0

currently working on a search form and it's going great, however it's not picking up any of the results successfully.

Here's a screenshot of the database

http://screensnapr.com/e/IdNs9j.png

As you can see there are several results with the word "dragon"

Now if you go to search.php?name=dragon it brings up these results:

Results

Sorry, your search: dragon returned zero results

You searched for: dragon

Results
End of results

Here's the search query:

$searchTerm = trim($_GET['search']);
$query = "select * from item where name like '$searchTerm' order by name";
$numresults=mysql_query($query);
$numrows=mysql_num_rows($numresults);
if ($numrows == 0) {
echo "<h4>Results</h4>";
echo "<p>Sorry, your search: " . $searchTerm . " returned zero results</p>";
}

Why is it not displaying any of the results? Any help would be appreciated.

Improve this question

1 Answer 1

Reset to default
1

YOu didn't specify the wildcard operators for the like operation. Without wildcards, somefield LIKE 'something' is exactly the same as somefield='something'.

Your query should be

SELECT ... LIKE '%$searchTerm%';
                 ^--         ^-- wildcards

and note that you're WIDE open to SQL injection attacks. At bare minimum you should have

$searchTerm = mysql_real_escape_string($_GET['search']);

or better yet, switch to using PDO prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks, i did originally have the wildcards in place but i was told to remove them since they would just end up causing an error also, i've added the mysqlrealescapestring as you recomended, thanks i almost forgot about sql attacks :P as for this topic, the wildcards fixed it, thanks
They shouldn't cause an error, unless you mis-used them, e.g. something like ... LIKE %keyword% without quotes, or outside quotes like ... LIKE %'keyword'%.
well the original version was /"%$searchTerm%/" but was having issues with old parts of the code that i've now removed, i thought the "like" part of the query was the cause of the wildcard :P

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.