Hi,

I'm was asked to create a search engine. The same search on data in a MySQL service. Right now it work, but the search query is not powerful. How I can improve it and make it a good search engine?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Search Results - Personal</title>
<!-- InstanceEndEditable -->
<link href="css_style.css" rel="stylesheet" type="text/css" />
<link href="print.css" type="text/css" rel="stylesheet" media="print">
<link rel="Shortcut Icon" href="favicon.ico"/> <!-- Added by me -->
</head>

<body>
<table width="1038" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
<td colspan="2"><img src="source_files/header.png" alt="header" width="1038" height="140" /></td>
  </tr>
  <tr>
    <td colspan="2" bgcolor="#333333" class="menu_nav"><a href="index.html">. Home</a><a href="pam.html">. PAM</a><a href="fdbt.html">. FDBT</a><a href="itim.html">. ITIM</a><a href="portal.html">. Portal</a><a href="top.html">. TOP</a><a href="tror.html">. TROR</a> <a href="http://127.0.0.1/limesurvey/index.php?sid=85543&lang=en">. Feedback</a> <a href="search.php" target="_self">. Search</a></td>
  </tr>
  <tr>
    <td width="178" valign="top" class="left_column"><!-- InstanceBeginEditable name="left_column" -->
      <p>&nbsp;</p>
      <ul><li></li>
      </ul>
    <!-- InstanceEndEditable --></td>
    <td width="860" valign="top" class="right_column"><!-- InstanceBeginEditable name="right_column" -->
    
      <h1 align="center" class="right_column">Search Results</h1>
<?php 
$var = @$_GET['search_field']; // '@' supress error messages
 
if (ereg("^[A-z0-9+. -]*[']?[A-z0-9+. -]*$",$var)) 
	{
		$trimmed = trim($var);
	} 
			
else 
	{
		//$testquery = FALSE;
		echo "Invalid search term.  Click back in your browser to return.";
		exit;
	}  
	
//validation
if ($trimmed == "") // if the search box is empty
{
  echo "<p>Please enter text in the search box.  Click back in your browser to return.</p>";
  exit;
}

// Database
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'guess';

// Connecting to database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); 
$dbname = 'direc_files';
mysql_select_db($dbname,$conn);

// Get timestamp before executing the query:
$start_time = getmicrotime();


// Query or search parameter
$result = mysql_query("SELECT * FROM index_files WHERE file_name LIKE \"%$trimmed%\" ORDER BY file_name ASC") or die("Couldn't execute query");
$numrows=mysql_num_rows($result);

/* Get timestamp when the query is finished: */
$end_time = getmicrotime();

// Specify how many results to display per page
$limit = 10;

  if ($numrows == false)
  { // if began
   echo "What you looking for does not exist.";
   mysql_close($conn);
   exit;
  } // if end

  else
  { // else began
   // display what the person searched for
   echo "<p>You searched for: " ."<strong>" .$var . "</strong>" . "</p>";
   while( $row = mysql_fetch_array($result) )  // displaying the data
 	{ // while began
  	 echo $row['file_name'] . " ";
  	 echo '<a href="http://127.0.0.1/mysite/search' .$row['directory'] . '">' . "View</a>";
  	 echo "<br>" . "\n" . "</br>";
	 echo "<br>" . "\n" . "</br>";
 	} // while end
  } // else end 

// freeing the memory 
mysql_free_result($result);
// close mysql connection
mysql_close($conn);

/* Present how long it took the execute the query: */

echo "<strong>Query executed in ".(substr($end_time-$start_time,0,5))." seconds.</strong>";

/* Simple function for retrieving the current timestamp in microseconds: */
function getmicrotime()
{
   list($usec, $sec) = explode(" ",microtime());
   return ((float)$usec + (float)$sec);
}
  
?>
      <!-- InstanceEndEditable --></td>
  </tr>
  <tr>
    <td colspan="2" class="footer"> Personal </td>
  </tr>
</table>
</body>
<!-- InstanceEnd --></html>

A) Stop using PHP4 or if you're using PHP5 STOP USING ereg
B) Stop using @, it's slow and its sole purpose is to hide errors (BAD)
C) Don't use/abuse regular expression before you understand them (Case in point "^[A-z0-9+. -]*[']?[A-z0-9+. -]*$" D) DON'T MIX LOGIC WITH HTML

A) Stop using PHP4 or if you're using PHP5 STOP USING ereg
B) Stop using @, it's slow and its sole purpose is to hide errors (BAD)
C) Don't use/abuse regular expression before you understand them (Case in point "^[A-z0-9+. -]*[']?[A-z0-9+. -]*$" D) DON'T MIX LOGIC WITH HTML

B) Placing an @ symbol functions to suppress any error message that might arise because of the variable request. It can be helpful to suppress system errors in web applications to avoid giving an attacker additional information about the application.

Is not a good practice to suppress error message?

C) Can you explain this point? I got that from this reference:
http://www.joedolson.com/Search-Engine-in-PHP-MySQL.php

D) What do mean?

Thanks for you response.

As for B, no, it's not good to suppress error messages. If you don't want to display errors in a live environment then use the error_reporting 0 ini setting.

As for C, exactly, you got it from somewhere else, do you understand how it works and why it works?

And finally, for D: You just randomly have PHP and HTML mixed together in no particularly organized way. It makes it hard to follow, hard to maintain and just plain ugly.

As for B, no, it's not good to suppress error messages. If you don't want to display errors in a live environment then use the error_reporting 0 ini setting.

As for C, exactly, you got it from somewhere else, do you understand how it works and why it works?

And finally, for D: You just randomly have PHP and HTML mixed together in no particularly organized way. It makes it hard to follow, hard to maintain and just plain ugly.

D) There is any way to accomplish that? Any standard?

Can you give me a suggestion to improve search (line 67), I feel it is not powerful is just a simple query.

D) There is any way to accomplish that? Any standard?

Can you give me a suggestion to improve search (line 67), I feel it is not powerful is just a simple query.

Optimally you want absolutely ZERO HTML in your PHP unless absolutely necessary (simple loops, conditions, etc.), having application logic (handling GET/POST, executing queries, working with files) in your "view" which is in your case HTML is bad practice whether you're using an MVC or not (I'll let you Google that).

There is a lot you could do to make it more accurate like implementing wildcards, using more than just %string% , etc. Look at the MySQL documentation for WHERE clauses and you'll get some ideas.

Optimally you want absolutely ZERO HTML in your PHP unless absolutely necessary (simple loops, conditions, etc.), having application logic (handling GET/POST, executing queries, working with files) in your "view" which is in your case HTML is bad practice whether you're using an MVC or not (I'll let you Google that).

There is a lot you could do to make it more accurate like implementing wildcards, using more than just %string% , etc. Look at the MySQL documentation for WHERE clauses and you'll get some ideas.

Thanks! I will do some research.

This question has already been answered. Start a new discussion instead.