0

I need some help getting a search function to work. I have previously coded something to work similar to this, where if I click on a hyperlink, I'm able to carry a variable forward and then assign this into an SQL script so it pulls only this one thing back from the DB. (Predefined variable, and not user input). I've tried modifying the script I've been using to allow for a form based text box to have user input which is then searched through a single database field, with a LIKE statement.

This is what I have, and it's not returning anything.

Input Form 

<form class="formFormat"  method="post" action="SearchResult.php">
        <label class="lableInput2">Key Words</label>
        <input type="text" class="textInput" name="JobDetails" />
        <input type="image" src="img/blue/buttonsearch.jpg" value="search" class="buttonInput" alt="Submit Form" border="0" />
</form>

Returning Page

    <?php
include('conn_mysql.inc');
include('corefuncs.php');
 // create database connection
$conn = dbConnect('query');
// initialize flag
$deleted = false;
// get details of selected record
if ($_GET && !$_POST) {
  // check that primary key is numeric
  if (isset($_GET['JobDetails']) && is_numeric($_GET['JobDetails'])) {
    $JobDetails = $_POST['JobDetails'];
    }
  else {
    $JobDetails = NULL;
    }
  if ($JobDetails) {
    $sql = "SELECT * FROM jobs WHERE JobDetails LIKE '%JobDetails%'";
    $result = mysql_query($sql) or die (mysql_error());
    $row = mysql_fetch_assoc($result);
    }
  }
?>
        <p><h1><?php echo ($row['JobTitle'].'<span class="jobid"> #'.$row['IDJobs'].'</span>');?></h1></p>
                <p><strong><?php echo ($row['Location']); ?></strong></p>
                <p><strong>£<?php echo ($row['JobValue']); ?>.00</strong></p>
                <p><strong><a href="" class="colour">www.companyurl.com - BAD IDEA?</a></strong></p>
                <p><strong>Open for Bidding</strong></p>
                    <br />
                <p><span class="jobid">Job Posted: <?php echo ($row['JobPostDate']); ?></span></p>
                <p><?php print ($row['JobDetails']); ?></p>
                <p><span class="jobid">Job Deadline: <?php echo ($row['JobDeadline']); ?></span></p>

I know that I need to loop the output, so it displays more than one, but at the moment it simply returns the following error for every field (obv the line changes depending on what's trying to extract.

"( ! ) Notice: Undefined variable: row in C:\wamp\www\ReEmployWork\SearchResult.php on line 54"

Can anyone assist? I'm a bit lost with this, and I believe I'm either going in the wrong direction or just missing something.

Improve this question
1
  • 1. Don't use mysql_* functions, they are deprecated. 2. Escape CGI input before using it in SQL query - your code is vulnerable to SQL injection. Commented Jul 4, 2013 at 21:49

3 Answers 3

Reset to default
2

You missed $ before the variable name. Instead of:

$sql = "SELECT * FROM jobs WHERE JobDetails LIKE '%JobDetails%'";

write:

$sql = "SELECT * FROM jobs WHERE JobDetails LIKE '%$JobDetails%'";
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I don't think that's it, as it's still not working. Good eyes though for noticing that.
@Sycrid You are checking $_GET in if, while using $_POST['JobDetails'] - are you using a GET request or a POST request?
@Sycrid Also you are checking, that $_GET['JobDetails'] is numeric. Are you sure, this condition is correct, and it's not an arbitrary string? Maybe, removing it will help.
Thanks User4035, they're good finds. I was playing a little bit around with code, working from things I found on the net. I was originally using a GET request, and I've removed the numeric part (didn't focus on that, as it was not my main concern. It's now gone. Still stumped as to why it's not working)
2

You left your $ before JobDetails in you query.

Also remeber to use http://php.net/manual/en/function.mysql-real-escape-string.php

A suggestion:

$escaped_value = mysql_real_escape_string($JobDetails)
$sql = "SELECT * FROM jobs WHERE JobDetails LIKE '%$escaped_value%'";
Improve this answer

2 Comments

And you should consider using mysqli instead of mysql Choosing an API
Good idea to escape the special keys, I suppose that helps avoid SQL injection etc... but the $ sign still is not solving my issue.
0

For future readers. I scrapped the code I tried to modify and I took it from the beginning. There's enough information above for anyone to do this. Have a go, and you may end up with a result similar to what I coded. 

$JobDetails =  $_POST['JobDetails'];
$JobDetails = mysql_real_escape_string($JobDetails);
$sql = "SELECT * FROM `jobs` WHERE `JobDetails` LIKE '%{$JobDetails}%'";
$result = mysql_query($sql) or die (mysql_error());
?>

The above is what I coded and it runs like a dream. You make a lot more mistakes modifying code than you do, if you just code from scratch, so if you're learning dabble and play with code already wrote, but if you need something yourself which is unique then you're best starting from scratch.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.