1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Mysql Search

Discussion in 'Web Design & Development' started by throdne, Dec 25, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. throdne

    throdne Thread Starter

    Joined:
    May 14, 2006
    Messages:
    128
    Hello, I have a MySQL DB that has my cd list in it that shows artist, album, genre, and year.

    What I have now works. Lets say I type in "David Crowder Band" and hit submit in my form. It does show the artist album genre and year. But lets say I only want to search for "David" or "Crowder" or even "Band" it doesn't show anything. How would I go about searching like that?


    index.php
    PHP:
    <?php
    define
    ('INCLUDE_CHECK',true);

    require 
    'config.php';
    require 
    'func.php';


    if(!
    $_POST['Artist'])
    {
        echo(
    "");
    }
    elseif(
    $_POST['Artist'])
    {
    $query mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Artist='" $_POST['Artist'] . "'"));

    }


    if(!
    $_POST['Album'])
    {
        echo(
    "");
    }
    elseif(
    $_POST['Album'])
    {
        
    $query mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Album='" $_POST['Album'] . "'"));
    }


    ?>
    <html>
    <head>
    <title>CD List</title>
    </head>

    <body>
    <form action="" method="post">
          Artist:<input type="text" name="Artist" /><br />
          Album:<input type="text" name="Album" /><br />
          <input type="submit" value="Submit" /><br />
    </form>
    <?php
    //echo('');

    displayInfo($query['Artist'], $query['Album'], $query['Genre'], $query['Year']);

    ?>

    </body>
    </html>
    func.php
    PHP:
    <?php


    /* mySQL connect */
    $conn mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
    mysql_select_db($db_database,$conn);

    /* Display Info */

    function displayInfo($artist$album$genre$year)
    {
        echo(
    "Arist: " $artist "<br />");
        echo(
    "Album: " $album "<br />");
        echo(
    "Genre: " $genre "<br />");
        echo(
    "Year: " $year "<br />");
        

    }

    /* END func */

    ?>
    Thanks,
    Throdne
     
  2. ehymel

    ehymel

    Joined:
    Aug 12, 2007
    Messages:
    696
    Just change your sql query from what you have:
    Code:
    "SELECT * FROM info WHERE Artist='" . $_POST['Artist'] . "'"
    to something like this:
    Code:
    "SELECT * FROM info WHERE Artist LIKE '%" . $_POST['Artist'] . "%'"
    See here for more.

    By the way, your code is ripe for a sql injection attack... hopefully this is for home use only. Certainly don't ever use anything like what you have in production code!
     
  3. throdne

    throdne Thread Starter

    Joined:
    May 14, 2006
    Messages:
    128
    It worked thanks. Yes it if for home use only. But you did bring up the topic of sql injection attack, you know of any good tutorials about defending against that?

    Thanks,
    Jerico
     
  4. ehymel

    ehymel

    Joined:
    Aug 12, 2007
    Messages:
    696
    Glad it worked for you, make sure to mark the thread as solved.

    I don't know of any particular tutorial, but a google search of "sql injection tutorial" should bring up plenty of results...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970599

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice