2 Replies - 407 Views - Last Post: 03 September 2012 - 10:19 PM Rate Topic: -----

#1 matt12345  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 08-June 12

Search not giving proper results

Posted 03 September 2012 - 09:49 AM

On this user search form, it isn't working. I've tried all sorts of LIKE combinations when it comes to querying, but it won't do what I need. If I enter both a first and last name, it should pick up results that match the query, or are similar. If no results ,the "No results" message should appear. This is not happening. Same concept for entering a first name only or just a last name. If I enter an "M" for example, "Matt....." will appear, but if I enter "att, Mt, or Ma" for instance, nothing will appear. Usually, I must enter the last name exact or the first exact. I cannot enter both, basically ever, or nothing will appear. The bare minimum if no results appear is the "No results" message. But still, the majority of queries made will not work. Also, if I enter the letter "L," certain results may appear that don't even have the letter "L" in them. You can think of this script as a semi-functional search bar. I need help fixing this. Thanks.


<?php
error_reporting (1);
session_start();
$userid = $_SESSION['userid7906'];
$username = $_SESSION['username7906'];
$email = $_SESSION['email7906'];
$one = $_SESSION['yes7906'];
$zero = $_SESSION['no7906'];
?>
<!DOCTYPE html>

<html>
<head>
    <title>User Search</title>
    <meta http-equiv="Content=Type" content="text/html; charset=utf-8" />
    <LINK REL=StyleSheet HREF="./css/search.css" TYPE="text/css" MEDIA=screen>
</head>
<body>
    <?php

$info = $_COOKIE['user7906']." <a href='./logout.php'>Log Out</a> <a href='./memberpage.php'>Home</a> <a href='./profile.php?user=$_COOKIE[user7906]'>Profile</a> <b><a href='./search.php'>User Search</a></b> <a href='./account.php'>Account</a> <br/><hr/>";
$info2 = $_COOKIE['user7906']." <a href='./logout.php'>Log Out</a> <a href='./memberpage.php'>Home</a> <a href='./profile.php?user=$username'>Profile</a> <b><a href='./search.php'>User Search</a></b> <a href='./account.php'>Account</a> <br/><hr/>";
if (isset($_COOKIE['user7906']) && isset($_COOKIE['pass7906']) && isset($_COOKIE['email7906'])) {
        echo $info."<br/>";
        
                 $search = "<form name='form' method='GET' action='./search.php'>
                       Search for User: <input type='text' name='query' value='$_REQUEST[query]' />
                       <input type='submit' name='submit' value='Go' />
                       </form>";
            
            $query = trim($_GET['query']);
            $go = $_GET['submit'];
            
                if (($go==='Go') && ($query !== '')) {
                    echo $search."<br/>";
                    require("./connect.php");
                    
                        $sel = mysql_query("SELECT * FROM `profiles` WHERE 'first_name' OR 'last_name' LIKE '%$query%' OR first_name='$query' OR last_name='$query'");
                        
                        while($row = mysql_fetch_assoc($sel)) {
                        
                            $id = $row['users_id'];
                            $fn = $row['first_name'];
                            $ln = $row['last_name']; 
                            $lc = $row['location'];
                            
                            if ($id > 0) {
                            
                                $sel2 = mysql_query("SELECT * FROM `users` WHERE id='$id'");
                                
                                while($row2 = mysql_fetch_assoc($sel2)) {
                                
                                    $user_name = $row2['username'];
                                    
                                    
                                    if ($user_name !== 0) {
                                    
                                        echo "<a href='./profile.php?user=$user_name'>".$fn.' '.$ln.'</a><br/>Location: <i>'.$lc.'</i><br/><br/>';
                                    
                                    }
                                    else {
                                    echo "No results";
                                    }
                                    
                                
                                }


                            
                            }
                            else {
                            echo 'No results';
                            }
                                
                        
                        }
                
                    
                    
                }
                elseif (($go==='Go') && ($query === '')) {
                    echo $search.'<br/>Please enter a search term.';
                }
                else {
                    echo $search;
                }
        
    }
    elseif(isset($username) && isset($userid) && isset($email)) {
        echo $username.$info2."<br/>";
        
            $search = "<form name='form' method='GET' action='./search.php'>
                       Search for User: <input type='text' name='query' value='$_REQUEST[query]' />
                       <input type='submit' name='submit' value='Go' />
                       </form>";
            
            $query = trim($_GET['query']);
            $go = $_GET['submit'];
            
                if (($go==='Go') && ($query !== '')) {
                    echo $search."<br/>";
                    require("./connect.php");
                    
                        $sel = mysql_query("SELECT * FROM `profiles` WHERE 'first_name' OR 'last_name' LIKE '%$query%' OR first_name='$query' OR last_name='$query'");
                        
                        while($row = mysql_fetch_assoc($sel)) {
                        
                            $id = $row['users_id'];
                            $fn = $row['first_name']; 
                            $ln = $row['last_name']; 
                            $lc = $row['location'];
                            
                            if ($id >= 1) {
                            
                                $sel2 = mysql_query("SELECT * FROM `users` WHERE id='$id'");
                                
                                while($row2 = mysql_fetch_assoc($sel2)) {
                                
                                    $user_name = $row2['username'];
                                    
                                    
                                    if ($user_name !== 0) {
                                    
                                        echo "<a href='./profile.php?user=$user_name'>".$fn.' '.$ln.'</a><br/>Location: <i>'.$lc.'</i><br/><br/>';
                                    
                                    }
                                    else{
                                    echo "No results";
                                    }
                                    
                                
                                }


                            
                            }
                            else {
                            echo 'No results';
                            }
                           
                                
                        
                        }
                                               

                
                    
                    
                }
                elseif (($go==='Go') && ($query === '')) {
                    echo $search.'<br/>Please enter a search term.';
                }
                else {
                    echo $search;
                }
            
                    
    }
    else {
        echo "Please log in for access to this page. Log in <a href='./login.php'>here</a>.";
    }
    
    ?>
</body>
</html>




Is This A Good Question/Topic? 0
  • +

Replies To: Search not giving proper results

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2992
  • Posts: 10,337
  • Joined: 08-August 08

Re: Search not giving proper results

Posted 03 September 2012 - 10:51 AM

If you try the query manually in phpmyadmin does it work?
Was This Post Helpful? 0
  • +
  • -

#3 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 795
  • View blog
  • Posts: 1,681
  • Joined: 30-January 09

Re: Search not giving proper results

Posted 03 September 2012 - 10:19 PM

I have to say, this:
SELECT * FROM `profiles` WHERE 'first_name' OR 'last_name' LIKE '%$query%' OR first_name='$query' OR last_name='$query'


...looks like dodgy SQL. Any columns names should be enclosed in backticks (`) not single quotes ('). Also, I have never seen an OR clause used like that on first_name, last_name. I imagine that MySQL would toss back an error on a command structured like that. If you want multiple checks against a string pattern, you have to do this:
WHERE `first_name` LIKE '%$query%'
OR `last_name` LIKE '%$query%'


You might also want to look into using an alternative to the mysql_* functions as well, since they are outdated, and you're wide open to SQL injection.

This post has been edited by e_i_pi: 03 September 2012 - 10:22 PM

Was This Post Helpful? 3
  • +
  • -

Page 1 of 1