Hi there I have a php script that lets a user search within a MySQL database, but instead of the user typing in the full name of a game, how can the following code be changed to let a user put only part of the games name and for results to be shown (An example would be to find sonic the hedgehog, users would only need to type in sonic). The code I have at the moment is the following <?php session_start(); $UserName = $_SESSION['UserName']; require("checkLoginSession.php"); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>vintagevideogames.com</title> <link href="Styles.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- .style1 { color: #000000; font-size: 14px; } --> </style> <body> <div id="header"></div> <div id="login"> <p><?php echo("Logged In As: $UserName"); ?> </p> <p><a href="logout.php">Click Here to Logout </a></p> </div> </div> </div> <div id="content"> <div id="mainDisplayCreate"> <?php //Build the search form // HEREDOC area - as highlighted in last week’s lecture $form = <<<FORM <form action="search.php" method="POST"> Search For A Game.<br /><br /> Name Of Game: <input name="game" type="text" id="game" size="15" /><br /> <input type="hidden" name="search" value="true"> <input type="submit" name="submit" value="Submit"><br />$message<br /> </form> FORM; print $form; //Set up the paging system if(isset($search)){ if($resultPrev >=0){echo "<a href=search.php?resultLimit=$resultPrev&game=$searchCriteria&search=true><img src='images/arrowPrev.jpg' border='0' />Previous Page</a>"; echo ""; }else{ echo ""; } if($resultNext < $num){echo "<a href=search.php?resultLimit=$resultNext&game=$searchCriteria&search=true><img src='images/arrowNext.jpg' border='0' />Next Page</a>"; echo ""; }else{ echo ""; } } ?> </div> <div id="content2"> <?php //Searching And Paging v1.0 //COLLECT POST and GET data using Global Variable $_REQUEST // This will collect data from the FORM and URL String $formValue=array(); foreach ($_REQUEST as $key => $value) { $formValue[$key] = strip_tags($value); } $search = $formValue['search']; //Do we want to start the search process if(isset($search)){ //collect the vars that limit the the amount of rows returned $searchCriteria = $formValue['game']; $resultLimit = $formValue['resultLimit']; //Set up vars to contol the number of records being displayed from the search if(!$resultLimit)$resultLimit = 0; $resultNext = ($resultLimit + 3); $resultPrev = ($resultLimit - 3); //connect to the database include "common.php"; DBConnect(); $Link = mysql_connect($Host, $User, $Password); //Declare the query based on the users search term. Display in decending order by id, start at 0, display 3 records $query = "SELECT * FROM $Table_2 WHERE game = '$searchCriteria' ORDER BY game DESC LIMIT $resultLimit, 3"; //Run the query $result = mysql_db_query ($DBName, $query, $Link); //Declare the query to determine the number of rows in the table. This is required for paging $resultNext & $resultPrev $query2 = "SELECT id FROM $Table_2 WHERE game = '$searchCriteria'"; //Run the query $totalresult = mysql_db_query ($DBName, $query2, $Link); //Get the result, which will be a number $num = mysql_num_rows($totalresult); ?> </div> <div id="displayData"> <?php //Print results of search if($search==true&&$num==0){ print("<div class='dataRow1'>Sorry - No records found</div>"); } $i=0; while($row = mysql_fetch_array($result)){ $console = $row['Console']; ?> <table width="428" border="0" cellpadding="3" cellspacing="0" <?php if($i%2==1){ echo "class='dataRow1'"; }else{ echo"class='dataRow2'";}?>> <td colspan="2"><?php echo("Console: $console"); ?></td> <?php $i+=1; }; } ?> </tr> </table> </div> </div> PHP: Any help would be appreciated Chris
Instead of this line: $query = "SELECT * FROM $Table_2 WHERE game = '$searchCriteria' ORDER BY game DESC LIMIT $resultLimit, 3"; Code (markup): You could do: $query = "SELECT * FROM $Table_2 WHERE game like '%" . mysql_real_escape_string($searchCriteria) . "%' ORDER BY game DESC LIMIT $resultLimit, 3"; Code (markup): By the way, you really need to sanitise values that come from the user and go into SQL queries (like I did by adding mysql_real_escape_string()), or else your application will be vulnerable to SQL injection attacks.