Searching a mysql database

donovan · May 17th, 2009, 10:11 AM

Hi
Im trying to search my database. I have 3 things to search : areas, general info and price range.
When I search just the area and price range, all works. When I search area and general info, all works. But I cant seem to get all three to work together.

The columns in my DB involved in my search are :areas, pool, security, storey & price.

Below is my search query
$query = "select * from sothebys where areas='$area' and (pool like '%".$general."%' or security like '%".$general."%' or storey like '%".$general."%') and (price between '$price_from' and '$price_to')";

Can anyone see off-hand what I am doing wrong?

Cheers
Donovan

Dubbs · May 19th, 2009, 08:52 AM

First, I am going to assume you are using PHP. If so remember to include mysql_real_escape_string around your variables in the query. If any of these variables have a sigle or double quote in them, your query may be causing an error.

Code:


			
$query = "select * from sothebys where areas='".mysql_real_escape_string($area)."' and (pool like '%".mysql_real_escape_string($general)."%' or security like '%".mysql_real_escape_string($general)."%' or storey like '%".mysql_real_escape_string($general)."%') and (price between '".mysql_real_escape_string($price_from)."' and '".mysql_real_escape_string($price_to."')" or die(mysql_error());

Again, assuming you are using PHP, for testing purposes add or die(mysql_errror()) at the end of your query will allow you to determine if your query has errors in it. Be sure to remove this before you move the script into production, since it can be used to compromise your site.

donovan · May 19th, 2009, 09:15 AM

Thanks for getting back to me.
What a bonus! Looks like it works fine.
I used to be able to give a thanks on here, how do I do that now.

Thanks alot
Donovan