|
tundewoods (m)
|
Got a php mysql driven web application web project that my web team has been working on at my lab for sometime now,I am currently faced with the hectic task of creating some a rather complex advanced search form with about 6 form fields that can either be dependent or inter-dependent of each other.
Its rather a herculean task trying to hand code the sql query manually i therefore resulted to using Dreamweaver MX to visually arrive at the my advanced search's recordset. The problem is that using the AND logic statemement is really a pain compared to the limited OR statement.
i have included the visual screenshot of the front end form and also the sql code i wrote,lets see if we can trouble shoot this advanced search to work seamlessly as originally planned.
//// SQL query for implementing the form ///// As Generated by Dreamweaver MX
<?php
session_start();
ob_start();
$colnam5_qs = "5";
if (isset($_POST['typ'])) {
$colnam5_qs = (get_magic_quotes_gpc()) ? $_POST['typ'] : addslashes($_POST['typ']);
}
$colnam4_qs = "4";
if (isset($_POST['opt'])) {
$colnam4_qs = (get_magic_quotes_gpc()) ? $_POST['opt'] : addslashes($_POST['opt']);
}
$colnam2_qs = "-1";
if (isset($_POST['maxprice'])) {
$colnam2_qs = (get_magic_quotes_gpc()) ? $_POST['maxprice'] : addslashes($_POST['maxprice']);
}
$colnam3_qs = "0";
if (isset($_POST['minprice'])) {
$colnam3_qs = (get_magic_quotes_gpc()) ? $_POST['minprice'] : addslashes($_POST['minprice']);
}
$colname_qs = "2";
if (isset($_POST['keyword'])) {
$colname_qs = (get_magic_quotes_gpc()) ? $_POST['keyword'] : addslashes($_POST['keyword']);
}
mysql_select_db($database_zone, $zone);
$query_qs = sprintf("SELECT * FROM homes WHERE (zhoption='%s' AND zhtype LIKE '%%%s%%' ) AND (county LIKE '%%%s%%' OR town LIKE '%%%s%%' OR postcode LIKE '%%%s%%') AND (price<= '%s' AND price>='%s') AND (reg_complete > 0) ORDER BY price ASC", $colnam4_qs,$colnam5_qs,$colname_qs,$colname_qs,$colname_qs,$colnam2_qs,$colnam3_qs);
$qs = mysql_query($query_qs, $zone) or die(mysql_error());
$row_qs = mysql_fetch_assoc($qs);
$totalRows_qs = mysql_num_rows($qs);
?>
|
|
|
|
|
|
mambenanje (m)
|
@tunde
nice post but I have some reviews though
1- I personally don't like procedural codes so if someone working for me wrote those codes I will think its nasty and difficult to debug
2- I think magic_gpc_quotes() addslashes() are not best against sql injection. mysql_real_esapce_string(): is actually the best against sql injection
those are my main reviews to that code.
as for what the code is to do, I believe that part is trivial, using AND and OR depending on how you the developer wants the search to operate and thats what I have not understood from your post
|
|
|
|
|
|
ebot
|
2- I think magic_gpc_quotes() addslashes() are not best against sql injection. mysql_real_esapce_string(): is actually the best against sql injection
I will agree with mambenanje. Instead of just using magic_gc_quotes() and addslashes() you should also use mysql_real_escape_string() (to escape the posted data if magic qoutes is turned off for extra security). And as for using AND/OR it depends on what you are performing the search on. |
|
|
|
|
|
|
|
tundewoods (m)
|
Did most of you guys actually understand my post 
|
|
|
|
|
|
uspry1 (f)
|
To me, you ask for someone who is Dreamweaver fluent you seek for help how to build complex/advanced search form using Dreamweaver recordsets with PHP and MySQL.
I gave you basic simple search form links mentioned previous posting in order for you to get idea switching from simple to advanced search form using Dreamweaver recordset configuration linking to both PHP/MySQL.
Or other way you can purchase the Dreamweaver extension (add-on plugins) for PHP/MySQL connection together setting up Dreamweaver recordset.
Am I right or wrong? @tundewoods
|
|
|
|
|
|
uspry1 (f)
|
@tundewoods I assume that you already create MySQL database table that named "homes" on your (or client's) database server. The homes database table should be look like this: id keyword type option minprice maxprice Also I assumed that you already create the following scripts: "search_form.php" like picture you posted previously and "search_result.php". The following clickable link I give you basic tutorial how to set up dynamic database-driven search box using Dreamweaver recordset to add dynamic Text Fields on recordset connection. That link I provided you has its own working search form VIDEO TUTORIAL at bottom of its linked page. I believe that you already created Dreamweaver recordset name: rsHomes_db to be connected with above home database table. So inside the search_form.php each textfield should named as I give out each textfield names. See picture below. |
|
|
|
|
|
Afam (m)
|
I think the poster is faced with the problem of creating a complex search form and/or query and he needs help. Or, am I wrong?
|
|
|
|
|
|
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
a_zone_screenshot.jpg (132.11 KB, 335x407 )
