0

I highly appreciate that you try to help me. My problem is this script:

<?php include("inc/incfiles/header.inc.php"); ?>
<?php
$list_user_info = $_GET['q'];
if ($list_user_info != "") { 
$get_user_info = mysql_query("SELECT * FROM users WHERE username='$list_user_info'");
$get_user_list = mysql_fetch_assoc($get_user_info);
$user_list = $get_user_list['username'];
$user_profile = "profile.php?user=".$user_list;
$profilepic_info = $get_user_list['profile_pic'];
if ($profilepic_info == "") {
$profilepic_info = "./img/avatar.png";
}
else {
$profilepic_info = "./userdata/profile_pics/".$profilepic_info;
}
if ($user_list != "") {
?>
<br>
<h2>Search</h2>
<hr color="#FF8000"></hr>
<div class="SearchList">
<br><br>
<div style="float: left;">
<a href="<?php echo $user_profile; ?>"><img src="<?php echo $profilepic_info; ?>"   height="50" width="50"></a>
</div>
<?php echo "<h1>".$user_list."</h1>"; ?>
</div>
<?php
}
else {
echo "<br><h3>User was not found</h3>";
}
}
else {
echo "<br><h3>You must specify a search query</h3>";
}
?>

I am creating a search script that takes the mysql databse information and shows the result associated to the search query. My script is the above, but keep in mind the sql connection is established in an extern scipt.

The problem is that i want the script to first check if the user is found with the search query in the username row, and then get the entre information from that user and display it. If the user is not found with the username query, it should try and compare the search query with the name row, and then with the last name row. If no result is displayed it should then return an else statement with an error, e.g. "No user wsas found"

Yours sincerely, Victor Achton

Improve this question
3
  • then what is your question or error you are getting? Commented Dec 9, 2013 at 10:58
  • Please add some sql-injection protection! One can easily delete, edit or read your database in your code. use at least mysql-real-escape or much better prepared statements! Commented Dec 9, 2013 at 11:01
  • i have md5 password protection, and on other scripts i have protection, this is only a search script. My question is, again, what the code should be + extra for the if statements to compare to the database. Commented Dec 9, 2013 at 11:10

4 Answers 4

Reset to default
1

Do the query as Muhammet Arslan ... but just counting the rows would be faster ...

if(mysql_num_rows($get_user_info)){
    //not found
}

you should add a "Limit 1" at the end if you are just interested in one result (or none).

But read about prepared statements pdo.prepared-statements.php

This is how it should be done in 2013!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks. Could you please use this in an entire script? It would be very helpful :-)
0

Something like this but you don't need 3 queries for this. you can always use OR in mysql statements

$handle1    = mysql_query("SELECT * FROM users WHERE username = $username");        // Username
if (($row   = mysql_fetch_assoc($handle1) !== false) {
    // username is found
} else {
    $handle2    = mysql_query("SELECT * FROM users WHERE name = $name");        // name
    if (($row   = mysql_fetch_assoc($handle2) !== false) {
        // name is found
    } else {
        $handle3   = mysql_query("SELECT * FROM users WHERE lastname = $lastname"); // Last name
        if (($row   = mysql_fetch_assoc($handle3) !== false) {
            // last name is found
        } else {
            // nothing found
        }
    }
}
Improve this answer

2 Comments

this was exactly what i was looking for! Rated as an answer, although i have zero reputation, i can't rate it up unfortunately :-)
No problem, we're here to help each other. Cheers
0

Already you did ,but you can improve it by using "AND" or "OR" on ur sql statement.

$get_user_info = mysql_query("SELECT * FROM users WHERE username='$list_user_info' or name = '$list_user_info' or last_name = '$list_user_info'");
$get_user_list = mysql_fetch_assoc($get_user_info);

if(empty($get_user_list))
{
echo "No User was found";
}

and you should control $list_user_info or u can hacked.

Improve this answer

2 Comments

I need the entire script,please? :-) This haven't answered anything really... The script i posted above is much more sophisticated, so this doesn't help :-) But thanks for the fast reply :-)
You can continue doing this yourself if you try to understand above query
0

Here some adapted copy pasting from php.net

Connect 

try {
    $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
    foreach($dbh->query('SELECT * from FOO') as $row) {
        print_r($row);
    }
    $dbh = null;
} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}

fetch data

$stmt = $dbh->prepare("SELECT * FROM users where name LIKE '%?%'");
if ($stmt->execute(array($_GET['name']))) {
  while ($row = $stmt->fetch()) {
    print_r($row);
  }
}

the rest is your programing ...

And do some reading it's very dangerous to use copied code without understanding !

Improve this answer

1 Comment

thanks! Very helpful, although i did mention i had already connected to the sql db. But thanks though :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.