What is wrong with this php search page?

Question

I found a tutorial that looked like it would do what I've been trying to do without success. I adapted it to my details and tried it. It doesn't work. When you enter the search and hit submit, all it does is go back to the beginning. I can't see anything wrong with the code so after a couple of hours of trying things, here it is. Can you see what is wrong?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">        

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />

<title>test</title>

</head>

<body>

<?
      if ($searching =="yes") 
   { 
    echo "<h2>Search</h2><p>"; 

     if ($find == "") 
     { 
      echo "<p>You forgot to enter a search term"; 
      exit; 
       } 

mysql_connect('localhost', 'user', 'password') or die(mysql_error()); 
 mysql_select_db("database") or die(mysql_error()); 

 $find = strtoupper($find); 
 $find = strip_tags($find); 
 $find = trim ($find); 


 $data = mysql_query("SELECT * FROM engravers WHERE upper($field) LIKE'%$find%'"); 

 while($result = mysql_fetch_array( $data )) 
 { 
 echo $result['Country']; 
 echo "<br>"; 
 echo $result['Year']; 
 echo "<br>"; 
 echo $result['Engraver1Surname']; 
 echo "<br>"; 
 echo $result['Designer1Surname']; 
 echo "<br>"; 
 echo $result['Printer']; 
 echo "<br>"; 

 echo "<br>"; 
 } 

  $anymatches=mysql_num_rows($data); 
  if ($anymatches == 0) 
  { 
  echo "Sorry, but we can not find an entry to match your query<br><br>"; 
  } 

 echo "<b>Searched For:</b> " .$find; 
 } 
 ?>
<h2>Search</h2> 
<form name="search" method="post" action="<?=$PHP_SELF?>">
Search for: <input type="text" name="find" /> in 
<Select NAME="field">
<Option VALUE="Country">Country</option>
<Option VALUE="Year">Year</option>
<Option VALUE="Engraver1Surname">Engraver</option>
<Option VALUE="Designer1Surname ">Designer</option>
<Option VALUE="Printer">Printer</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>

 </body>
 </html>

Answer 1

You need to set the variables on begin:

//set default values
$find="";
$searching="";
$field="";
If(isset($_POST['searching']) && $_POST['searching']="yes"){
    $find= mysql_real_escape_string($_POST['find']);
    $searching=mysql_real_escape_string($_POST['searching']);
    $field=mysql_real_escape_string($_POST['field']);
    ...

Answer 2

As mentioned in my comment, after POSTing, you need to grab the variables from the $_POST array. Something like:

if ($_POST['searching'] == "yes") {
    $find = $_POST['find'];
    $field = $_POST['field'];

    // etc...

Answer 3

This looks like very old PHP code that had register_globals on. It doesn't work like that anymore.

Use the superglobal $_POST to get to your variables, for example:

if ($_POST['searching'] =="yes") {
    ...
}

Also, read into SQL injection and how to avoid it.