searching...

gt8684

ok im going to beat the dead horse on this one... woo.. ive been on this for a few days now and its killing me... literally i think... ok so what im trying to do is run a search from a form with php to my database. when i search my database just for a persons first name, it will pull up a list of people with that first name... if i just type in a last name it will pull up a list of people with that last name... now in my database i have first and last name in 2 seperate fields... but here is the kicker.. when i type in first and last name ex.. "john doe" it returns a blank screen... with no member listing at all... how do i get it to search both john and doe at the same time? and also how would i impletment a email search in there as well.... i want to do this all in one search box... thanks, if anyone needs anymore info ill be here 😃

BrightIdeas

It would help to see the code you're using in your search query...

gt8684

<?php
include_once "scripts/connect_to_mysql.php";
$queryString = "WHERE emailactivated='1' ORDER BY id ASC";
//$queryMsg = "Showing Senior to Newest members by Default";

if ($_POST['listByq'] == "by_firstname") {

$fname = $_POST['fname'];
$fname = stripslashes($fname); 
$fname = strip_tags($fname);
$fname = eregi_replace("`", "", $fname);
$fname = mysql_real_escape_string($fname);

$queryString = "WHERE firstname LIKE '&#37;$fname%' || lastname LIKE '%$fname%' AND emailactivated='1'";
$queryMsg = "Showing members with the name you searched for $fname";

}

$sql = mysql_query("SELECT id, firstname, lastname, country, state, city FROM members $queryString");

$outputList = '';
while($row = mysql_fetch_array($sql)){

$id = $row["id"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$country = $row["country"];
$state = $row["state"];
$city = $row["city"];

$check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";

if (file_exists($check_pic)) {
$user_pic = "<img src=\"$check_pic\" width=\"120px\" border=\"0\" />";
} else {
$user_pic = "<img src=\"$default_pic\" width=\"120px\"  border=\"0\" />";
}

$outputList .= '
<div id="searchpic" style="height:120px; overflow:hidden;"><a href="profile.php?id=' . $id . '" target="self">' . $user_pic . '</a></div>
<div align="left"> Name:<a href="profile.php?id=' . $id . '" target="self">' . $firstname . ' ' . $lastname . '</a></div>
<div align="left"> Country:' . $country . ' </div>
<div align="left"> State:' . $state . ' </div>
<div align="left"> City:' . $city . ' </div><br /><br /><br />
<hr />
';
}

?>
///////and this is where the html is

<div id="searchbox"><form id="form3" name="form3" method="post" action="membersearch.php">
<div align="center">Search By Name
<input type="text" name="fname" id="fname" />

        <input name="button3" type="submit" id="button3" value="Find Vacationers" />
        <input type="hidden" name="listByq" value="by_firstname" />
      </div>
    </form>
    </div>

johanafm

In php.ini, set
error_reporting = E_ALL
log_errors = /path/to/logfile

You may need to restart your webserver afterwards, but from that point on you will get errors and warnings in a log file. They might tell you something.

Apart from that, when posting code, always indent it properly and wrap it in appropriate tags: html tags for html code, php tags for php code, code tags for other languages.

All functions starting with ereg are deprecated, but since you are doing completely pointless things with it, you might as well remove it rather than replace it with preg.

	$fname = $_POST['fname'];
/* Remove these lines below... */
	$fname = stripslashes($fname);
	$fname = strip_tags($fname);
	$fname = eregi_replace("`", "", $fname);
/* ... remove these lines above */
	$fname = mysql_real_escape_string($fname);

Since you are using mysql_real_escape string, the input will not be able to harm you. There is 0 chance of sql injection here. The other functions don't give you any safety in this regard, and since you allready get 100% safety allready, they would still be pointless even if they did help.
What they do, however, is change the user's input, so that the database is searched for something other than the user specified. This is a bad thing. For example, let's say you one day allow searching for usernames, rather than just first and last real names, and that usernames allow other characters than real names do. You then risk having "unsearchable" usernames, since you silently change user input.
What you ought to do instead, if anything at all, is check the input string for invalid characters and inform the user so that they can make the corrections themselves.

You will also never manage to get any results back from the database when serching for "John Doe", unless of course someone has either "John Doe" as first name or "John Doe" as last name. But I would suspect they have John as first and Doe as last name.

gt8684

johanafm;10982947 wrote:
You will also never manage to get any results back from the database when serching for "John Doe", unless of course someone has either "John Doe" as first name or "John Doe" as last name. But I would suspect they have John as first and Doe as last name.

ok so i understood everything you told me up until i got to the last section aqs quoted above.... yes, firstname is one column and lastname is a second column and email is yet another... so if i understand what your telling me, i will never be able to search a person with the name "john doe" if the first name is in the field firstname and last name is in the field lastname? obviusly it has to work in some form, i mean if you go to facebook or myspace or whatever, and search a first and last name they pull that info up, you can even search by email, your tellin me that they put all that information in one field? thanks for the help... gt

cretaceous

this may be a bit hacky but..
grab your search phrase e.g.:
$srch=$_GET['search'];

explode that on word spaces
run a "foreach" on the explode arrray and create a chunk of sql that looks like this after the foreach :

...( firstname='john' OR lastname='john') OR (firstname='doe' OR lastname='doe')

johanafm

gt8684;10982965 wrote:
so if i understand what your telling me, i will never be able to search a person with the name "john doe" if the first name is in the field firstname and last name is in the field lastname?
obviusly it has to work in some form (...)

Well, I was merely pointing out that it wouldn't work the way you had it, since you were comparing potentially several words (e.g. 'John Doe') against first name and then again the same words against last name. Which means that unless someone has first name 'John Doe' or last name 'John Doe' you could never get a match.

cretaceous does give you one way to make it work. Another way would be to supply one form input field for "first name" and a separate form input for "last name".