PHP MYSQL QUERY VALIDATION

Question

whats wrong with my program here? I can't seem to work the "word not found" ? :/

echo "<form action='#' method='post'>";
echo "Search word here: <input type='text' name='search'>";
echo "<input type='submit' name='searchword' value='Search'>";
echo "</form>";
if(isset($_POST['searchword'])){
    $word = $_POST['search'];
    $result = mysql_query("SELECT * FROM positivethesaurus where word like '%$word%'");
    while($row = mysql_fetch_array($result)){   
    echo $row['word']."<br>";
    }
    if($row = mysql_fetch_array(!$result)){
        echo "word not found";
    }
}

[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — John Conde, Feb 27 '13 at 12:45
FYI, you also wide open to [SQL injections](http://stackoverflow.com/q/60174) — John Conde, Feb 27 '13 at 12:46
@F4r-20 haha true and i got the answer now my mistake was i placed the exclamation mark on my $result when it should be on '!$row' so thanks :D — troubledone, Feb 27 '13 at 12:56
Do not mix presentation with business logic. See this: http://blog.iandavis.com/2008/12/09/what-are-the-benefits-of-mvc — Francois Bourgeois, Feb 27 '13 at 14:58

score 3 · Answer 1 · edited Feb 27 '13 at 12:51

3

I think you are assigning the value to $word with wrong fieldname

$word = $_POST['search'];

It should be

$word = $_POST['searchword'];

I am just guessing because you are checking if it is set with this field name.

I hope it helps you.

edited Feb 27 '13 at 12:51

hjpotter92

78,589
36
144
183

answered Feb 27 '13 at 12:48

abden.nasir

41
3

the searchword name is my submit name – troubledone Feb 27 '13 at 12:52

score 1 · Answer 2 · answered Feb 27 '13 at 12:47

1

your posting value is wrong. Change to,

$word = $_POST['searchword'];

from,

$word = $_POST['search'];

answered Feb 27 '13 at 12:47

Edwin Alex

5,118
4
28
50

its still not working here's the error Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\EIMS\searchbypositive.php on line 25 – troubledone Feb 27 '13 at 12:51
@troubledone This error occurs only if your query returns false. Check your query whether it returns any result. – Edwin Alex Feb 27 '13 at 12:53
got it :)! i should be placing my exclamation mark or null on the $row from that to this !$row :D – troubledone Feb 27 '13 at 12:56

score 0 · Answer 3 · edited Feb 27 '13 at 12:48

0

word is maybe a reserved term, try this

"SELECT * FROM positivethesaurus where `word` like '%$word%'"

edited Feb 27 '13 at 12:48

George

36,413
9
66
103

answered Feb 27 '13 at 12:47

loicb

587
2
6
24

Nice idea, but `word` isn't a [reserved word](http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html) – George Feb 27 '13 at 12:49

PHP MYSQL QUERY VALIDATION

3 Answers3