PHP Search Form Help

usman07

I have a search form and have set up php, but at the moment its not making the correct searches, what am i doing wrong.
Help is appreciated.

heres my php code:


<?php

$server = "";      // Enter your MYSQL server name/address between quotes
$username = "";    // Your MYSQL username between quotes
$password = "";    // Your MYSQL password between quotes
$database = "";    // Your MYSQL database between quotes

$con = mysql_connect($server, $username, $password);       // Connect to the database
if(!$con) { die('Could not connect: ' . mysql_error()); }  // If connection failed, stop and display error
mysql_select_db($database, $con);  // Select database to use
// Query database
$result = mysql_query("SELECT * FROM Properties");

// Set up our error check and result check array
$error = array();
$results = array();

// First check if a form was submitted. 
// Since this is a search we will use $_GET
if (isset($_GET['search'])) {
   $searchTerms = trim($_GET['search']);
   $searchTerms = strip_tags($searchTerms); // remove any html/javascript.

   if (strlen($searchTerms) < 10) {
      $error[] = "Search terms must be longer than 10 characters.";
   }else {
      $searchTermDB = mysql_real_escape_string($searchTerms); // prevent sql injection.
   }

   // If there are no errors, lets get the search going.
   if (count($error) < 1) {
      $searchSQL = "SELECT sid, sbody, stitle, sdescription FROM simple_search WHERE ";

  // grab the search types.
  $types = array();
  $types[] = isset($_GET['images'])?"`simages` LIKE '%{$searchTermDB}%'":'';
  $types[] = isset($_GET['Location'])?"`sLocation` LIKE '%{$searchTermDB}%'":'';
  $types[] = isset($_GET['Number of bedrooms'])?"`snumberofbedrooms` LIKE '%{$searchTermDB}%'":'';

  $types = array_filter($types, "removeEmpty"); // removes any item that was empty (not checked)

  if (count($types) < 1)
     $types[] = "`simages` LIKE '%{$searchTermDB}%'"; // use the body as a default search if none are checked

      $andOr = isset($_GET['matchall'])?'AND':'OR';
  $searchSQL .= implode(" {$andOr} ", $types) . " ORDER BY `sLocation`"; // order by title.

  $searchResult = mysql_query($searchSQL) or trigger_error("There was an error.<br/>" . mysql_error() . "<br />SQL Was: {$searchSQL}");

  if (mysql_num_rows($searchResult) < 1) {
     $error[] = "The search term provided {$searchTerms} yielded no results.";
  }else {
     $results = array(); // the result array
     $i = 1;
     while ($row = mysql_fetch_assoc($searchResult)) {
        $results[] = "{$i}: {$row['sLocation']}<br />{$row['sNumberofbedrooms']}<br />{$row['sbody']}<br /><br />";
        $i++;
     }
  }
   }
}

function removeEmpty($var) {
   return (!empty($var)); 
}

if (!$result)
{
    echo "Error running query:<br>";
    trigger_error(mysql_error());
}
elseif(!mysql_num_rows($result))
{
    // no records found by query.
    echo "No records found";
}
else
{
    $i = 0;
    echo '<div class="container" style="float:left;">';
  while($row = mysql_fetch_array($result)) {     // Loop through results
        $i++;
	echo '<div class="imageholder" style="float:left;">';
        echo '<img class="image1" src="'. $row['images'] .'" />';   //image
	echo '</div>';		
	echo '<div class="textholder" style="font-family:helvetica; font-size:13px; float:left; padding-top:10px;">';
        echo "<span style=\"color:green;\"><b>Displaying record $i<br>\n</b><br></span>";
        echo "<b>" . $row['id'] . "</b><br>\n";      // Where 'id' is the column/field title in the database
        echo "Location: ". $row['Location'] . "<br>\n";            // Where 'location' is the column/field title in the database
        echo "Property Type: ". $row['Property_type'] . "<br>\n";       // as above
        echo "Bedrooms: ". $row['Number_of_bedrooms'] . "<br>\n";  // ..
        echo "Purchase Type: ". $row['Purchase_type'] . "<br>\n";       // ..
        echo "Price: ". $row['Price_range'] . "<br>\n";         // ..
	echo '</div>';
	echo '<div style="clear:both"></div>';				
    }
echo '</div>';	}

mysql_close($con);  // Close the connection to the database after results, not before.
?>

dalecosp

No error, I assume?

I tend to debug this sort of thing like this:

if ($debug) { // a variable I set at script top for debugging ;-)
   echo "<!-- $sql -->";
}

There are other, perhaps more elegant (safe? is this production code?) ways to do it also, but this Works For Me(tm).

Then I can go into the mysql CLI program (or PHPMyAdmin for the faint-hearted) and see just what the query is returning.

HTH,

usman07

thanx for your reply. yeah no error message comes up, I press search and a entry is shown form my mysql database.

I pasted that code at the top but still no error message appears?

Im working on a property website and want the search form to search for properties in different areas/prices etc.

heres a link to the website: http://www.mumtazproperties.hostei.com/index.html

dalecosp

Well, it's formatted to make an HTML comment. So you'd need to look in the "source code" of the page. I do it that way because I don't want someone seeing my queries in the event they're looking over my shoulder or somehow have some access to my development server (which they might) or in the unfortunate but frequent circumstance of having to debug SQL on a working site.

I'm sorry I didn't make that clear.

I must say that doing this (echoing the SQL) has helped me with several headscratchers, though. Including writing my own "site search" module.