PHP Search. Getting the hang of this, but could do with some pointer?

Butters

Butters

Butters

Permabanned
Joined
22 Apr 2007
Posts
1,805
Gents,

I want to be able to provide my users with a simple search box which allows them to type in and it goes off and searches the main fields of the table and displays the results.

Here is what I have so far.

Code: 
<html> 
<body>

 
<form name="form" action="" method="get">
  <input type="text" name="q" />
  <input type="submit" name="Submit" value="Search" />
</form>
 
<?php

  // Get the search variable from URL
  $var = @$_GET['q'] ;
  $trimmed = trim($var); //trim whitespace from the stored variable

// rows to return
$limit=10; 

// check for an empty string and display a message.
if ($trimmed == "")
  {
  echo "<p>Please enter a search...</p>";
  exit;
  }

// check for a search parameter
if (!isset($var))
  {
  echo "<p>We dont seem to have a search parameter!</p>";
  exit;
  }

//connect to database 
mysql_connect("localhost","root","root"); //(host, username, password)

//specify database 
mysql_select_db("elite") or die("Unable to select database"); 

// SQL Query  
$query = "SELECT * FROM contacts WHERE surname LIKE \"%$trimmed%\"  
  ORDER BY id ASC"; 

 $numresults=mysql_query($query);
 $numrows=mysql_num_rows($numresults);


// determine if s has been passed to script, if not use 0
  if (empty($s)) {
  $s=0;
  }

// get results
  $query .= " limit $s,$limit";
  $result = mysql_query($query) or die("Couldn't execute query");

// display what the person searched for
echo "<p>You searched for: &quot;" . $var . "&quot;</p>";

// begin to show results set
echo "Results";
$count = 1 + $s ;

// display the results returned
  while ($row= mysql_fetch_array($result)) {
  $title = $row["surname"];

  echo "$count.)&nbsp;$title" ;
  $count++ ;
  }

$currPage = (($s/$limit) + 1);

//break before paging
  echo "<br />";

  // links to other results
  if ($s>=1) { // bypass PREV link if s is 0
  $prevs=($s-$limit);
  print "&nbsp;<a href=\"$PHP_SELF?s=$prevs&q=$var\">&lt;&lt; 
  Prev 10</a>&nbsp&nbsp;";
  }

// calculate number of pages needing links
  $pages=intval($numrows/$limit);

// $pages now contains int of pages needed unless there is a remainder from division

  if ($numrows%$limit) {
  // has remainder so add one page
  $pages++;
  }

// check to see if last page
  if (!((($s+$limit)/$limit)==$pages) && $pages!=1) {

  // last page so give NEXT link
  $news=$s+$limit;

  echo "&nbsp;<a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 &gt;&gt;</a>";
  }

$a = $s + ($limit) ;
  if ($a > $numrows) { $a = $numrows ; }
  $b = $s + 1 ;
  echo "<p>Showing results $b to $a of $numrows</p>";
  
?>
 
</body>
</html>

As you can see, here I am searching by username. I just wanted to check it worked, and it does.

so firstly, I want to be able to search all fields, not just surname. Can I add to it like this?

Code: 
// SQL Query  
$query = "SELECT * FROM contacts WHERE surname, first_name, address, email LIKE \"%$trimmed%\"  
  ORDER BY id ASC";
??

Or do I have to make a query for each one?

Secondly, when the results are displayed, I'd like to make the results a clickable link to show the full result (all fields). Is that possible?

I have set it up so that results are limited to 10 and then spread across pages with next/back links although i'm not sure I'll ever need that.
 
Code: 
SELECT tbl FROM db WHERE field1 LIKE "%term%" OR field2 LIKE "%term%"

As for linking to full pages, just output the results with a link to something like viewsearch.php?$id (or other unique field). Then, on that page, pull a select query based on record ID.
 
Good job I'm not a bank then, as if my code was so slack that people could spoof my sites for phishing then I'll stick with the code I have ta ;)

Oh, and if you are 'the big cheese' you won't mind giving me some pointers as opposed to rubbishing it.

I was head of European IT for one of the largest multinational companies in the world. Didn't mean I could code.
 
Last edited:
I wasn't rubbishing you code, I was merely pointing out you should always sanitise you inputs as I believe it is integral to an software dev. I am not a big cheese either, I was just saying I am not a newb. However my job does involve considerable amounts of coding to fix security issues and also reviewing other people's code to ensure it meets a very high standard.
 
From my experience with large companies, "Head of European IT for one of the largest multinational companies in the world" indicates someone with no technical knowledge at all.
 
Inquisitor said:
I think that was his point :p
Click to expand...
It was aimed at both Butters and Daveyboyuk. Heads of departments are not heads because they are technically more adept than the rest, they are heads of departments because they (allegedly :p) have people and management skills, so can get those with the skills to do the work efficiently. :)

I also laugh when people try to play up their titles. Often if someone says "I am head of xxx" they are just a grunt, or supervisor/team leader. The best has to be a while back, some scrote on a different forum claimed to be "A Financial IT Consultant" but was busted being a lacky at Tesco's.. he went on to claim "Well, Till's are computers these days.. and I do handle money" ... :rolleyes:
 
Last edited:
Dj_Jestar said:
It was aimed at both Butters and Daveyboyuk. Heads of departments are not heads because they are technically more adept than the rest, they are heads of departments because they (allegedly :p) have people and management skills, so can get those with the skills to do the work efficiently. :)

I also laugh when people try to play up their titles. Often if someone says "I am head of xxx" they are just a grunt, or supervisor/team leader. The best has to be a while back, some scrote on a different forum claimed to be "A Financial IT Consultant" but was busted being a lacky at Tesco's.. he went on to claim "Well, Till's are computers these days.. and I do handle money" ... :rolleyes:
Click to expand...

I neither a head of department or a manager, I head up internet security because of my technical abilities and that is what I was assigned to do. I am in a technical role, other than assigning work units to other developers and reporting to management, I do nothing involving management.

I wasn't playing up my title either, I was pointing out I was not a noobie. Only place you will bust me is in the city of london at an IB.
 
Sorry dude, I'd stopped commenting on you/Butters after the first paragraph, well after the reply before that if we want to get into technicalities.

However; I've worked at "Financial Institutions" myself, and am afraid to say they have had some of the daftest implementations of technology I've seen, "safe" they may be, but daft none the less. Specifically I encountered a huge flaw in the (Internal, fortunately) trade placment website for ABN AMRO. It would have allowed the user (me) to delete trade records. Barclays and HSBC have also had similar problems from what my friends tell me. It boild down to the big financial firms attracting the least likely to care types.. working environments are not pleasant, but the salaries are higher (probably because of the working environments.) Lots and lots of contractors who don't actually give a toss because they are moving on in 3 months time and techies who are barely keeping their head above water/putting any effort it because they want the extra money.

Slander ahoy!
 
Dj_Jestar said:
Sorry dude, I'd stopped commenting on you/Butters after the first paragraph, well after the reply before that if we want to get into technicalities.

However; I've worked at "Financial Institutions" myself, and am afraid to say they have had some of the daftest implementations of technology I've seen, "safe" they may be, but daft none the less. Specifically I encountered a huge flaw in the (Internal, fortunately) trade placment website for ABN AMRO. It would have allowed the user (me) to delete trade records. Barclays and HSBC have also had similar problems from what my friends tell me. It boild down to the big financial firms attracting the least likely to care types.. working environments are not pleasant, but the salaries are higher (probably because of the working environments.) Lots and lots of contractors who don't actually give a toss because they are moving on in 3 months time and techies who are barely keeping their head above water/putting any effort it because they want the extra money.

Slander ahoy!
Click to expand...

Well my friend, I cannot argue with you there! I have seen some horrendenous code in my job, some truely shocking implementation, both secure and unsecure (and if I am honest, it is usually there later!) I do genuinely care about my job, however as much as I tell my superiors this need fixes as it presents a very high risk, they just pull rank on me and go in favour of some fancy new GUI or fast performance. Unfortunately as I am technical, I do not have enough power to swing things for the best. Financial instutionals software system would be a lot better off if they stopped hiring contractors and hired perms who actually take pride in their work. I guess I am saying not all of us are 'rogue' programmers and some of us actually do care about what code we produce.
 
You must log in or register to reply here.
Back
Top Bottom