need help setting up a php/mysql search

In my opinion you should use the same table and have the 2 parameters for the search in 2 different columns. So you should have the table columns named as e.g. ID, LOCATON, TYPE, Name.., addy... etc.

Your search in the DB should be something like this SELECT * from yourtable.yourdb WHERE LOCATION="location_from_dropdown_list" and TYPE="Type_of_museum_from_your _dropdown_list";

This should do. Still - think about this questions as well:
1. What if a user submits the form empty? - will it show all possible museums in all possible locations or, you will use a validation to check if the fileds are empty.
2. What kind of validation you will use - Javascript before submit or PHP will validate after submit?
3. What will happen if only 1 field is being selected - e.g. location only. Will your script show all museum in that location, or it will be captured by the validation and you will request the user to select a second parameter?

Good luck!

I was thinking about this as well but i came up with the solution to 1 of the 2 things you mentioned the user will have to select something if he does not select anything the location field would have all locations pre selected and the catagory field would have all catagory fields selected
the thing i did not figure out yet is this

how to show all locations or all catagories

because if they all go on the same table
and someone selects downtown for location and and all catagories for the catagory field everything will show up that is downtown weather it be musuems or fishing

wouldnt?

I'm afraid I did not understand your question.

If you want to show all museums only in all locations then you select from category musemum, location-all, and that's it.

On the other hand, if you want to show all categories for a single location e.g. "downtown" you just select Downtown and locations all and you get all categories for downtown.

And if you want to show all categories for all locations you just select all in both your location and category lists.

Now, maybe your question is related to the php code that will make the sql request. Well, if it is, you will have to capture the values submitted from the form and create several if -else statements or switch-case staments, depending on what you like better.

Please clarify and we'll figure it out.

i am seeing quite alot of advice in these forums that are not very safe.

I know a city guide site is not the kind of place to be hacked but you really need to think about site and database security when using queries.

Most of the advice i have seen on here use straight values obtained from either posts or variables without the necessary escaping or sanitisation. Not very good practice at all...

i am seeing quite alot of advice in these forums that are not very safe.

I know a city guide site is not the kind of place to be hacked but you really need to think about site and database security when using queries.

Most of the advice i have seen on here use straight values obtained from either posts or variables without the necessary escaping or sanitisation. Not very good practice at all...

Devdan,
True a lot of the code here is not safe, however, most people just need a clue how to get things done, and they find it here. If a developer does not make its code safe, it is his problem, not a problem of this community. Everyone should take care of security issues on his website, and not to use the code "as is" from the forum.

Still if a dev does use the code as is, without security in mind, maybe he does not understand the code, so it is just his problem.