|
|
Posted by Eric Farraro on 07/25/06 22:18
For starters, it doesn't appear that you are actually assigning the
variables you are using in your search queries.
Look at your form -- since you are using the GET method, in your PHP
file, you should have something like:
$variable_name = $_GET['some_variable'].
'some_variable' corresponds to the 'name' attribute of some input
field.
I don't know if your DB connection, etc... is correct, but you
definitely need to assign the variables you're using in your search
using the $_GET variable. If you do something like: print_r($_GET);,
you can get an idea of what is contained in $_GET.
On another note, this is probably more advanced than you care to know,
but the method you are using your queries is considered EXTREMELY
dangerous for an online application. Since the user can type whatever
they want, someone wishing to cause trouble could log in to your site
without a valid password (assuming you have a login page), drop tables,
etc... Very bad stuff. If you're just playing around locally, it's
not a problem, but if you plan to move your code to an online page,
consider reading up on SQL Injection Attacks.
Navigation:
[Reply to this message]
|