A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yearphp and mysql searching and passing variables problem - page 1
User InfoPosts
php and mysql searching and passing variables problem#1
I have the following code:

http://www.nomorepasting.com/getpaste.php?pasteid=22615

Which is called by the javascript mentioned in this question:

My problem is that I do not seem to be able to pass $query, as in nothing seemingly happens when I call this file by itself.

I am unsure what the best way to control the flow of information is. Is my logic ok? Passing the query through javascript to the php file, and then returning it with the function?

I am also concerned about my use of $rows, as it does not seem to be required.

posted date: 2008-12-10 04:22:00


Re: php and mysql searching and passing variables problem#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-10 04:22:01


Re: php and mysql searching and passing variables problem#3
In the code you linked to, I do not see where $searchString is declared? In the aforementioned PHP, I see these two separate sections:$query ='';if (isset($_GET["query"]))$query = $_GET["query"];and the code you are executing later on down the page is$table = 'Auctions';$rows = getRowsByArticleSearch($searchString, $table);Nowhere, as far as I can see in the code, is $searchString ever declared. A larger concern, however, is that you are not sanitizing your query string before executing it. For security's sake, I would at least replace:$result = mysql_query("SELECT ARTICLE_NO, USERNAME, ACCESSSTARTS, ARTICLE_NAME FROM {$table} WHERE upper ARTICLE_NAME LIKE '%" . $searchString . "%'");with$result = mysql_query("SELECT ARTICLE_NO, USERNAME, ACCESSSTARTS, ARTICLE_NAME FROM {$table} WHERE upper ARTICLE_NAME LIKE '%" . mysql_real_escape_string($searchString) . "%'");You should also check whether magic quotes is turned on, to avoid double-escaping.

posted date: 2008-12-10 05:22:00


Re: php and mysql searching and passing variables problem#4
I think you want to replace this (line 36):$rows = getRowsByArticleSearch($searchString, $table);with this:$rows = getRowsByArticleSearch($query, $table);And for security concerns, the least you should do is the mysql_real_escape_string stuff from spelley's post.

posted date: 2008-12-10 05:47:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.