[RESOLVED] Need good tutorial for simple search script..

Wales

I've tried looking at some tutorials that I found on yahoo, but all they do is give me bunch of errors. I need a tutorial on a simple search script that searches 1 table and 1 field and was wondering if anyone else have seen a good tutorial. Thanks.

dagon

select * from foo where bar like '%search%'

Wales

This is what I have..I'm not getting any results when I click submit for a search. I'm trying to display the results from the name field in the users table.

<?
include('connect.php');


mysql_select_db("$database");

$sql = mysql_query("SELECT name FROM users WHERE name LIKE '%search%'") or die (mysql_error());

while(list($name)=mysql_fetch_array($sql)){

echo "Result: $name <br />";

}
?>


<form method="POST" action="">
Search Word: <input type="text" name="query">
<input type="SUBMIT" value="Search!">
</form>

dagon

$sql = mysql_query("SELECT name FROM users WHERE name LIKE '%search%'") or die (mysql_error());

should be

$sql = mysql_query("SELECT name FROM users WHERE name LIKE '%$_POST[query]%'") or die (mysql_error());

Wales

After I changed that it automatically shows all the rows in the name column.

dagon

probably because the $_POST[query] is empty

bradgrafelman

As dagon points out, you should use an if() statement to see if $_POST['query'] is set ([man]isset[/man]).

Also, note that you should never place user-supplied data directly into a SQL query as this will leave you vulnerable to SQL injection attacks. Instead, you should sanitize all user-supplied data with a function such as [man]mysql_real_escape_string/man.

Wales

Thanks got it to work.