Ananda Rizky Kurniawan Ananda Rizky Kurniawan - 1 year ago 46
PHP Question

Search Query Didn't Work Well

I got a problem will using the search. I want to show it like this if I didn't put a word:

Not found

And the code is like this:


$search = trim($_POST["search"]);
$search = htmlentities(htmlspecialchars($search), ENT_QUOTES);

$select = "SELECT * FROM articleWHERE article_title LIKE '%" . $search . "%' ORDER BY id_artikel DESC LIMIT 12";
$query = mysql_query($select);
$num = mysql_num_rows($query);

if ($num > 0) {
while ($fetch = mysql_fetch_array($query)) {
echo '<div class="row">';
echo ' <div class="col-md-4">';
echo ' <div class="news-post standard-post2">';
echo ' <div class="post-gallery">';
echo ' <img src="#" alt="">';
echo ' <a class="category-post world" href="#">Business</a>';
echo ' </div>';
echo ' <div class="post-title">';
echo ' <h2><a href="#">' . $fetch["article_title"] . '</a></h2>';
echo ' <ul class="post-tags">';
echo ' <li><i class="fa fa-clock-o"></i>' . date("d F Y") . '</li>';
echo ' <li><i class="fa fa-user"></i>by <a href="#">' . $fetch["writer"] . '</a></li>';
echo ' <li><a href="#"><i class="fa fa-comments-o"></i>23</a></li>';
echo ' <li><i class="fa fa-eye"></i>' . $fetch["read"] . '</li>';
echo ' </ul>';
echo ' </div>';
echo ' <div class="post-content">';
echo ' <p>' . substr(strip_tags($fetch["content"]), 0, 150) . "..." . '</p>';
echo ' <a href="artikel.php" class="read-more-button"><i class="fa fa-arrow-circle-right"></i>Read More</a>';
echo ' </div>';
echo ' </div>';
echo ' </div>';
echo '</div>';
} else {
echo '<p align="center">Not Found</p>';

If I didn't put a word on the search form it didn't show the "not found". Please let me know how I go about doing it.

Answer Source

If I didn't put a word on the search form it didn't show the "not found".

Just change the if condition to exclude empty:

if ($num > 0 && strlen($search) > 0) {

The possible reason why it doesn't show is, when you search for %% it includes all the rows so it is technically good search.

Also, please don't use mysql_* functions, as they are deprecated. Either switch to PDO or mysqli_* functions. See Why shouldn't I use mysql_* functions in PHP?

And your code is very much vulnerable to SQL Injection Attack. See: How does the SQL injection from the "Bobby Tables" XKCD comic work?

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download