Home/ Questions/Q 8071809
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T13:48:56+00:00

I have a form that searches a MySQL database using PHP. Currently, when a

  • 0

I have a form that searches a MySQL database using PHP. Currently, when a user inputs a search into one of two fields, the entire contents of the database are displayed. Also, if the user leaves both fields blank, again, the entire contents of the database will be displayed.

However, if the user inputs random information into both of the fields, then the results page will be blank.

The assumed usage of this form is that the user can search for an article based on the article’s title, the article’s author or organization, or the article’s title and its author or organization by either filling out one or both of the fields.

What I’m trying to figure out is:

Why the results page keeps displaying all of the database contents.

and

How to ensure that the database is actually being queried rather than just being dumped by a coding error.

Code follows below:

search.php:

<div class="content">
    <form id="form1" name="form1" method="post" action="searchdb.php">
        <table width="100%" border="0" cellpadding="6">
            <tr>
              <td width="29%" align="right">Article Title:</td>
              <td width="71%" align="left"><input name="articletitle" type="text" id="articletitle" size="50" /></td>
            </tr>
            <tr>
              <td align="right">Author or Organization:</td>
              <td align="left"><input name="articleorganization" type="text" id="articleorganization" size="50" /></td>
            </tr>
        </table>


        <table width="100%" border="0" cellpadding="6">
          <tr>
            <td><input type="submit" name="submit" value="Submit" /></td>
          </tr>
        </table>
    </form>
</div>

searchdb.php

<?php

include('settings.php');
$query = "select * from articles";
$where = array();
if (!empty($_POST['articletitle'])) {
   $where[] = "articletitle LIKE '%".mysql_real_escape_string($_POST['articletitle'])."%'";
}
    if (!empty($_POST['articleorganization'])) {
       $where[] = "articleorganization LIKE  '%".mysql_real_escape_string($_POST['articleorganization'])."%'";
}
    if (!empty($where)) {
        $query .= " WHERE " . implode(" OR ", $where);
        $sql = mysql_query($query);
    } else {
        // No results
}
while ($row = mysql_fetch_array($sql)){
    echo '<br/> Article Title: '.$row['articletitle'];
    echo '<br/> Article Organization: '.$row['articleorganization'];
    echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
    echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
    echo '<td><a href="entry.php?id=' . $row['id'] . '">View Full Entry</a></td>';
    echo '<br/><br/>';
}

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Tested this, and it should do exactly what you want.

    $query = "select * from articles";
$where = array();
if (!empty($_POST['articletitle'])) {
   $where[] = "articletitle LIKE '%".mysql_real_escape_string($_POST['articletitle'])."%'";
}
if (!empty($_POST['articleorganization'])) {
   $where[] = "articleorganization LIKE '%".mysql_real_escape_string($_POST['articleorganization'])."%'";
}
if (!empty($where)) {
    $query .= " WHERE " . implode(" OR ", $where);
    $sql = mysql_query($query);
} else {
    // No results
}

    EDIT
    It appears your form is passing empty values, so instead of checking isset, check !empty. I have updated the code above.

    • 0