1

I am basically working on a website using giant bomb's api, I have got search functionality on my site, but I am trying to get the users search to write to a mysql database without having to redirect to another php page. Does anyone have a suggestion that can help me out?

Input text box/button 

<div align="center">
    <form action="db.php" method="post">
        <input type="text" id="gsearch" name="gsearch"></input>
        <input type="button" id="gbutton" onclick="gamesearch()" value="search"></input>
    </form>
</div>

PHP code writing to database.

<?php
// Connect to MySQL
    require ('../finalconn.php'); // for iPage
    //require ('../../../../mysqli_connect.php'); 




    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }

    $sql="INSERT INTO searches (searched)
    VALUES
    ('$_POST[searched]')";

    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";


    $searched = $_POST["searched"];

    mysqli_close($con);
?>
user3538036
  • 11
  • 1
  • FYI, you are wide open to [SQL injections](http://stackoverflow.com/q/60174) – John Conde Apr 15 '14 at 23:26
  • Eek! The `$_POST` variable in your query suggests you have a SQL injection vulnerability in this code. – halfer Apr 15 '14 at 23:27
  • I knew I was forgetting something else, thanks for reminding me. – user3538036 Apr 15 '14 at 23:28
  • If you don't want the users to have to leave the page you'll probably have to make an ajax request in javascript. jQuery makes it pretty easy to do that https://api.jquery.com/jQuery.post/ – Stephen Apr 15 '14 at 23:54

0 Answers0