Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
128 Posts
Discussion Starter · #1 ·
Hello, I have a MySQL DB that has my cd list in it that shows artist, album, genre, and year.

What I have now works. Lets say I type in "David Crowder Band" and hit submit in my form. It does show the artist album genre and year. But lets say I only want to search for "David" or "Crowder" or even "Band" it doesn't show anything. How would I go about searching like that?

index.php
PHP:
<?php
define('INCLUDE_CHECK',true);

require 'config.php';
require 'func.php';

if(!$_POST['Artist'])
{
	echo("");
}
elseif($_POST['Artist'])
{
$query = mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Artist='" . $_POST['Artist'] . "'"));

}

if(!$_POST['Album'])
{
	echo("");
}
elseif($_POST['Album'])
{
	$query = mysql_fetch_assoc(mysql_query("SELECT * FROM info WHERE Album='" . $_POST['Album'] . "'"));
}

?>

CD List

      Artist:
      Album:

<?php
//echo('');

displayInfo($query['Artist'], $query['Album'], $query['Genre'], $query['Year']);

?>
func.php
PHP:
<?php

/* mySQL connect */
$conn = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
mysql_select_db($db_database,$conn);

/* Display Info */

function displayInfo($artist, $album, $genre, $year)
{
	echo("Arist: " . $artist . "
");
	echo("Album: " . $album . "
");
	echo("Genre: " . $genre . "
");
	echo("Year: " . $year . "
");

}

/* END func */

?>
Thanks,
Throdne
 

·
Registered
Joined
·
696 Posts
Just change your sql query from what you have:
Code:
"SELECT * FROM info WHERE Artist='" . $_POST['Artist'] . "'"
to something like this:
Code:
"SELECT * FROM info WHERE Artist LIKE '%" . $_POST['Artist'] . "%'"
See here for more.

By the way, your code is ripe for a sql injection attack... hopefully this is for home use only. Certainly don't ever use anything like what you have in production code!
 

·
Registered
Joined
·
128 Posts
Discussion Starter · #3 ·
It worked thanks. Yes it if for home use only. But you did bring up the topic of sql injection attack, you know of any good tutorials about defending against that?

Thanks,
Jerico
 

·
Registered
Joined
·
696 Posts
Glad it worked for you, make sure to mark the thread as solved.

I don't know of any particular tutorial, but a google search of "sql injection tutorial" should bring up plenty of results...
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top