0

I'm trying to make a user search with the following code:

<?php
session_start();
include("../BD/bd.php");

$searched_for = $_POST['searched_for'];
$query = @mysql_query("SELECT * FROM user_media WHERE nombre LIKE '%$searched_for%'") or die(mysql_error());

while($got_users = @mysql_fetch_array($query)){
    echo '<div class="searched-content-info">'.
         '<div class="searched-photo"><img src="'.$got_users['foto'].'"></div>
         <div class="searched-names"><h3>'.$got_users['nombre'].'</h3></div>
         <div class="searched-dates"><h3>'.'Miembro desde: '.$got_users['created_on'].'</h3></div>  
         </div> 
         <div class="divisor-search-user"></div>';
}

?>

But I'm getting all the rows, I just want to display the searched users info, seems like the $query is receiving a clean $searched_for

Any help here? Btw, I'm a little newbie here, please don't bully :)

EDIT: I tried changing $got_users['nombre']; with $searched_for to see if $searched_for is empty and yes it doesn't return any string that's why I am getting all the rows. $query is getting an empty variable but Why?

Here's my HTML:

<form target="u-n" id="search_input" action="search_user.php" method="post">
    <input id="search-input" name="searched_for" type="search" placeholder="Search">
</form>
Improve this question
10
  • 4
    Don't even know where to start here... Commented Feb 27, 2014 at 3:56
  • try to change $searched_for = $_POST['searched_for']; to $searched_for = $_REQUEST['searched_for']; and then google about SQL injections Commented Feb 27, 2014 at 4:00
  • Check the name of the field searched_for in your form. Check cases. Commented Feb 27, 2014 at 4:01
  • 1
    sidenote: stop using deprecated mysql_* functions. use MySQLi or PDO instead. Here is a good tutorial for PDO. Start debug by removing all error suppressing @. Commented Feb 27, 2014 at 4:13
  • 1
    sidenote: your code is subjected to SQL Injection attack, as you directly allow POST values to be inserted in your query. Commented Feb 27, 2014 at 4:15

1 Answer 1

Reset to default
1

You used <input type="search" /> which is a HTML5 feature. Older browsers may not support this. Replace this input with type="text".

Then, your $_POST['searched_for'] should populate properly, that is:

<input name="searched_for" type="text" placeholder="Search" />

Also, you used the same id multiple times, which is an invalid HTML syntax.

Reference: HTML input tag at MDN

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.