1

Hello ,
I am a new user of this site and also new to web development.Recently while developing my site on tourism by php/mysql i thought of placing a search bar at the top of my website where users can search topics and results would be provided according to the keywords entered by them.
Is there any way to search all the tables of my database and provide the results to users.
Any idea regarding this would be of great help.

I have created a search bar as under
<div id="search" >
<form method="get" action="">
<div>
<input type="text" name="search" id="search-text" value="" />
<input type="submit" id="search-submit" value="GO" />
</div>
</form>
</div>

Votes + Comments
daffodil vrsity
5
Contributors
7
Replies
57
Views
7 Years
Discussion Span
Last Post by hag++
0

Hello
untitledking,

I visited the link you provided.But can't figure out how to make it work in my site.Firstly i couldn't understand the following highlighted lines
-----------------------------------------------------------------------------------------
{exp:search:simple_form weblog="news"}
<p><label for="keywords">Search:</label><br />
<input type="text" name="keywords" id="keywords" value="" size="18" maxlength="100" /></p>

<p><a href="{path='search/index'}">Advanced Search</a></p>

<p><input type="submit" value="submit" class="submit" /></p>

{/exp:search:simple_form}
-----------------------------------------------------------------------------------------
Again on which page will the results be displayed???
If u can please explain me in detail it would be of great help.

Edited by jazz.viper: n/a

0

Use REG EXP for search
Search.html page below

<form action="show.php" method="post">

<input type="text" value="Enter Site ID" name="a" class="textfield_effect" maxlength="30" onfocus="this.value=''">
</td>
</tr>
<tr>
            <td align="center" style="font-family:Calibri">
<input type="submit"  value=""/>
</form>

and show.php below

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

$a= $_POST["a"]; [B]//get value from search.html[/B]
mysql_select_db("onm", $con);

$result = mysql_query("SELECT * FROM info
WHERE SiteId REGEXP '$a'");

while($row = mysql_fetch_array($result))
  {
  echo "<table  align=center class=lims>";
  echo "<tr>";
  echo "<th bgcolor=#5D9BCC >SiteID</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['SiteId'] . "</td>";
  
  
  echo "<tr>";
			
			
			
  echo "<th bgcolor=#5D9BCC>Alias</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Alias'] . "</td>";
  
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Code</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Code'] . "</td>";
    echo "</tr>";
	
	
	 echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Region</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Region'] . "</td>";
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>City</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['City'] . "</td>";
    echo "</tr>";
	

	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>GF-RT Status</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['GreenFieldRoofTop'] . "</td>";
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Indoor OutdoorStatus</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['IndoorOutdoor'] . "</td>";
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>HODate</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['HODate'] . "</td>";
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Host</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Host'] . "</td>";
    echo "</tr>";
	
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Guest</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Guest'] . "</td>";
    echo "</tr>";
	
	

	 
	  $b =$row['SiteId']; 
  }
echo "</table>";


mysql_close($con);

?>
0

PHP Code

<?php 
      if(isset($_POST['submit'])){ 
      if(isset($_GET['go'])){ 
      if(preg_match("/^[  a-zA-Z]+/", $_POST['name'])){ 
      $name=$_POST['name']; 
      //connect  to the database 
      $db=mysql_connect  ("localhost", "root",  "") or die ('I cannot connect to the database  because: ' . mysql_error()); 
      //-select  the database to use 
      $mydb=mysql_select_db("maa_durga"); 
      //-query  the database table 
      $sql="SELECT branch_name,branch_address,branch_contact,branch_nostaffs,branch_furniture FROM branch_details WHERE branch_id = '" . $name ."'"; 
      //-run  the query against the mysql query function 
      $result=mysql_query($sql); 
      //-create  while loop and loop through result set 
      while($row=mysql_fetch_array($result)){ 
              //$BranchCode=$row['branch_id'];
              $BranchName  =$row['branch_name']; 
              $BranchAdd=$row['branch_address']; 
              $BranchContact=$row['branch_contact']; 
              $BranchNoStaffs  =$row['branch_nostaffs'];
              $BranchFurni  =$row['branch_furniture'];
      //-display the result of the array 
      echo "<ul>\n"; 
      echo "<li>" . "<a  href=\"search.php?id=$ID\">"   .$BranchCode . " " . $BranchName .  " ". $BranchAdd ." ". $BranchAdd ." ". $BranchContact ." ". $BranchNoStaffs ." ". $BranchFurni ."</a></li>\n"; 
      echo "</ul>"; 
      } 

          } 
      else{ 
      echo  "<p>Please enter a search query</p>"; 
      } 
      } 
      } 

and Here is my HTML form

<!DOCTYPE  HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
  <head> 
        <meta  http-equiv="Content-Type" content="text/html;  charset=iso-8859-1"> 
    <title>Search  Contacts</title> 
  </head> 
  <p><body> 
    <h3>Search  Contacts Details</h3> 
    <p>You  may search either by first or last name</p> 
<form  method="post" action="searchbranch.php?go"  id="searchform"> 
      <input  type="text" name="name"> 
      <input  type="submit" name="submit" value="Search"> 
    </form> 
  </body> 
</html> 
</p> 
1

Ok well a couple things here. One, don't do this ever:
$sql="SELECT branch_name,branch_address,branch_contact,branch_nostaffs,branch_furniture FROM branch_details WHERE branch_id = '" . $name ."'";
That's wide open to SQL injection.

As far as why your search isn't working I'll need more info.
If you run the query directly against the database does it return data? Either run the query via the command line or in mysql workbench.

If it does not return data then you need to investigate why. If it does return data then we need to look more into your script.

Votes + Comments
Awesome security catch!
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.