0

I have several articles in my db and search on my site. if the user does not enter anything and click search, then displays all articles. How to catch empty request?

Code:

<?php
mysql_connect("localhost", "user", "password") or die("Error");
mysql_select_db("selv_hram") or die("Error");
mysql_query('SET names "utf8"');

if (isset($_POST['search'])) {
    $searchq = $_POST['search'];
    $searchq = htmlspecialchars($searchq);      

    $query = mysql_query("SELECT * FROM articles WHERE title LIKE '%$searchq%' OR text_article LIKE '%$searchq%'");
    $count = mysql_num_rows($query);
    $output = '';

    if ($count == 0) {
        $output = 'Nothing find';
    }else {
        while ($row = mysql_fetch_array($query)) {
            $title = $row['title'];
            $text = $row['text_article'];
            $id = $row['id'];

            $output .= '<div>'.$title.' '.$text.'</div>';
        }
    }
}   
?>

    <div class="content-article">
        <form name="search" action="index.php" method="post" class="search-form">
        <input type="text" name="search" placeholder="search" />
        <input type="submit" value=">>">
        <?php print("$output"); ?>
    </div>
chris85
  • 23,846
  • 7
  • 34
  • 51
Coveraver
  • 159
  • 1
  • 3
  • 13

3 Answers3

2

After you read this post about SQL-injection, change

if (isset($_POST['search'])) {

to

if (!empty($_POST['search'])) {
Community
  • 1
  • 1
fislerdata
  • 290
  • 1
  • 4
  • 8
  • 3
    Or just `!empty($_POST['search'])` – Peon May 19 '16 at 15:08
  • 2
    that can be narrowed down to a simple `!empty()` but your answer will work as per your original http://stackoverflow.com/revisions/37327273/1 – Funk Forty Niner May 19 '16 at 15:08
  • You don't need isset() as empty() is designed to not throw errors if the variable does not exist. – Edward May 19 '16 at 15:10
  • Thanks - I changed it to `!empty($_POST['search'])` – fislerdata May 19 '16 at 15:11
  • you could have added to it, your original answer would also have been valid http://stackoverflow.com/revisions/37327273/1 – Funk Forty Niner May 19 '16 at 15:11
  • Why just isset? that won't check if the search has value – Peon May 19 '16 at 15:11
  • 1
    @DainisAbols `if (isset($_POST['search']) and strlen($_POST['search']) > 0)` as per [the original answer](http://stackoverflow.com/revisions/37327273/1) is valid. I agree that just `isset()` isn't the best but it's still valid. `empty()` is better, yet using `strlen($_POST['search']) > 0)` is equivalent to checking if the POST is not empty. Quite a few other ways to go about it, but the answer has been edited. – Funk Forty Niner May 19 '16 at 15:14
  • I know, it was correct at start and got edited wrong – Peon May 19 '16 at 15:16
0

This is simple validation.

if(empty($_POST['search'])) {
    echo "Empty search query"; 
} else {
    //search query
}
Edward
  • 1,806
  • 5
  • 26
  • 36
0

Check the user input first, if it is empty change the query. like below

 $searchq = htmlspecialchars($searchq);
 if(trim($searchq) == ''){
  $query = mysql_query("SELECT * FROM articles");
 }else{
   $query = mysql_query("SELECT * FROM articles WHERE title LIKE '%$searchq%' OR text_article LIKE '%$searchq%'");
 }

Dont use depreciated mysql_ functions. Go for mysqli

Ravinder Reddy
  • 3,869
  • 1
  • 13
  • 22