Is this legitimate?

[Guest Jack Reno]

I'm very new to php and mysql, so you'll have to excuse my code. (it feels sloppy to me)

 

Anyhow, working on a random database project, and here is what I ran into:

 

Today I decided that I wanted a multiple input search option, and spent the day searching for examples and tutorials with little result. What examples I did find ran through what seemed like an eternity of conditional statements to execute various queries.

 

What I eventually came up with finally satisfied mysql and I'm fetching results as I hoped.

 

My question(s) however now revolve around the legitimacy of my coding. I.E. is this the proper way of handling multiple variables?

 

search.php:

 

mysql_connect("fdb1.agilityhoster.com",$username,$password);

mysql_select_db($database) or die( "Unable to select database");

 

 

 

$corp_raw=@$_POST["corp"];

$corp_strip=mysql_real_escape_string($corp_raw);

$corp_trim=trim($corp_strip);

$corp_search=strtoupper($corp_trim); // fetch and process data from form, can this be streamlined?

 

if($corp_search=="") //handle empty values within the form, is this redundant?

{

$corp_search="%%";

}

 

$ceo_raw=@$_POST["ceo"];

$ceo_strip=mysql_escape_string($ceo_raw);

$ceo_trim=trim($ceo_strip);

$ceo_search=strtoupper($ceo_trim);

 

if($ceo_search=="")

{

$ceo_search="%%";

}

 

$ticker_raw=@$_POST["ticker"];

$ticker_strip=mysql_escape_string($ticker_raw);

$ticker_trim=trim($ticker_strip);

$ticker_search=strtoupper($ticker_trim);

 

if($ticker_search=="")

{

$ticker_search="%%";

}

 

$status_search=@$_POST["status"];

$type_search=@$_POST["type"];

 

$limit=10;

 

$query="SELECT * FROM ipo1 WHERE UPPER(corp) LIKE '%$corp_search%' AND UPPER(ticker) LIKE '%$ticker_search%' AND UPPER(ceo) LIKE '%$ceo_search%' AND status LIKE '%$status_search%' AND type LIKE '%$type_search%'";

$numrows=mysql_query($query) or die("query on numrows line failed");

$num=mysql_num_rows($numrows);

 

 

 

if ($num == 0)

{

 

echo "

Sorry, your search returned zero results. Modify your search and try again.

";

}

 

 

//question regarding this block

if (empty($i))

{

$i=0;

}

 

$query.=" limit $i,$limit";

$result=mysql_query($query) or die("query on result line failed");

$count=1 + $i;

 

// why is the above code seemingly nessecary to avoid mysql_fetch_array() and mysql_num_rows() errors?

 

 

while ($row= mysql_fetch_array($result))

{

$corp = $row["corp"];

$ticker = $row["ticker"];

 

 

echo "$corp" ;

echo "$ticker";

$count++ ;

}

 

.... etc.

 

 

 

 

html for search form:

 

Corporation:

Ticker:

Ceo

Status:

Active

Closed

Scam

No Go

Any

Type of Offering:

IPO

Bond

Loan

Joke

Any

 

 

 

 

It is possibly relevant to note:

 

At no point do I want this search to search for 1 value OR another, rather functioning as a search refiner.

 

I had problems executing the query when 1 or more fields were empty until i added the value "%%" to the tags. (left blank prior)

 

It seems to work fine with or without the if statements near the top of the php script, I just haven't changed it yet.

 

This script does exactly what I want it to in its current form, it just doesn't feel right.

 

 

 

Is the value "%%" in my option tags a legitimate way of handling the "Any" option?

Can you offer me any tips that might streamline my php, so it doesn't feel so 'clunky'?

 

 

Sorry for the newb questions, any insight would be appreciated.