SQL Search

By zenx on Oct 29, 2010


Just an quick example how to search and add information to MySQL.


// search.sql : https://pastee.org/e7zke
// when searching, use % as wildcard.

$con = mysql_connect("localhost","user","pw");
mysql_select_db("search", $con);

if (!$con) { die('Could not connect: ' . mysql_error()); }

if( !isset($_GET['addnew']) ) { echo "ADD NEW: <form action=# method=get><b>URL</b>: <input type=hidden name=addnew><input type=text name=u> - <b>Title</b>: <input type=text name=t> - <b>Keywords</b>: <input type=text name=kw> <input type=submit value=Add!></form><br/><br/>SEARCH: <form action=# method=get><b>Search</b>: <input type=text name=s> <input type=submit value=Search!></form>"; }

if( isset($_GET['addnew']) )  {
    $url = $_GET['u'];
    $title = $_GET['t'];
    $keywords = $_GET['kw'];
    $result = mysql_query("INSERT INTO search(title, url, word) VALUES('$title', '$url', '$keywords')");

$getme = "%";
$getme = $_GET['s'];

$result = mysql_query("SELECT SQL_CACHE * FROM search where word like '%$getme%' limit 0,25");

echo "<table border='0' padding='10'><tr><th>ID</th><th>Title</th><th width='100'>URL</th></tr>";

while($row = mysql_fetch_array($result))  {

    echo "<tr>";
    echo "<td>" . $row['id'] . "</td>";
    echo "<td>" . $row['title'] . "</td>";
    echo "<td>" . $row['url'] . "</td>";
    echo "</tr>";


echo "</table>";




Sign in to comment.
zenx   -  Oct 31, 2010


sunslayer   -  Oct 29, 2010

you should add some sort of protection for injections whenever user input is used

Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.