Closed Thread Icon

Preserved Topic: undesired query results Pages that link to <a href="https://ozoneasylum.com/backlink?for=12892" title="Pages that link to Preserved Topic: undesired query results" rel="nofollow" >Preserved Topic: undesired query results\

 
Author Thread
Boudga
Maniac (V) Mad Scientist

From: Jacks raging bile duct....
Insane since: Mar 2000

posted posted 09-12-2003 03:45

I had the following script returning results based on input from a user but for some unknown reason the script now just returns all database records on every query. I don't have a vast knowledge of PHP and MySQL but the script looks ok to me. Can anyone tell me why it is returning all records now????

BEGIN FORM CODE:

<form name="search" method="post" action="pages.php">
<input type="text" name="input" size="50" maxlength="50" size="11" tabindex=1 style="font-family: verdana; font-size: 10px; border-color:#3871A9;border-width=1px;" />
<input type="Submit" name="Submit" value="Submit" size="11" tabindex=5 style="font-family: verdana; font-size: 10px; border-color:#3871A9;border-width=1px;" />
<input type="reset" name="Reset" value="Reset" size="11" tabindex=6 style="font-family: verdana; font-size: 10px; border-color:#3871A9;border-width=1px;" />
</form>

END FORM CODE:

BEGIN PHP SCRIPT:

<?php
$db = mysql_connect("127.0.0.1", "xxxxx", "xxxxx");
mysql_select_db("Military_Catalog",$db);

$str1="$input";
$str1 = addslashes($str1);

$query = mysql_query("SELECT * FROM partslist WHERE `partnum` LIKE '$str1' OR `nsn` LIKE '$str1' OR `description` LIKE '$str1' OR `top_level_kit` LIKE '$str1' OR `eng_used_on` LIKE '$str1' ORDER BY `partnum` ASC") or die (mysql_error());

while ($row = mysql_fetch_array($query)) {
$partnum = $row["partnum"];
$nsn = $row["nsn"];
$top_level_kit = $row["top_level_kit"];
$description = $row["description"];
$eng_used_on = $row["eng_used_on"];

echo"
<span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 11px; color: #444973; \">Part Number:</span> <span style=\" font: 9px verdana,arial; color:#717abf; font-weight: bold;\">$partnum</span><br />
<span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 11px; color: #444973; \">NSN:</span> <span style=\" font: 9px verdana,arial; color:#717abf; font-weight: bold;\">$nsn</span><br />
<span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 11px; color: #444973; \">Description:</span> <span style=\" font: 9px verdana,arial; color:#717abf; font-weight: bold;\">$description</span><br />
<span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 11px; color: #444973; \">Top Level Kit:</span> <span style=\" font: 9px verdana,arial; color:#717abf; font-weight: bold;\">$top_level_kit</span><br />
<span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 11px; color: #444973; \">Engine Used On:</span> <span style=\" font: 9px verdana,arial; color:#717abf; font-weight: bold;\">$engine_used_on</span> <br />

<hr noshade SIZE=1 color=#717abf>
";
};

// Error Results
if(mysql_num_rows($query)==0) {

echo" <center>
<p><span style=\"font-family: Verdana, Geneva, Arial, helvetica, sans-serif; font-size: 14px; color: #444973; font-weight: bold;\">
<a href=\"http://www.xxxxx.com/catalog.php\">No results! Return to NSN Query</a>
</span></p>
<hr noshade SIZE=1>
</center>
";
}
?>

Muchas Gracias to whoever can solve my problem!

butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted posted 09-12-2003 04:13

Have you tried echoing the sql statement to the browser to make sure it's what you expect?

I also had one other thought... Has the version of PHP on the server recently been updated? If that's the case then register_globals might be set to off which would cause $str1 to be equal to "" all the time which is why it would match all of them.

-Butcher-

[This message has been edited by butcher (edited 09-12-2003).]

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted posted 09-12-2003 04:46

That SQL, while convoluted is 100% correct...it should be returning only what you tell it to, so it sounds like butcher's situation is correct. I'd check register globals with php_info()

Boudga
Maniac (V) Mad Scientist

From: Jacks raging bile duct....
Insane since: Mar 2000

posted posted 09-12-2003 05:29

sure enough....u guys are life savers! Register Globals was Off....it works now!!!!

« BackwardsOnwards »

Show Forum Drop Down Menu