0

hello
i want to add search functionality to my website .

my task is to get input from user then check it if its domain like google.com then (do work 1).... else if keyword like news etc then search database

so i made search.php

mysql_query("SELECT * FROM `table` WHERE `title` LIKE '%$keyword%' OR `descrption` LIKE '%$keyword%' LIMIT 0 , 30");

now when i use php header function am unable to send get argument to search.php

header("location: $siteurl/search.php?q=$url3");

so please help me with it or give me another alternate solution actually when i take input from user then i check it another php script that its domain or keyword after that i have to send it to search.php

also for security analysis : please tell me that is it ok that directly send userinput to database or first do some filteration to avoid sql injection

4
Contributors
3
Replies
5
Views
5 Years
Discussion Span
Last Post by gabrielcastillo
0

never trust your users. End of story. At the very minimum,

$keyword = mysql_real_escape_string($keyword);

should be used.

With the limited code you have given, it's difficult to say.

Without knowing how $siteurl is populated, or how $url3 is populated, it's difficult to see where you are failing.

0

header location ...
does not work if something has been put on the screen using echo or print

0

you dont need to user header. if you are setting up a search form you need to use form and also need to user post/get.

Example:

<form action="search.php" method="GET">
<div>
<p><input type="text" name="q" /></p>
<p><input type="submit" value="Search" /></p>
</div>
</form>

When you get you user input for the search form, check the get method

Example:

if(isset($_GET['q'])){
    $keyword = $_GET['q'];
    mysql_query("SELECT * FROM `table` WHERE `title` LIKE '%$keyword%' OR `descrption` LIKE '%$keyword%' LIMIT 0 , 30");

    //Do something to return you results.

}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.