Hello ,
I am a new user of this site and also new to web development.Recently while developing my site on tourism by php/mysql i thought of placing a search bar at the top of my website where users can search topics and results would be provided according to the keywords entered by them.
Is there any way to search all the tables of my database and provide the results to users.
Any idea regarding this would be of great help.

I have created a search bar as under
<div id="search" >
<form method="get" action="">
<input type="text" name="search" id="search-text" value="" />
<input type="submit" id="search-submit" value="GO" />

salman.k.srabon commented: daffodil vrsity +0

Hey there,

That code will not work at all! That will just create a little text box with a submit button and will not do anything when trying to search.

I would suggest you go to this site right here:


This site tells you how to make a simple search engine for your site.

Have fun.


I visited the link you provided.But can't figure out how to make it work in my site.Firstly i couldn't understand the following highlighted lines
{exp:search:simple_form weblog="news"}
<p><label for="keywords">Search:</label><br />
<input type="text" name="keywords" id="keywords" value="" size="18" maxlength="100" /></p>

<p><a href="{path='search/index'}">Advanced Search</a></p>

<p><input type="submit" value="submit" class="submit" /></p>

Again on which page will the results be displayed???
If u can please explain me in detail it would be of great help.

Use REG EXP for search
Search.html page below

<form action="show.php" method="post">

<input type="text" value="Enter Site ID" name="a" class="textfield_effect" maxlength="30" onfocus="this.value=''">
            <td align="center" style="font-family:Calibri">
<input type="submit"  value=""/>

and show.php below

$con = mysql_connect("localhost","root","");
if (!$con)
  die('Could not connect: ' . mysql_error());

$a= $_POST["a"]; [B]//get value from search.html[/B]
mysql_select_db("onm", $con);

$result = mysql_query("SELECT * FROM info
WHERE SiteId REGEXP '$a'");

while($row = mysql_fetch_array($result))
  echo "<table  align=center class=lims>";
  echo "<tr>";
  echo "<th bgcolor=#5D9BCC >SiteID</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['SiteId'] . "</td>";
  echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Alias</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Alias'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Code</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Code'] . "</td>";
    echo "</tr>";
	 echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Region</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Region'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>City</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['City'] . "</td>";
    echo "</tr>";

	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>GF-RT Status</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['GreenFieldRoofTop'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Indoor OutdoorStatus</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['IndoorOutdoor'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>HODate</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['HODate'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Host</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Host'] . "</td>";
    echo "</tr>";
	echo "<tr>";
  echo "<th bgcolor=#5D9BCC>Guest</th>";
  echo "<td bgcolor=#FEE9A9>" . $row['Guest'] . "</td>";
    echo "</tr>";

	  $b =$row['SiteId']; 
echo "</table>";



Can you please explain me line 11 & 12 of search.php

PHP Code
      if(preg_match("/^[  a-zA-Z]+/", $_POST['name'])){ 
      //connect  to the database 
      $db=mysql_connect  ("localhost", "root",  "") or die ('I cannot connect to the database  because: ' . mysql_error()); 
      //-select  the database to use 
      //-query  the database table 
      $sql="SELECT branch_name,branch_address,branch_contact,branch_nostaffs,branch_furniture FROM branch_details WHERE branch_id = '" . $name ."'"; 
      //-run  the query against the mysql query function 
      //-create  while loop and loop through result set 
              $BranchName  =$row['branch_name']; 
              $BranchNoStaffs  =$row['branch_nostaffs'];
              $BranchFurni  =$row['branch_furniture'];
      //-display the result of the array 
      echo "<ul>\n"; 
      echo "<li>" . "<a  href=\"search.php?id=$ID\">"   .$BranchCode . " " . $BranchName .  " ". $BranchAdd ." ". $BranchAdd ." ". $BranchContact ." ". $BranchNoStaffs ." ". $BranchFurni ."</a></li>\n"; 
      echo "</ul>"; 

      echo  "<p>Please enter a search query</p>"; 

and Here is my HTML form

<!DOCTYPE  HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd"> 
        <meta  http-equiv="Content-Type" content="text/html;  charset=iso-8859-1"> 
    <title>Search  Contacts</title> 
    <h3>Search  Contacts Details</h3> 
    <p>You  may search either by first or last name</p> 
<form  method="post" action="searchbranch.php?go"  id="searchform"> 
      <input  type="text" name="name"> 
      <input  type="submit" name="submit" value="Search"> 

Ok well a couple things here. One, don't do this ever:
$sql="SELECT branch_name,branch_address,branch_contact,branch_nostaffs,branch_furniture FROM branch_details WHERE branch_id = '" . $name ."'";
That's wide open to SQL injection.

As far as why your search isn't working I'll need more info.
If you run the query directly against the database does it return data? Either run the query via the command line or in mysql workbench.

If it does not return data then you need to investigate why. If it does return data then we need to look more into your script.

commented: Awesome security catch! +0