hello every one i have a simple phpmysql search engine script its working very fine but i found a big problem in it the problem is whenever blank space is entered more than four times in a search box it displays complete data of my table please tell me how to resolve this problem and yes if two or space is added after some string then also this problem occur.
$button = $_GET ['submit'];
$search = $_GET ['search'];
if(strlen($search)<=1)
echo "Invalid search";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","root","9889922527");
mysql_select_db("specifications");
$search_exploded = explode (" ", $search);
foreach($search_exploded as $search_each)
{
@$x++;
if($x==1)
@$construct .="keyword LIKE '%$search_each%'";
else
$construct .="AND keyword LIKE '%$search_each%'";
}
$constructs ="SELECT * FROM search WHERE $construct";
$run = mysql_query($constructs);
@$foundnum = mysql_num_rows($run);
if ($foundnum==0)
echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
else
{
echo "$foundnum results found !<p>";
$per_page = 20;
@$start = $_GET['start'];
$max_pages = ceil($foundnum / $per_page);
if(!$start)
$start=0;
$getquery = mysql_query("SELECT * FROM search WHERE $construct LIMIT $start, $per_page");
while($runrows = mysql_fetch_assoc($getquery))
{
$image = $runrows['image'];
$name = $runrows ['name'];
$price = $runrows ['price'];
$url = $runrows ['url'];
echo "<link rel='stylesheet' href='search.css' type='text/css' />";
echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
//echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";
}
Tried to understand and cleanup your code (although some if/else loops seems to be unclosed in your example). Added some minimal escaping and added the trim (as suggested in the comments) to prevent the selection of all data. I also added a limit 1000 (to limit the amount of results a query could max generate:
$button = mysql_real_escape_string($_GET['submit']);
$search = trim(mysql_real_escape_string($_GET['search']));
if(strlen($search)<=1) {
echo "Invalid search";
} else {
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","root","9889922527");
mysql_select_db("specifications");
$search_exploded = explode (" ", $search);
$x = 0;
$construct = null;
foreach($search_exploded as $search_each)
{
$x++;
if($x==1) {
$construct .="keyword LIKE '%$search_each%'";
} else {
$construct .="AND keyword LIKE '%$search_each%'";
}
$constructs ="SELECT * FROM search WHERE $construct";
$run = mysql_query($constructs);
@$foundnum = mysql_num_rows($run);
if ($foundnum==0) {
echo "Sorry, there are no matching result for <b>$search</b>.</br></br>";
} else {
echo "$foundnum results found !<p>";
$per_page = 20;
@$start = mysql_real_escape_string($_GET['start']);
$max_pages = ceil($foundnum / $per_page);
if(!$start) {
$start=0;
$getquery = mysql_query("SELECT * FROM search WHERE $construct LIMIT $start, $per_page");
while($runrows = mysql_fetch_assoc($getquery))
{
$image = $runrows['image'];
$name = $runrows ['name'];
$price = $runrows ['price'];
$url = $runrows ['url'];
echo "<link rel='stylesheet' href='search.css' type='text/css' />";
echo "<div class='cat-logo'><img width='200' height='180' src='$image' /><br/><a href='$url'><font class='cat-head'><b>$name</b></font></a><br/><font class='cat-pr'>$price</font></div>" ;
//echo "<a href='$url'><b>$name</b></a><br>$price<br><a href='$url'>$url</a><p>";
}
}
}
}
}