#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Location
    Wrexham Uk
    Posts
    3
    Rep Power
    0

    How do you filter search results


    Hi all
    I have a table of all results from data base how do I display results from a certain county only.

    PHP Code:
    <?php $name $_REQUEST['search'];?>

    <?php
    /*$sqlr = "select * from `general_information`,`facilities_add`,`gallery`,` price_range` where general_information.gid = facilities_add.gid AND facilities_add.gid = gallery.gid AND gallery.gid =  price_range.gid";*/
    //echo "=====<br/>";  print_r($_REQUEST);echo "=====<br/>";
            
    $area             =         $_REQUEST['country'];
    $Country         =         $_REQUEST['state'];
    $Town             =         $_REQUEST['town'];
    $ukTown         =         $_REQUEST['uktown'];
                
    $sql "select * from `caravan_details` where 1";
    $sql .= " AND status = 'approve'"
    $sql .= " group by cav_id desc"
    $sqlr $sql;
                    
    //echo $sqlr;exit();
                    
    $msg "No Record Found Here.....";
                    
    $resr mysql_query($sqlr) or die(mysql_error());
                  
    $innum mysql_num_rows($resr);
                    
    $pager = new PS_Pagination($conn$sqlr2020"{$paramStr}");

    $pager->setDebug(true);

    $res22 $pager->paginate();
                    
    if(
    $innum>0){while($rowr mysql_fetch_array($res22))        
    {
    $gid $rowr['cav_id'];
    $sqlg "select * from `gallery` where cav_id='$gid'";
    $resg mysql_query($sqlg);
    $rowg mysql_fetch_array($resg);
    ?>

    <table width="680" border="0" cellspacing="8" cellpadding="1" style="margin:0 0 20px 8px;">
    <tr>
    <td align="left" valign="top" width="207"><img src="upimage/thumb/<?php echo $rowg['gallery'];?>" alt="" height="150" width="200"/></td>
    <td><p><strong>Caravan Park</strong> : <?php if($rowr['park_name']!=""){?><?php echo $rowr['park_name'];?><?php } else { ?><?php echo $rowr['caravan_park_list'];?><?php ?></p><p><?php echo $rowr['overview_caravan'];?></p>
    <p><strong>County</strong> : <?php echo $rowr['County1'];?></p></br> 
    <!--<p><strong><a href="advanced_search_details.php?gid=<?php echo $rowr['cav_id'];?>" style="text-decoration:none; color:#c36000;">View Details</a></strong> </p>-->
                    
    <form name="titlecheck_<?php echo $rowr['cav_id']?>" id="titlecheck_<?php echo $rowr['cav_id']?>" method="post" action="carvan/<?php echo str_replace(" ","-",$rowr['park_name']."/".$uktown."/".$rowr['cav_id']);?>">
    <input type="hidden" name="title_val" value="<?php echo $rowr['cav_id']?>" />
            
    <p><strong><a href="#" onclick="document.titlecheck_<?php echo $rowr['cav_id']?>.submit(); return false;" style="text-decoration:none; color:#c36000;">View Details</a></strong> </p></form>
    </td>
    </tr>
    </table></div>   
    <?php
      
    }
      } 
     else
      {
    ?>
       
    <table width="700" border="0" cellspacing="1" cellpadding="1">
    <tr>
    <td colspan="2" align="center"><font color="#990000"><?php echo $msg;?></font></td>
    </tr>
    </table>
    <?php
    }
    ?>
    <!--search-box end-->  
    </div>
    <div style="font-size:15px; line-height:10px; font-weight:bold; margin-top:10px;" align="center"><?php echo $pager->renderFullNav();?></div>  
    </div>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,378
    Rep Power
    594
    1) DO NOT use the deprecated MySQL extensions. Switch to PDO.

    2) Why not just add another where clause for the desired country?
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Location
    Wrexham Uk
    Posts
    3
    Rep Power
    0

    Complete newbie to php just trying to edit somethingthat somebody else wrote


    Complete newbie but learning fast don't understand what
    deprecated MySQL extensions. Switch to PDO. are

    PHP Code:
    <?php
    /*$sqlr = "select * from `general_information`,`facilities_add`,`gallery`,` price_range` where general_information.gid = facilities_add.gid AND facilities_add.gid = gallery.gid AND gallery.gid =  price_range.gid";*/
    //echo "=====<br/>";  print_r($_REQUEST);echo "=====<br/>";
            
    $area             =         $_REQUEST['country'];
    $Country         =         $_REQUEST['state'];
    $Town             =         $_REQUEST['town'];
    $ukTown         =         $_REQUEST['uktown'];
                
    $sql "select * from `caravan_details` where 1";
    $sql SELECT FROM `caravan_parksWHERE county="cornwall"
    $sql .= " AND status = 'approve'"
    $sql .= " group by cav_id desc"
    $sqlr $sql;
                    
    //echo $sqlr;exit();
                    
    $msg "No Record Found Here.....";
                    
    $resr mysql_query($sqlr) or die(mysql_error());
                  
    $innum mysql_num_rows($resr);
                    
    $pager = new PS_Pagination($conn$sqlr2020"{$paramStr}");

    $pager->setDebug(true);

    $res22 $pager->paginate();
                    
    if(
    $innum>0){while($rowr mysql_fetch_array($res22))        
    {
    $gid $rowr['cav_id'];
    $sqlg "select * from `gallery` where cav_id='$gid'";
    $resg mysql_query($sqlg);
    $rowg mysql_fetch_array($resg);
    ?>

    <table width="680" border="0" cellspacing="8" cellpadding="1" style="margin:0 0 20px 8px;">
    <tr>
    <td align="left" valign="top" width="207"><img src="upimage/thumb/<?php echo $rowg['gallery'];?>" alt="" height="150" width="200"/></td>
    <td><p><strong>Caravan Park</strong> : <?php if($rowr['park_name']!=""){?><?php echo $rowr['park_name'];?><?php } else { ?><?php echo $rowr['caravan_park_list'];?><?php ?></p><p><?php echo $rowr['overview_caravan'];?></p>
    <p><strong>County</strong> : <?php echo $rowr['County1'];?></p></br> 
    <!--<p><strong><a href="advanced_search_details.php?gid=<?php echo $rowr['cav_id'];?>" style="text-decoration:none; color:#c36000;">View Details</a></strong> </p>-->
                    
    <form name="titlecheck_<?php echo $rowr['cav_id']?>" id="titlecheck_<?php echo $rowr['cav_id']?>" method="post" action="carvan/<?php echo str_replace(" ","-",$rowr['park_name']."/".$uktown."/".$rowr['cav_id']);?>">
    <input type="hidden" name="title_val" value="<?php echo $rowr['cav_id']?>" />
            
    <p><strong><a href="#" onclick="document.titlecheck_<?php echo $rowr['cav_id']?>.submit(); return false;" style="text-decoration:none; color:#c36000;">View Details</a></strong> </p></form>
    </td>
    </tr>
    </table></div>   
    <?php
      
    }
      } 
     else
      {
    ?>
       
    <table width="700" border="0" cellspacing="1" cellpadding="1">
    <tr>
    <td colspan="2" align="center"><font color="#990000"><?php echo $msg;?></font></td>
    </tr>
    </table>
    <?php
    }
    ?>
    <!--search-box end-->  
    </div>
    <div style="font-size:15px; line-height:10px; font-weight:bold; margin-top:10px;" align="center"><?php echo $pager->renderFullNav();?></div>  
    </div>
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,378
    Rep Power
    594
    Deprecated means they are no longer supported and eventually will be removed. They are also very injection prone unless you know what you are doing. As I said, don not use them. Remove any calls starting with 'mysql_' and replace with equivalent PDO calls. The transition is not very difficult as there is ALMOST a 1 to 1 correspondence between the 2. Arguments differ a little but the main differences is with queries which are considerably more secure, especially prepared statements. It should not take too long to program the transition even for a beginner. However, you should understand OOP.
    Last edited by gw1500se; June 29th, 2013 at 05:01 PM.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    what gw1500se says is that the mysql_* functions you're using are long obsolete. Since 10 years, actually. They've been replaced with modern libraries and will be removed sooner or later.

    In fact, your code needs a major update. There's no security whatsoever. If anybody with bad intentions and a bit of technical knowledge finds your website, it's game over.

    If you can't update your code, well, then I guess all you can do is hope and pray.

    Your change makes no sense. It's not even valid PHP (which you can already tell from the messed up syntax highlighting). You need to add the country = ... condition to the existing WHERE clause.

    The original query is this:
    Code:
    Give me all caravans, which are approved.
    You want this:
    Code:
    Give me all caravans, which are approved AND from Cornwall.
    You can translate this literally into an SQL query.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    676
    Rep Power
    7
    When soon-to-come PHP update exists, mysql_ commands will no longer function. They have become depricated for some time now. MySQLi and PDO are now the ways to go. If you are first stepping in and learning, I suggest just starting out with PDO. Learn right from the start. As far as the just results from a certain county...

    Instead of your "WHERE 1", change it into "WHERE county = :county" in a Prepared Statement.

IMN logo majestic logo threadwatch logo seochat tools logo