1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

PHP/MySQL Search Question - Big One!

Discussion in 'Programming & Webmastering' started by Akumos, Apr 30, 2012.

  1. Akumos

    Akumos

    Joined:
    Nov 30, 2008
    Messages:
    548 (0.25/day)
    Thanks Received:
    28
    Location:
    Birmingham, England...
    Hi All

    This is quite a big question so I understand if no one wants to answer lol

    account for site
    Username: test
    Password: pass

    I have this 'Scout for Target' form here - I want to be able to make a search based on the input from the user. But if they leave a field blank, it ignores it in the search...

    will this mean, lots of if statements or is there an easy way to do this?

    thanks for reading :)
     
  2. Ross211

    Ross211

    Joined:
    Jan 9, 2010
    Messages:
    473 (0.27/day)
    Thanks Received:
    115
    Location:
    Kansas
    You won't need lots of if statements...
    PHP:
    <?php
    if (isset($_POST['playerid'])) {
        
    // sanitize every post variable and put it in an array called clean
        
    foreach(array_keys($_POST) as $key) { 
          
    $clean[$key] = mysqli_real_escape_string($dbc$_POST[$key]);
        } 
        
    $sql "SELECT * 
        FROM `TableHere` 
        WHERE playerid = '
    {$clean['playerid']}';";
        
    $result mysqli_query($dbc$sql);
    }
    ?>
    If you are searching through multiple tables I can help you with joins. If you aren't using prepared statements its a good idea to use that foreach loop above to sanitize every one of your POST or GET variables on form submit.

    From the looks of your search page you are submitting the form using the POST method and then calling a header to send the user to searchplayer.php - I noticed no parameters are being put in the searchplayer.php script though.

    Are you intending to do something like this below ?

    This code below would be in the header of search.php -
    PHP:
    <?php
    if (isset($_POST['playerid'])) {
        
    header('location: /searchplayer.php?playerid='.urlencode($_POST['playerid']));
    }
    ?>
    And then this code would be in the header of searchplayer.php -
    PHP:
    <?php
    if (isset($_GET['playerid'])) {
        
    // sanitize every get variable and put it in an array called clean
        
    foreach(array_keys($_GET) as $key) { 
          
    $clean[$key] = mysqli_real_escape_string($dbc$_GET[$key]);
        } 
        
    $sql "SELECT * 
        FROM `TableHere` 
        WHERE playerid = '
    {$clean['playerid']}';";
        
    $result mysqli_query($dbc$sql);
    } else {
        
    header('location: /search.php?playerid=empty');
    }
    ?>
    Please let me know if this helps.
     
    Last edited: May 6, 2012
    Akumos says thanks.
  3. Akumos

    Akumos

    Joined:
    Nov 30, 2008
    Messages:
    548 (0.25/day)
    Thanks Received:
    28
    Location:
    Birmingham, England...
    Thanks for this - helped alot!
     
  4. Ross211

    Ross211

    Joined:
    Jan 9, 2010
    Messages:
    473 (0.27/day)
    Thanks Received:
    115
    Location:
    Kansas
    Hey you're welcome Akumos, glad I could help.

    Can I ask what the PeaceKeeper Alliance is? Is it a game that runs through the web browser?

    About 2 weeks ago I logged in using your provided test login and I didn't quite understand what it is. I was able to look at the code on your web forms and understand what you were wanting to accomplish though.

    On a side note I just graduated college and I'm on the hunt for a position as a web developer. I initially got into PHP and JavaScript to learn how to steal cookies and perform XSS attacks - coding against security exploits is one of my strong points ;~)
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page