Solved: Mysql Search

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

throdne

Thread Starter
Joined
May 14, 2006
Messages
128
Hello, I have a MySQL DB that has my cd list in it that shows artist, album, genre, and year.

What I have now works. Lets say I type in "David Crowder Band" and hit submit in my form. It does show the artist album genre and year. But lets say I only want to search for "David" or "Crowder" or even "Band" it doesn't show anything. How would I go about searching like that?


index.php
PHP:
<?php
define('INCLUDE_CHECK',true);

require 'config.php';
require 'func.php';


if(!$_POST['Artist'])
{
	echo("");
}
elseif($_POST['Artist'])
{
$query = mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Artist='" . $_POST['Artist'] . "'"));

}


if(!$_POST['Album'])
{
	echo("");
}
elseif($_POST['Album'])
{
	$query = mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Album='" . $_POST['Album'] . "'"));
}


?>
<html>
<head>
<title>CD List</title>
</head>

<body>
<form action="" method="post">
      Artist:<input type="text" name="Artist" /><br />
      Album:<input type="text" name="Album" /><br />
      <input type="submit" value="Submit" /><br />
</form>
<?php
//echo('');

displayInfo($query['Artist'], $query['Album'], $query['Genre'], $query['Year']);

?>

</body>
</html>
func.php
PHP:
<?php


/* mySQL connect */
$conn = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
mysql_select_db($db_database,$conn);

/* Display Info */

function displayInfo($artist, $album, $genre, $year)
{
	echo("Arist: " . $artist . "<br />");
	echo("Album: " . $album . "<br />");
	echo("Genre: " . $genre . "<br />");
	echo("Year: " . $year . "<br />");
	

}

/* END func */

?>
Thanks,
Throdne
 
Joined
Aug 12, 2007
Messages
696
Just change your sql query from what you have:
Code:
"SELECT * FROM info WHERE Artist='" . $_POST['Artist'] . "'"
to something like this:
Code:
"SELECT * FROM info WHERE Artist LIKE '%" . $_POST['Artist'] . "%'"
See here for more.

By the way, your code is ripe for a sql injection attack... hopefully this is for home use only. Certainly don't ever use anything like what you have in production code!
 

throdne

Thread Starter
Joined
May 14, 2006
Messages
128
It worked thanks. Yes it if for home use only. But you did bring up the topic of sql injection attack, you know of any good tutorials about defending against that?

Thanks,
Jerico
 
Joined
Aug 12, 2007
Messages
696
Glad it worked for you, make sure to mark the thread as solved.

I don't know of any particular tutorial, but a google search of "sql injection tutorial" should bring up plenty of results...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top