#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    56
    Rep Power
    2

    Search criteria failing to return matched records


    Hi all,

    First of all, am not claiming the code below is entirely secure. But I want to learn the logic involved here...someone else helped me with it.

    I am trying to check if the POST or the GET has my search variables and then add the variables to my query. I then want to pass the array name of those variables into the URL for paginating my search results.

    The problem I have here is that after modifying my previous query, when I search with any of the criteria the new query below does not return any record to match with the criteria.

    Here is my code:

    Code:
    $criteria = array('ctitle', 'csubject', 'creference', 'cat_id', 'cmaterial', 'ctechnic', 'cartist', 'csource', 'stolen');
    $likes = "";
    $url_criteria = '';
    foreach ( $criteria AS $criterion ) {
    if ( ! empty($_POST[$criterion]) ) {
    $value = ($_POST[$criterion]);
    $likes .= " AND `$criterion` = '%$value%'";
    $url_criteria .= '&'.$criterion.'='.htmlentities($_POST[$criterion]);
    } elseif ( ! empty($_GET[$criterion]) ) {
    $value = mysql_real_escape_string($_GET[$criterion]);
    $likes .= " AND `$criterion` = '%$value%'";
    $url_criteria .= '&'.$criterion.'='.htmlentities($_GET[$criterion]);
    }
    }
    $sql = "SELECT * FROM collections WHERE c_id>0" . $likes . " ORDER BY c_id ASC";
    echo $sql;
    This is what I am getting instead:

    Code:
    SELECT * FROM collections WHERE c_id>0 AND `cmaterial` = '%wood%' ORDER BY c_id ASC
    And I have no clue as to why the search cant return any records. I need your help.

    Thanx.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,496
    Rep Power
    594
    1) Please wrap your code in [ PHP ] tags. See the sticky that says READ THIS BEFORE POSTING at the top of this forum.
    2) You are not getting any records because there are none that match your search criteria (assuming you are not getting an error instead). Did you copy the echoed query and paste it into a command line to see what you get? Also you don't need the back ticks since cmaterial is not a SQL keyword but that is not the problem.
    3) Why are you using 'mysql_real_escape_string'? Get rid of it, it implies you are using the deprecated MySQL extensions. If you are, don't. Switch to PDO and prepared statements. It is senseless to be learning obsolete, unsupported code. Also find a different "someone else" to help you since that person is obviously not up to date on coding skills.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    I haz teh codez!
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2003
    Posts
    2,549
    Rep Power
    2337
    PHP Code:
    `cmaterial` = '%wood%' 
    If you want LIKE, use LIKE, not =.
    I ♥ ManiacDan & requinix

    This is a sig, and not necessarily a comment on the OP:
    Please don't be a help vampire!

IMN logo majestic logo threadwatch logo seochat tools logo