Adding and changing a search script

starview
starview used Ask the Experts™
on
can someone show me how to add the following to the attached code:

When the search finds its query i would like it to echo out the all fields that belong to that query:
sample if the search was "Roses are blue" that it would echo out the following fields:
dance_name = Roses are blue
rhythm = Two Step
phase = II
choreography = Jone Doe
pdf_file = Roses are blue.pdf

<html><head></head>
<?php
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection 
mysql_select_db('xxxxxxx',$connect); // Name of your DB 

if(!$connect) // If connection not established 
print 'Could not connect to the database'; // Show an error 

if(isset($_GET['search'])) // If it's submitted 
{ 
$inp = Clean($_GET['inpname']); // Clean my input 
$query="SELECT dance_name, rhythm, phase, choreographer,pdf_file FROM cue_sheets where dance_name like '%$inp%' "; // mySql query 

$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error 
if(mysql_affected_rows()===0) // If no match found 
echo "{$inp} is not in our database."; // Let me know it is'nt found in the table 
else 
{ 
echo "<p>{$inp} was successfully searched.</p>"; // Yes, the query worked 
while($row=mysql_fetch_array($r)) // Loop through the query results 
echo "{$row[0]}<br>"; // Show the results

} // End of the else statement 
} // End of the if statement 

function Clean($str) // Clean my input 
{ 
return mysql_real_escape_string(strip_tags(trim($sStr))); 
}
?>
<body>
<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<input name="inpname" type="text">
<input type="submit" name="search" value="Search">
</form>
</body></html>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I am changing your code to do this. I will reply back here within the next 5-10mins depending how fast I can type it up :P

Author

Commented:
Thank you
Abit more about PHP, you can easily add variables into strings by doing

$str = "extra string";

echo "some ".$str." string";   //output: some extra string string

This is what I have done in the following code. But ofcourse you can instead of doing ". and ." use { and } as you did before, which is not incorrect.

I hope these comments helped you!
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['search'])) // If it's submitted  
{  
	$inp = Clean($_GET['inpname']); // Clean my input  
	$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` where `dance_name` like '%".$inp."%' "; // mySql query  
	 
	$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	if(mysql_affected_rows()===0) // If no match found  
		echo $inp." is not in our database."; // Let me know it is'nt found in the table  
	else  
	{  
		echo "<p>".$inp." was successfully searched.</p>
			<table class='results'><tr>;
			<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Phase</td><td>Choreographer</td><td>PDT File</td>;
			</tr>";
		while ($row=mysql_fetch_array($r)) // Loop through the query results 
		{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
			// ****** easy to get each columns data by just using the column title name.
			echo "<tr>\r\n";
				echo "<td>".$row['dance_name']."</td>\r\n";
				echo "<td>".$row['rhythm']."</td>\r\n";
				echo "<td>".$row['phase']."</td>\r\n";
				echo "<td>".$row['choreographer']."</td>\r\n";
				echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
				
				/* //this bit of the code is what you requested originally in your question.
								
				echo "dance_name = ".$row['dance_name'];
				echo "rhythm = ".$row['rhythm'];
				echo "phase = ".$row['phase'];
				echo "choreography = ".$row['choreographer'];
				echo "pdf_file = ".$row['pdf_file'];
				
				/**/
				
			echo "</tr>";
		}
		echo "</table>";
	 
	} // End of the else statement  
} // End of the if statement  
 
function Clean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($sStr)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Some stupid errors fixed on this post by my end, (previous code should have run without any PHP errors still though)
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['search'])) // If it's submitted  
{  
	$inp = Clean($_GET['inpname']); // Clean my input  
	$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` where `dance_name` like '%".$inp."%' "; // mySql query  
	 
	$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	if(mysql_affected_rows()===0) // If no match found  
		echo $inp." is not in our database."; // Let me know it is'nt found in the table  
	else  
	{  
		echo "<p>".$inp." was successfully searched.</p>
			<table class='results'><tr>;
			<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td>;
			</tr>";
		while ($row=mysql_fetch_array($r)) // Loop through the query results 
		{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
			// ****** easy to get each columns data by just using the column title name.
			echo "<tr>\r\n";
				echo "<td>".$row['dance_name']."</td>\r\n";
				echo "<td>".$row['rhythm']."</td>\r\n";
				echo "<td>".$row['phase']."</td>\r\n";
				echo "<td>".$row['choreographer']."</td>\r\n";
				echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
				
				/* //this bit of the code is what you requested originally in your question.
								
				echo "dance_name = ".$row['dance_name'];
				echo "rhythm = ".$row['rhythm'];
				echo "phase = ".$row['phase'];
				echo "choreography = ".$row['choreographer'];
				echo "pdf_file = ".$row['pdf_file'];
				
				/**/
				
			echo "</tr>";
		}
		echo "</table>";
	 
	} // End of the else statement  
} // End of the if statement  
 
function Clean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($sStr)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

Arrg.. Sorry for all the extra commenting... Fixed some more careless mistakes I made on those attempts again...  But once again these careless mistakes on my end were not fatal PHP errors.
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['search'])) // If it's submitted  
{  
	$inp = Clean($_GET['inpname']); // Clean my input  
	$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` where `dance_name` like '%".$inp."%' "; // mySql query  
	 
	$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	if(mysql_affected_rows()===0) // If no match found  
		echo $inp." is not in our database."; // Let me know it is'nt found in the table  
	else  
	{  
		echo "<p>".$inp." was successfully searched.</p>
			<table class='results'><tr>
			<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td>
			</tr>\r\n";
		while ($row=mysql_fetch_array($r)) // Loop through the query results 
		{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
			// ****** easy to get each columns data by just using the column title name.
			echo "<tr>\r\n";
				echo "<td>".$row['dance_name']."</td>\r\n";
				echo "<td>".$row['rhythm']."</td>\r\n";
				echo "<td>".$row['phase']."</td>\r\n";
				echo "<td>".$row['choreographer']."</td>\r\n";
				echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
				
				/* //this bit of the code is what you requested originally in your question.
								
				echo "dance_name = ".$row['dance_name'];
				echo "rhythm = ".$row['rhythm'];
				echo "phase = ".$row['phase'];
				echo "choreography = ".$row['choreographer'];
				echo "pdf_file = ".$row['pdf_file'];
				
				/**/
				
			echo "</tr>\r\n";
		}
		echo "</table>\r\n";
	 
	} // End of the else statement  
} // End of the if statement  
 
function Clean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($sStr)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

Author

Commented:
It works fine except that when you search for and item, it doesn't tell you it is not there and displays all of the other data items.
Oh so when you click the Search button with an empty text field it shows all the dances instead of just saying its not found? Sorry your comment was abit confusing.

Try this code, it will now do all the mysql stuff only if there is some text entered into that text field.
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['inpname'])) // If it's submitted
{  
	$inp = Clean($_GET['inpname']); // Clean my input  
	
	if( strlen($inp)>1 ) {
		$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` WHERE `dance_name` LIKE '%".$inp."%' "; // mySql query  
		 
		$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	
		if(mysql_affected_rows()===0) // If no match found  
			echo $inp." is not in our database."; // Let me know it is'nt found in the table  
		else  
		{  
			echo "<p>".$inp." was successfully searched.</p>
				<table class='results'><tr>
				<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td>
				</tr>\r\n";
			while ($row=mysql_fetch_array($r)) // Loop through the query results 
			{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
				// ****** easy to get each columns data by just using the column title name.
				echo "<tr>\r\n";
					echo "<td>".$row['dance_name']."</td>\r\n";
					echo "<td>".$row['rhythm']."</td>\r\n";
					echo "<td>".$row['phase']."</td>\r\n";
					echo "<td>".$row['choreographer']."</td>\r\n";
					echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
					
					/* //this bit of the code is what you requested originally in your question.
									
					echo "dance_name = ".$row['dance_name'];
					echo "rhythm = ".$row['rhythm'];
					echo "phase = ".$row['phase'];
					echo "choreography = ".$row['choreographer'];
					echo "pdf_file = ".$row['pdf_file'];
					
					/**/
					
				echo "</tr>\r\n";
			}
			echo "</table>\r\n";
		 
		} // End of the else statement
	} else {
		echo "<p>No text was entered into the search field.</p>";
	}
} // End of the if statement  
 
function Clean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($sStr)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

Author

Commented:
ok, sorry about that.

Let say I enter My dog has fleas in the search area. of course there is no My dog has fleas in the database. But it tells me the search was successfully and displays my other data that is in the datbase.
It doesn't tell me there is no match.

I hope this is better  
That is very weird..... That SQL query should not work like that. I hope someone else can comment here about why this is happening because I have no idea.

Just to clarify though, when you do enter something which exists like "Roses" and search then it will show you just the dance items which match, like the "Roses are blue" yes?

But when you enter something completely unrelated the search says successful and shows everything on the dance list?

Author

Commented:
You try it, there are only three items in the database at this time, more will be added later.
Dance Name Rhythm Phase Choreographer PDF File
I Love You Two Step II Robert Carlson I Love You.pdf
Dance with the one you love Ramba III Robert Carlson Dance with the one you love.pdf
Marry me or not Ramba III Robert Carlson Marry me or not.pdf
http://www.starviewconnection.net/search-test.php
Foun the mistake. It was in ur Clean() function. "sStr" instead of "Str"

Also use this new code I attached instead of old one.
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['inpname'])) // If it's submitted
{  
	$inp = strClean($_GET['inpname']); // Clean my input  
	
	if( strlen($inp)>1 ) {
		$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` WHERE `dance_name` LIKE '%".$inp."%' "; // mySql query  
		 
		$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	
		if(mysql_affected_rows()===0) // If no match found  
			echo $inp." is not in our database."; // Let me know it is'nt found in the table  
		else  
		{  
			echo "<p>".$inp." was successfully searched.</p>
				<table class='results'><tr>
				<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td>
				</tr>\r\n";
			while ($row=mysql_fetch_array($r)) // Loop through the query results 
			{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
				// ****** easy to get each columns data by just using the column title name.
				echo "<tr>\r\n";
					echo "<td>".$row['dance_name']."</td>\r\n";
					echo "<td>".$row['rhythm']."</td>\r\n";
					echo "<td>".$row['phase']."</td>\r\n";
					echo "<td>".$row['choreographer']."</td>\r\n";
					echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
					
					/* //this bit of the code is what you requested originally in your question.
									
					echo "dance_name = ".$row['dance_name'];
					echo "rhythm = ".$row['rhythm'];
					echo "phase = ".$row['phase'];
					echo "choreography = ".$row['choreographer'];
					echo "pdf_file = ".$row['pdf_file'];
					
					/**/
					
				echo "</tr>\r\n";
			}
			echo "</table>\r\n";
		 
		} // End of the else statement
	} else {
		echo "<p>No text was entered into the search field.</p>";
	}
} // End of the if statement  
 
function strClean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($str)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

Author

Commented:
Works great Thank you
have a great Day

Author

Commented:
Great Job
No worries, best of the luck with the rest of the website! Thanks for the points!

Author

Commented:
I found one thing that it is happening, but it is another issue and I will make it another question.
since this has been closed, it deletes all the data for some reason
starview, I don't really care about the experts exchange points and the fact this question is already closed. I dont mind you asking the other issue here as well and I will gladly respond here. If you do wish to make a new question for it then please do let me know about it and I wil head over there asap.

Author

Commented:
New question being added now. See you there

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial