Posted by Anne Bos on 08/28/06 07:45

On Sun, 27 Aug 2006 13:30:00 -0700 wrote "Johnny"
<removethis.huuanito@hotmail.com>:

>
>"Anne Bos" <anne.bos@hccnet.nl> wrote in message
>news:d1u3f2hh1ep2och4df1513rgfnl0uu1bfb@4ax.com...
>> I have a database where authors are listed together with articles they
>> wrote in a little journal. I want to present people what author has
>> produced what articles. In order to do that I made a form, adressing a
>> file called authors.php. If someone gives in a name of an author,
>> his/her name as well as his/her articles are listed as expected. So
>> far no problems.
>> However, if no name is given or if just return is hit, the querry
>> gives all authors. In that case I want no author being given back,
>> instead I prefer to give a sentence: "Please give the name of a
>> possible author".
>>
>> The relevant items are (within php of course):
>> $search = $_POST[author];
>> and
>> $sql="SELECT (the relevant field names) FROM journal WHERE author LIKE
>> '%$search%' ORDER BY idart";
>> (idart gives a chronological numbering of all articles)
>>
>> What should I do? Any hint is appreciated.
>>
>> Anne Bos
>
>an approach:
>
>$search = $_POST['author'];
>if (!empty($_POST['author'])) {
> $sql="SELECT (the relevant field names) FROM journal WHERE author LIKE
>'%$search%' ORDER BY idart";
> // and your mysql and output stuff here
>}
>else {
> echo "<p>Please give the name of a possible author</p>";
>}
>
>BTW you might want to save yourself some grief down the road by reading up
>about sql injection and filtering the post accordingly.
>also you should use single quotes around col tags $_POST['author'] so php
>doesn't try to interpret them as constants initially.
>
>
>
>
>
Thank you,
I have been fiddling with empty(), but now I see what I did wrong.
I should have known.
Also thanks for your tips.

[Back to original message]