SQL Search

By zenx on Oct 29, 2010

Screenshots

Just an quick example how to search and add information to MySQL.

<?php 

// search.sql : https://pastee.org/e7zke
// when searching, use % as wildcard.

$con = mysql_connect("localhost","user","pw");
mysql_select_db("search", $con);

if (!$con) { die('Could not connect: ' . mysql_error()); }

if( !isset($_GET['addnew']) ) { echo "ADD NEW: <form action=# method=get><b>URL</b>: <input type=hidden name=addnew><input type=text name=u> - <b>Title</b>: <input type=text name=t> - <b>Keywords</b>: <input type=text name=kw> <input type=submit value=Add!></form><br/><br/>SEARCH: <form action=# method=get><b>Search</b>: <input type=text name=s> <input type=submit value=Search!></form>"; }

if( isset($_GET['addnew']) )  {
    $url = $_GET['u'];
    $title = $_GET['t'];
    $keywords = $_GET['kw'];
    $result = mysql_query("INSERT INTO search(title, url, word) VALUES('$title', '$url', '$keywords')");
    mysql_close($con);
    die("Added.");
}

$getme = "%";
$getme = $_GET['s'];

$result = mysql_query("SELECT SQL_CACHE * FROM search where word like '%$getme%' limit 0,25");

echo "<table border='0' padding='10'><tr><th>ID</th><th>Title</th><th width='100'>URL</th></tr>";

while($row = mysql_fetch_array($result))  {

    echo "<tr>";
    echo "<td>" . $row['id'] . "</td>";
    echo "<td>" . $row['title'] . "</td>";
    echo "<td>" . $row['url'] . "</td>";
    echo "</tr>";

}

echo "</table>";

mysql_close($con);

?>

zenx

Like Page Follow Author

Comments

Sign in to comment.
zenx   -  Oct 31, 2010

True.

 Respond  
sunslayer   -  Oct 29, 2010

you should add some sort of protection for injections whenever user input is used

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.