Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts

    Question Entire database shows up with search

    I can't correct my subject line: I meant to say "Entire table contents shows up with search." Sorry.

    I'm a bit lost. I've been tweaking here and there trying to get my search to work properly and I'm really puzzled.

    My searchbox works. It produces a result in an iframe on the same page just the way it should, but here's the head scratcher: no matter what's typed in the searchbox, all the data from my entire table comes up in the iframe.

    Now I've heard about mysql injection and that throws another question into the mix.

    Any help would be greatly appreciated as to why my specific word search doesn't show just one word and its definition.

    This is my searchbox code:

    Code:
    	<div><form style="margin: 0px;" method="get" action="search.php" target="results_frame"><input class="searchbox" onfocus="if (this.defaultValue==this.value) this.value='';" name="query" value="enter a word "/></form></div>
    	<div class="results"><iframe name="results_frame" src="" width="752" frameborder="1" height="100" scrolling="auto"></iframe></div>

    This is my search.php code:

    PHP Code:
    <?php

    mysql_connect 
    ("host""username","password")  or die (mysql_error());
    mysql_select_db ("database");

    $term $_POST['term']; $sql mysql_query("select * from wordtest where Word like '%$term%'");

    while (
    $row mysql_fetch_array($sql)){
    echo 
    '<br/>'.$row['Word']; echo ' <br/><br/>Speech: '.$row['Speech']; echo ' | Definition: '.$row['Definition']; echo '<br/>';
    }

    ?>
    Last edited by Kevin_M_Schafer; 11-30-2011 at 12:18 AM. Reason: Meant to say table contents instead of database
    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,128
    Thanks
    80
    Thanked 4,556 Times in 4,520 Posts
    Code:
    method="get"
    versus
    Code:
    $term = $_POST['term'];
    Change one or the other of those.

    When you send the data to PHP using "get", then *ALL* $_POST data will be blank.

    And so you end up doing "... WHERE Word like '%%' and quite properly you get back all records.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    Kevin_M_Schafer (11-30-2011)

  • #3
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts
    I changed a few things, but I'm still not understanding what I have wrong. All the content of my table is still being displayed in the results -- regardless of what entry is made in the searchbox.

    Is any of my code unnecessary? I've been tweaking it so much, I've lost track of where I started.


    Code:
    <div><form method="post" action="search.php" target="results_frame"><input class="searchbox" onfocus="if (this.defaultValue==this.value) this.value='';" name="query" value="enter a word "/></form></div>
    	
    	<div class="results"><iframe name="results_frame" src="" width="752" frameborder="0" height="100" scrolling="auto"></iframe></div>


    PHP Code:
    $term $_POST['term']; $sql mysql_query("select * from wordtest where Word like '%$term%'"); 
    while (
    $row mysql_fetch_array($sql))

    echo 
    '<br/>'.$row['Word']; echo ' <br/><br/>Speech: '.$row['Speech']; echo ' | Definition: '.$row['Definition']; echo '<br/>';

    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,128
    Thanks
    80
    Thanked 4,556 Times in 4,520 Posts
    I don't see anything in your <form> that will *SUBMIT* the <form>. WHere is that being done from???

    Why do you hate using line breaks in your code? It makes the code so much harder to read. It has *NO* impact on the speed of the code.

    Code:
    <div>
    <form method="post" action="search.php" target="results_frame">
        <input class="searchbox" onfocus="if (this.defaultValue==this.value) this.value='';"
                 name="query" value="enter a word "/>
    </form>
    </div>
    See? Nothing showing there that will *ever* submit that form.

    So I don't know how you get any results at all in your iframe.

    For the PHP code, try a tiny bit of DEBUG DEBUG DEBUG.
    Code:
    $term = $_POST['term']; 
    echo "DEBUG term is " . $term . "<hr/>\n";
    
    $sqltext = "select * from wordtest where Word like '%$term%'";
    echo "DEBUG SQL is " . $sqltext . "<hr/>]n";
    
    $sql = mysql_query( $sqltext );
    ...
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    Kevin_M_Schafer (11-30-2011)

  • #5
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts
    Users hit the enter key to sumbit the search. I thought it was a good idea with many of the social sites doing it nowadays.

    http://www.theeagleextra.com/wordic/wordic.shtml
    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,128
    Thanks
    80
    Thanked 4,556 Times in 4,520 Posts
    Oh, okay. Not sure that works in all browsers. An easy way to make sure it does is add an onchange to the text field:
    Code:
    <form method="post" action="search.php" target="results_frame">
        <input class="searchbox" onfocus="if (this.defaultValue==this.value) this.value='';"
                 onchange="this.form.submit();"
                 name="query" value="enter a word "/>
    </form>
    Anyway, what did the DEBUG in the PHP code show you?
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    Kevin_M_Schafer (11-30-2011)

  • #7
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts
    Hi Old Pedant,

    Your DEBUG showed the following result:

    DEBUG term is
    --------------------------------------------------------------------------------
    DEBUG SQL is select * from wordtest where Word like '%%'
    --------------------------------------------------------------------------------
    ]n


    Speech: | Definition:

    I added your DEBUG to my php code. I wasn't sure if I was to replace mine with yours.

    PHP Code:
    $term $_POST['term']; $sql mysql_query("select * from wordtest where Word like '%$term%'"); 
    while (
    $row mysql_fetch_array($sql))
    $term $_POST['term']; 
    echo 
    "DEBUG term is " $term "<hr/>\n";

    $sqltext "select * from wordtest where Word like '%$term%'";
    echo 
    "DEBUG SQL is " $sqltext "<hr/>]n";

    $sql mysql_query$sqltext );

    echo 
    '<br/>'.$row['Word']; echo ' <br/><br/>Speech: '.$row['Speech']; echo ' | Definition: '.$row['Definition']; echo '<br/>';
    }

    ?> 
    At this point in my knowledge of php and mySQL, I don't know what this result means. That's where I need your help.

    Thanks for the onchange.

    Please help if you can. I really appreciate your time.
    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.

  • #8
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts
    Here is the result with your php DEBUG code replacing my php completely:

    DEBUG term is
    --------------------------------------------------------------------------------
    DEBUG SQL is select * from wordtest where Word like '%%'
    --------------------------------------------------------------------------------
    ]n


    Speech: | Definition:
    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.

  • #9
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Can't believe I didn't notice this earlier!

    Your text box is called query, but you're looking for $_POST['term'] which refers to an element named 'term'. Change $term to equal $_POST['query'].
    PHP Code:
    // Assign term and escape it
    $term mysql_real_escape_string($_POST['query']);

      
    echo 
    "DEBUG term is " $term "<hr/>\n"

    $sqltext "select * from wordtest where Word like '%$term%'"
    echo 
    "DEBUG SQL is " $sqltext "<hr/>]n"

    $sql mysql_query$sqltext ); 
    while (
    $row mysql_fetch_array($sql)){  
        echo 
    '<br/>'.$row['Word']; echo ' <br/><br/>Speech: '.$row['Speech'];
        echo 
    ' | Definition: '.$row['Definition']; echo '<br/>'


    ?> 

  • Users who have thanked BluePanther for this post:

    Kevin_M_Schafer (12-01-2011)

  • #10
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,128
    Thanks
    80
    Thanked 4,556 Times in 4,520 Posts
    LOL! And I even re-typed his entire <input> and didn't notice that!

    SHEESH!
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #11
    Regular Coder Kevin_M_Schafer's Avatar
    Join Date
    Apr 2011
    Location
    Fairfax, Minnesota, U.S.A.
    Posts
    482
    Thanks
    97
    Thanked 17 Times in 17 Posts
    BluePanther,

    You did it! This really makes my day. It works!

    I only have about 40 lines of data uploaded so far, all for the letter Z.

    If you want to try it, you can type in zip, zulu, zone, zebrula, zarf.

    I will be uploading 150,000 lines (approximately) soon.

    I will be working on styling and "no records found" reply for an empty result. This is great.

    Thanks to Old Pedant, too. You guys are what makes CodingForums great.
    My keyboard is an IBM from 1993 and I like it that way. | Who is Dan Well? Everyone always says I know Dan Well.Building a web page is like building a birdhouse. Put it up there and watch 'em come. | Maintaining the aspect ratio of an image is more important than having a cold orange pop.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •