CODEWITHSUNDEEP
phpmysqlpaginationwebpage-screenshot
Ermel Justin Pablo Lopez
Ermel Justin Pablo Lopez

Reputation: 69

search get result empty fields

i have an question about a command that won't give

Notice: Undefined index: q in C:\xampp\htdocs\Capstone - Copy\index.php on line 118

even if the field is empty i have this code for the site that's the only problem where if i don't put a value in my search it will give that error and can i erase the value of get when i reload the site so it will only give the default output that is the whole rows and pictures i'll put a print screen of the site the screen shot is the default view of the site.

>  <?php
> 
>                        $searchtext = $_GET['q'];
> 
> 
>                         $per_page =5;
>                         $pages_query = mysql_query("SELECT COUNT('PersonID') FROM persons");
>                         $pages = ceil(mysql_result($pages_query,0) / $per_page);
> 
>                         $page = (isset($_GET['page'])) ? (int)$_GET['page'] : 1;
>                         $start = ($page - 1) * $per_page;
> 
> 
>    $query=mysql_query("select * from persons where firstname like
> '%$searchtext' or lastname like '%$searchtext' order by date desc
> LIMIT $start,$per_page ");            while($test = mysql_fetch_array($query))
>           {
>               $id = $test['PersonID'];
> 
> 
> 
>                                 echo"<div class = content />";
>               echo"<img height=200 width=200 src='upload/". $test['Image'] ."'/>";
>               echo"" .$test['LastName']." ";
>               echo"". $test['MiddleName']. " ";
>               echo"". $test['FirstName']. "";
>               echo"<right> <a href ='view.php?PersonID=$id'>Edit</a></right>";
>               echo"<right> <a href ='del.php?PersonID=$id'>Delete</a></right>";
>                                 echo"</div>";
> 
> 
> 
>           }
>               if ($pages >=1 && $page <= $pages) {
>                            for ($x=1; $x<=$pages; $x++) {
>                            echo ($x == $page) ? '<strong><a href="?page='.$x.'">'.$x.' </a></strong> ' : '<a
> href="?page='.$x.'">'.$x.' </a>';
>                            }
>                          } ?>
> 
>

screen shot screenshot2

and here's the sample result that won't give an error because there's a default value

screenshot 3

Upvotes: 0

Views: 129

Answers (2)

Tobias Golbs
Tobias Golbs

Reputation: 4616

Well if i understood you correctly this should help:

Change this: $searchtext = $_GET['q'];

to this: $searchText = isset($_GET['q']) ? mysql_real_escape_string($_GET['q']) : "";

WATCH OUT

Please do not use the mysql_* functions anymore and switch instead to the mysqli_ functions or PDO. mysql_ is with php 5.5 deprecated and won't be supported by php >= 5.5. In addition to this i should mention, that your script is vulnerable for mysql injections. Always escape your values before inserting them into a database query!

My code example contains the function mysql_real_escape_string which is like i told you deprecated. If you stick to mysql_* this is the least you can do to secure your application.

Upvotes: 1

kwolfe
kwolfe

Reputation: 1683

You want to only run the query if $searchtext is not null. 

$searchtext = '';
if(isset($_GET['q'])) $searchtext = $_GET['q'];
if($searchtext) {
    //run query
    //display results
} else {
    //display normal page
}

Keep in mind that as you have this now, your begging for an SQL Injection attack. Please use PDO and bind the values.

Upvotes: 1

Related Questions