0

So I have website listing characters from a multi person RP I take part in
the site uses bootstrap as well as a mysql database. I have a working search script to search teh database for a query and echo the results. I'm trying to figure out how to make it that you can change what the search is looking for with the same search box.

in navbar

            <div class="collapse navbar-collapse navbar-right" id="bs-example-navbar-collapse-1">
            <form class="navbar-form" action="searchresults.php" method="get">
            <div class="input-group" width="40">
                <input type="text" class="form-control" placeholder="Search The Listing" name="q">
                <div class="input-group-btn">
                <button class="btn btn-default" type="submit"><i class="fa fa-search" aria-hidden="true"></i></button>
                </div>
            </div>
            </form>
        </div>

In searchresults.php page

 <?php  include('template/header.php'); ?><!-- Start Center Content (Container) --><div class="container"><?php

if(mysqli_connect_errno()){
    echo "error!" . mysqli_connect_error();
}

$output = '';

if(isset($_GET['q']) && $_GET['q'] !== ' '){
    $searchq = $_GET['q'];
    $optionq = $_GET['srchoption'];

    $q = mysqli_query($dbcon, "SELECT * FROM chars WHERE Name LIKE '%$searchq%' ORDER BY Name");
    $c = mysqli_num_rows($q);
    if ($c == 0){
        $output = 'No search Results';
    } else {
        $outputopen = '<div align="center"><table border="0" width="100%" cellspacing="0" cellpadding="0" class="table shadow2">
            <tr><td bgcolor="#7b7f87"><div align="center"><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr>
            <td class="tdtitle"><font size="7"><b>&nbsp;&nbsp;All listings for Characters whose name include the search of: "'.$searchq.'" </b></font></td>
            <td class="th0" style="text-align: right">
            </td></table></div><div align="center"><table width="100%" border="0" cellspacing="0" cellpadding="0">
            <tr><td>
            <table border="0" cellspacing="0" cellpadding="3" class="table table-striped table-condensed shadow2"><tr class="danger">
            <th class="th0 visible-xs visible-sm visible-md visible-lg">Name</th>
            <th class="th0 visible-xs visible-sm visible-md visible-lg">Type</th>
            <th class="th0 hidden-xs hidden-sm visible-md visible-lg">Stage</th>
            <th class="th0 visible-xs visible-sm visible-md visible-lg">Player</th>';
        while($rows = mysqli_fetch_array($q)){
            $IDNumber = $rows['IDNumber'];
            $Name = $rows['Name'];
            $Breed = $rows['Breed'];
            $Stage = $rows['Stage'];
            $Player = $rows['Player'];

            $output .= '<tr>
                <td align="center" class="td0 visible-xs visible-sm visible-md visible-lg">'.$Name.'</a></td>
                <td class="td0 visible-xs visible-sm visible-md visible-lg">'.$Breed.'</td>
                <td class="td0 hidden-xs hidden-sm visible-md visible-lg">'.$Stage.'</td>
                <td class="td0 visible-xs visible-sm visible-md visible-lg">'.$Player.'</td>
                </tr>';
        }           

            $outputclose = '</div></table></td></tr></table></td></tr></table></div><p></div></div>';

    }
} else {
    header("location: ./");
}
print("$outputopen");
print("$output");
print("$outputclose");

?>

So what i want is to make it so that search box doesnt ONLY search for the character name but also has a dropbox which would allow the user to choose to search for different stages or players or keywords (or any other info i choose to later include)

help please

2
Contributors
1
Reply
17
Views
3 Weeks
Discussion Span
Last Post by benanamen
1

This is a very poorly written and insecure script that is vulnerable to SQL Injection. Before you start adding new features you need to fix the script. There are numerous problems with it.

You need to use Prepared Statements. I suggest you use PDO.

Do not output internal errors to the user. That info is only useful to hackers

Never ever put variables in your query

Learn about "Seperation of Concerns" and then implement it

Do not create variables for nothing.

If you have this script on the net you should take it down until you fix it. If you have not been hacked yet, you will be.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.