I currently run your typical city guide web page
and for this entire post i am going to use my artsandculture page

with in this page i have sub pages of museums,wine,galleries

when a user clicks on museums there is a list of all the museums in html format and the page is a mile long

what i would like to do is delete all the html
and give the user a form with 2 fields and a submit button
the first option t he user would have to choose is location--i.e. downtown,eastside,westside--location of the museums they are looking for


the 2nd field would be called catagory- here they would choose wht type of museum i.e. science,childrens,historical,

both fields have to be in a pull down menu

once the hit submit it gets info from t he database and shows the following results
name of museum
addy
web addy
phone
description

i need a search thin on 8 different pages so would i use one database and 8 tables?
or put everything on the same table and make sure non of the variables are the same?

thanks much
good day

In my opinion you should use the same table and have the 2 parameters for the search in 2 different columns. So you should have the table columns named as e.g. ID, LOCATON, TYPE, Name.., addy... etc.

Your search in the DB should be something like this SELECT * from yourtable.yourdb WHERE LOCATION="location_from_dropdown_list" and TYPE="Type_of_museum_from_your _dropdown_list";

This should do. Still - think about this questions as well:
1. What if a user submits the form empty? - will it show all possible museums in all possible locations or, you will use a validation to check if the fileds are empty.
2. What kind of validation you will use - Javascript before submit or PHP will validate after submit?
3. What will happen if only 1 field is being selected - e.g. location only. Will your script show all museum in that location, or it will be captured by the validation and you will request the user to select a second parameter?

Good luck!

I was thinking about this as well but i came up with the solution to 1 of the 2 things you mentioned the user will have to select something if he does not select anything the location field would have all locations pre selected and the catagory field would have all catagory fields selected
the thing i did not figure out yet is this

how to show all locations or all catagories

because if they all go on the same table
and someone selects downtown for location and and all catagories for the catagory field everything will show up that is downtown weather it be musuems or fishing

wouldnt?

I'm afraid I did not understand your question.

If you want to show all museums only in all locations then you select from category musemum, location-all, and that's it.

On the other hand, if you want to show all categories for a single location e.g. "downtown" you just select Downtown and locations all and you get all categories for downtown.

And if you want to show all categories for all locations you just select all in both your location and category lists.

Now, maybe your question is related to the php code that will make the sql request. Well, if it is, you will have to capture the values submitted from the form and create several if -else statements or switch-case staments, depending on what you like better.

Please clarify and we'll figure it out.

i am seeing quite alot of advice in these forums that are not very safe.

I know a city guide site is not the kind of place to be hacked but you really need to think about site and database security when using queries.

Most of the advice i have seen on here use straight values obtained from either posts or variables without the necessary escaping or sanitisation. Not very good practice at all...

i am seeing quite alot of advice in these forums that are not very safe.

I know a city guide site is not the kind of place to be hacked but you really need to think about site and database security when using queries.

Most of the advice i have seen on here use straight values obtained from either posts or variables without the necessary escaping or sanitisation. Not very good practice at all...

Devdan,
True a lot of the code here is not safe, however, most people just need a clue how to get things done, and they find it here. If a developer does not make its code safe, it is his problem, not a problem of this community. Everyone should take care of security issues on his website, and not to use the code "as is" from the forum.

Still if a dev does use the code as is, without security in mind, maybe he does not understand the code, so it is just his problem.