I'm trying to figure out how to echo search results into a new window.
Basically a user can type in the search bar location, name etc and it will bring up 5 user results of how ever many users exist for that result. This is to limit space usage. Then a user can click view more results and is taken to another page where it carry's the query across and should echo out only those users matching the query in the search; i.e those users in 'london'.
But at the moment all my users are displaying and i don't know why this is. can someone please show me where I'm going wrong. Thanks.
Here's my search.php page limiting search results to 5:
<?php
//PHP CODE STARTS HERE
if(isset($_GET['submit'])){
// Change the fields below as per the requirements
$db_host="localhost";
$db_username="root";
$db_password="";
$db_name="";
$db_tb_atr_name="display_name";
//Now we are going to write a script that will do search task
// leave the below fields as it is except while loop, which will display results on screen
mysql_connect("$db_host","$db_username","$db_password");
mysql_select_db("$db_name");
$query=mysql_real_escape_string($_GET['query']);
$query_for_result=mysql_query("SELECT *
FROM ptb_stats
WHERE display_name like '%".$query."%' OR location LIKE '%".$query."%' OR age LIKE '%".$query."%' OR nationality LIKE '%".$query."%' OR ethnicity LIKE '%".$query."%' OR hobbies LIKE '%".$query."%' OR local_station LIKE '%".$query."%' LIMIT 5");
echo "<div class=\"search-results\">";
while($data_fetch=mysql_fetch_array($query_for_result))
{
echo "<div class=\"text\"><a href=\"profile.php?id={$data_fetch['user_id']}\" class=\"search\">";
echo "<div class=\"spacing\"><img width=35px height= 30px src=\"data/photos/{$data_fetch['user_id']}/_default.jpg\" class=\"boxgridsearch\"/> ";
echo substr($data_fetch[$db_tb_atr_name], 0,160);
echo "</a></div></div>";
}
echo "<div class=\"morebutton-search\"><a href=\"search_results.php?to=%$query%\" target=\"_blank\" \">+ view more results</a></div>";
mysql_close();
}
?>
And Here's my more_search_results.php page to display all results matching query:
<?php
$db_host="localhost";
$db_username="root";
$db_password="";
$db_name="";
$db_tb_atr_name="display_name";
//Now we are going to write a script that will do search task
// leave the below fields as it is except while loop, which will display results on screen
mysql_connect("$db_host","$db_username","$db_password");
mysql_select_db("$db_name");
$query=mysql_real_escape_string($_GET['query']);
$query_for_result=mysql_query("SELECT *
FROM ptb_stats
WHERE display_name like '%".$query."%' OR location LIKE '%".$query."%' OR age LIKE '%".$query."%' OR nationality LIKE '%".$query."%' OR ethnicity LIKE '%".$query."%' OR hobbies LIKE '%".$query."%' OR local_station LIKE '%".$query."%'");
echo "<div class=\"search-results\">";
while($data_fetch=mysql_fetch_array($query_for_result))
{
echo "<div class=\"boxgrid caption\"><a href=\"profile.php?id={$data_fetch['user_id']}\"><img width=140px height=180px src=\"data/photos/{$data_fetch['user_id']}/_default.jpg\"><div class=\"cover boxcaption\">"; ?>
<h58><? echo substr($data_fetch[$db_tb_atr_name], 0,160);?></a></h58>
</div>
</div>
<? } ?>
You're trying to get a variable called query when you actually passed to in your link. You get all records because your query is testing for LIKE '%%', which will match everything.
This line is wrong...
echo "<div class=\"morebutton-search\"><a href=\"search_results.php?to=%$query%\" target=\"_blank\" \">+ view more results</a></div>";
It should be...
echo "<div class=\"morebutton-search\"><a href=\"search_results.php?query=$query\" target=\"_blank\" \">+ view more results</a></div>";
Also, notice how you're already applying the wildcard % in more_search_results.php so sending the extra %s in the parameter is unnecessary.
Please note: you should refrain from using the mysql_ family of functions. They are deprecated and unsafe. Using them could lead to a SQL Injection. You should resort to using parametized queries with either MySQLi or PDO.