Code help...

guido88

In this code:

<?php

mysql_connect("localhost","12345","asdfghjkl") or die("Unable to connect");
@mysql_select_db("hot_dogs") or die("Unable to select database");

$result = mysql_query("SELECT * FROM url_store WHERE title LIKE '%$searchterm%' OR
description LIKE '%$searchterm%' OR keywords LIKE '%$searchterm%' OR location LIKE '%$searchterm%'
OR channel LIKE '%$searchterm%'");
$num = mysql_num_rows($result);

if ($num != "0") {

while ($row = mysql_fetch_row($result)) {
	echo "$row[1], $row[2], $row[3], $row[4], $row[5]";
}

} else {
echo "No matches";
}
?>

Where would I add the:

if (!empty($searchterm))

if (isset($searchterm))

In order to patch up a security leak (ie...if you don't add anything into the search bar, hit search, it dumps the whole database onthe the screen -- the search bar should have at least one variable in the bar before the database will query).

Thanks.

Guido

junebug

put it at the very top of your script. something like this:

if(!isset($searchterm) || !$searchterm)
die("you must set a search term");

you want to check if it is false so people don't set the variable with no value like so:

http://domain/script.php?var=

hope that helps