticed that you are using if ($search), do you have globals on?

[edited by: PHP_Chimp at 9:55 am (utc) on April 8, 2008]

Trying to post on the same page

have a search form that I want to use for the query

Form on the same page

<p style="float:center; padding: 5px;">
<form method="post" action="<?php print($_SERVER['PHP_SELF'] ); ?>">
<input name="search" size="25"/>&nbsp;
<input value="Search" name="search" type="submit" class="button"/>

<small style="text-align:right;">
<a href="search.php">Advanced Search</a>
</small>
</form>
<?
if ($_POST) {
// all your databse stuff
}
else {
// display your form
}
?>

<br />
</p>

//query info

<?php

//Secure the DB base access connection
include "admin/config/db_inc.php";
//Secure End

//$search ='classifieds';
echo "$search";
echo "<br />";

if ($search) // perform search only if a string was entered.
{

$lResInsert=mysql_connect("$set_mysql_host","$set_mysql_user","$set_mysql_pass");
$lResSelect=mysql_select_db("$set_mysql_base",$lResInsert);


//$query = "SELECT question, answer, q_id FROM faq_questions WHERE answer LIKE '%$search%'";
$query = "SELECT question, answer, q_id FROM faq_questions WHERE answer LIKE '%$search%'";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);



//Fill out some vars first
$q = $row['q_id'];
$question = $row['question'];
$answer = $row['answer'];

//Rewrite to capitals
$question = ucwords(strtolower($question));
$answer = ucwords(strtolower($answer));
$search = ucwords(strtolower($search));

// Load the Side Menu
echo "<table border=0' cellspacing='0' class='welcome' style='clear:both; background: #F2F2F2; border-right: 1px dotted #666666;'>";
echo "<tr>";
echo "</tr>";
echo "<td>";
//session_start();
if (session_is_registered("valid_user"))
{
}
else
{
include "admin/templates/login.tpl";
}
// Google Adverts Start
include "admin/templates/adverts.tpl";
echo "</td>";
// Google Adverts Start
echo "</tr>";
echo "</table>";
echo "</td>";
echo "<td>";


// Display the adverts
echo "<div class='containertable' cellspacing='0'>";
echo "<table border='0' cellspacing='0' class='box' style='clear:both;'>";
echo "<tr>";
echo "<th width='40%'>Search Results the term $search</th>";
echo "</tr>";
//start alt columns
echo "<tr bgcolor=\"$bgcolor\">";

if ($numrows == 0) {
echo "<p> No items to shows</p>";
}
else {
$row = 0; // set count of array to be 0 for first run
for($i = 0; $i < count($row); ) {
while($row=mysql_fetch_assoc($result)){
$bgcolor = ($i % 2) ? '#EFEFEF' : '#F8F8F8';
//print results....


echo "<td bgcolor=\"$bgcolor\" style='clear:both; border-bottom: 1px dotted #666666; padding-left: 2 !important;' >";
echo "<h3><a href='http://$url/faq/faq.php?q_id=".$row['q_id']." '>" . substr($row['question'],0,100) . " ...</a></h3><br /><br /> " .substr($row['answer'],0,200) ."" ;
echo '<br/><br />';
echo "</td>";
echo "</tr>";

// alt mod
$i++;
}
//alt mod end

}
}

}
echo "</table>";
echo "</div>";
?>

Register_Globals is set to off for the main script

The bit in your code where you have "if ($search)" will not be doing what you intend.
As before that part of your code $search has not been used, so does not exist.

If you change that part to

if ($_POST['search']) {

This will test to see if your form has been submitted, and that the key search is in that array.
It may be better to use -

if ([url=http://uk2.php.net/manual/en/function.array-key-exists.php]array_key_exists[/url]('search', $_POST)) {

So get rid of the bit of php I originally posted that you have just under the form, and just modify your if ($search) to either of the above. Hopefully that will get you a lot closer.

Also avoid using the short tags <?, as they are not always supported. Stick to <?php.

This is allowing it to now work ok

$search = $_POST["search"];

Returns the query ok with this search form

<p style="float:center; padding: 5px;">
<form method="post" action="searchnew.php">
<input type=text name='search' size="25"/>&nbsp;
<input value="Search" type=submit class="button"/>
<small style="text-align:right;">
<a href="search.php">Advanced Search</a>
</small>
</form>
<br />
</p>

So you have got it to work :)

I need to santize the input do you know how I can do this?

mysql_real_escape_string [uk2.php.net] or mysqli_real_escape_string [uk2.php.net]. The second is better if you have php5.

You could use array_walk [uk2.php.net] to apply mysqli_real_escape_sting to all of the $_POST array.

$sanitized = array_walk($_POST, 'mysqli_real_escape_string');
if ($sanitized) {
// inputs ok to use
}
else {
// inputs still nasty
}

Or you could just do it the old fashioned way -

$search = mysqli_real_escape_string($_POST['search']);
$another = mysqli_real_escape_string($_POST['another']);

Thanks for the advice. Sorry I am trying to use it but I have limited knowledge and experience on php/mysql more of a hack and see if it works type of guy :)

I have just used the filter [owasp.org...]

added the filter to the search page

require('sanitize.inc.php');

$var=100.50;

$search = sanitize($var,HTML);

Next question is

$query = "SELECT question, answer, q_id FROM faq_questions WHERE answer LIKE '%$search%'";

I know but cant find how to do more than one search using pipes as some times the search seems to be very lean and not return any results unless it was a single word.

I think I can do LIKE '%$search%' ¦¦ next search ¦¦ another search ¦¦ etc

Thanks for all the help so far you have made pointed me in the right direction each time.

You can use % as a wildcard in a search.

So WHERE answer LIKE 'a%' would match apple, avocado, anaconda, etc.
So as you have %'s at either end of the search string that should provide good coverage.
You can also use the AND or OR statements

WHERE answer LIKE '%$search%' OR 'test';

[w3schools.com...]
[w3schools.com...]

So I can do this?

WHERE answer LIKE '%$search%' OR '%$search' OR '$search%';

$query = "SELECT question, answer, q_id FROM faq_questions WHERE answer LIKE '%$search%' or '$search%' '$search%'";

ok this seems to work

I need to have the results be from both answer and question at the moment its only answer

$query = "SELECT question, answer, q_id FROM faq_questions WHERE answer LIKE '%$search%' or '$search%' '$search%'";

So

SELECT question, answer, q_id FROM faq_questions WHERE answer

selects deom question and answer from the fa_question table but then its where answer

Do I need to join to get two tables?