0

Alright, So i am trying to code a little PHP Search Script for My website so users can simply do a search from a artist name, song name or a city. My table in my database has 'city', 'artist' and 'city'.

Here is my form:

<div id="search">  
<form name="search" method="post" action="../searchDb.php">  
<input type="text" name="find" placeholder="What are we searching for ?"/> in   
<Select NAME="field">  
<Option VALUE="artist">Artist</option>  
<Option VALUE="song">Song</option>  
<Option VALUE="city">City</option>  
</Select>  
<input type="hidden" name="searching" value="yes" />  
<input type="submit" name="search" value="Search" />  
</form>  
</div>

As you can see, there are three OPTION values (one for each column in my table). Here is my PHP code:

<?php  
$searching = "searching";  
$find = "find";  
$field = "field";  
 //this is to make sure the user entered content  
if ($searching =="yes")   
{   
   echo "<p><h2>Results</h2></p>";   

   //if user did not enter anything in the search box, give error   
   if ($find == "")   
   {   
      echo "<p>You forgot to enter a search term</p>";   
   }   

   include 'connect.php';   

   // strip whitespace, non case sensitive  
   $find = strtoupper($find);   
   $find = strip_tags($find);   
   $find = trim ($find);   

   //perform search in specified field  
   $data = mysql_query("SELECT * FROM artists_table WHERE upper($field) LIKE'%$find%'");   

   //show results   
   while($result = mysql_fetch_array( $data ))   
   {   
      echo $result['artist'];     
      echo " ";   
      echo $result['song'];    
      echo "<br>";    
      echo $result['city'];    
      echo "<br>";    
      echo "<br>";   
   }   

   //counts results. ifnone. error    
  $anymatches=mysql_num_rows($data);    
   if ($anymatches == 0)    
   {    
      echo "Sorry, but we can not find an entry to match your query<br><br>";    
   }    

   //show user what he searched.   
   echo "<b>Searched For:</b> " .$find;     
 }     
 ?>

My connect.php (that is included) works perfectly (i have that same file working on another page, no problems..So its safe to say thats not the problem).

When i do a test and run a search, it loads up my searchDb.php but NOTHING is displayed. Simply a white page...

Any help would be greatly appreciated. I am lost as to why or what is not working... Thanks Guys !

Improve this question
5
  • Don't forget to properly sanitize that data in the query, today it's "find" tomorrow it's $_GET... Commented Dec 4, 2012 at 0:31
  • BTW, you don't have to capitalize your string search, as LIKE is case insensitive as long as you aren't dealing with a binary string. Commented Dec 4, 2012 at 0:31
  • What do you mean tomorrow its "find" tomorrow its $_GET ? Commented Dec 4, 2012 at 0:36
  • I mean don't forget to properly escape $find and $field (given that they're provided by user) to prevent SQL injection. Commented Dec 4, 2012 at 0:39
  • Definitely wont forget this. Thanks. Im only in "testing" for now..Just getting the basics done..Security will be my next step :P Commented Dec 4, 2012 at 0:43

1 Answer 1

Reset to default
1

If this is your code, then you are hardcoding $searching = "searching", but in your if you are checking if $searching =="yes", so none of the code will show.

<?php  
$searching = "searching";  
...
...  
//this is to make sure the user entered content  
if ($searching =="yes")   
{   
...
}

Edit-

My guess is that you wanted to do something like-

$searching = mysql_real_escape_string($_POST['searching']); // sanitized just to be consistant.  
$find = mysql_real_escape_string($_POST['find']);  
$field = mysql_real_escape_string($_POST['field']);

Note- you should not be writing new code with mysql_* functions. You should learn either mysqli_ or PDO - http://php.net/manual/en/mysqlinfo.api.choosing.php

Here are 2 ways to avoid getting the "Notice: Undefined variable"

Check if submit button was pushed

if (isset($_POST['search'])) {
$searching = mysql_real_escape_string($_POST['searching']); // sanitized just to be consistant.  
$find = mysql_real_escape_string($_POST['find']);  
$field = mysql_real_escape_string($_POST['field']);
}

Or check if each field is set, and set it to the value, and if not set to no/empty

if (isset($_POST['search'])) {  // checks to see if the form submit button was pushed
$searching = isset($_POST['search']) ? mysql_real_escape_string($_POST['searching']) : 'no'; // sanitized just to be consistant.  
$find = isset($_POST['find']) ? mysql_real_escape_string($_POST['find']) : '';  
$field = isset($_POST['field']) ? mysql_real_escape_string($_POST['field']) : '';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I tried removing the first 3 lines ($searching = "searching", $find=......) and when i re-run the code, Notice: Undefined variable: searching in C.......
See my edit. You have to set the variable $searching or you will get the Notice: Undefined variable: searching..., but you will want to set it to the value of the post from your form input - <input type="hidden" name="searching" value="yes" />
Thank you very Much Sean. I used the code you edited ( $searching = mysql_real_escape_string($_POST['searching']); and I am still getting the Notice: Undefined.....
Is your search form in the same page as your php script? Are you accessing your php script without submitting your form? I will edit my answer with 2 different ways to check the submission/set the variables.
My search form is on another page then my PHP script. After reading your last comment Sean, i figured out where-what my issue was. I simply added if(isset($_POST['submit'])) and BINGO :) Thank you VERY much for making my brain realize this haha.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.