What is wrong with this code??

--000e0cdfd7eaf40e7304a6d7fe42
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi All,

I have this search code for a library. however I have the same script in 2
different files, one with just search script and another with the
pagination. But when I combined it its giving me few errors. I am getting
the below errors.


*Notice*: Undefined index: start in *C:\wamp\www\search with
pagenatation\search.php* on line *12*

*Notice*: Undefined variable: x in *C:\wamp\www\search with
pagenatation\search.php* on line *41*

*Notice*: Undefined variable: construct in *C:\wamp\www\search with
pagenatation\search.php* on line *43*

*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given in *C:\wamp\www\search with pagenatation\search.php* on line *56*

No results found.

************************************************************ ***************=
*************************************
*

Here is the search.php code:*


@mysql_connect("localhost","root","") or die("couldn't connect");
@mysql_select_db("search") or die("couldn't select database.");

// max displayed per page
$per_page =3D 1;

//get data
$button =3D $_GET['submit'];
$search =3D $_GET['search'];
$start =3D $_GET['start'];

// count records
$record_count =3D mysql_num_rows(mysql_query("SELECT * FROM search"));

//count max pages
$max_pages =3D ceil($record_count / $per_page); // may come out as decimal

if (!$start)
$start =3D 0;

if ($button=3D0)//or try ==0 its bean a long time
echo "
You didn't submit a keyword.";
else
{
if (strlen($search)<=3D2)
echo "
Search term too short.=
";
else
{
echo "You searched for $search";


//explode our search term
$search_exploded =3D explode(" ",$search);

foreach($search_exploded as $search_each)
{

//construct query
$x++;
if ($x==1)
$construct .=3D "keywords LIKE '%$search_each%'";
else
$construct .=3D " OR keywords LIKE '%$search_each%'";

}



//echo out construct

$construct =3D "SELECT * FROM search WHERE $construct LIMIT $start=
,
$per_page";
$run =3D mysql_query($construct);

$foundnum =3D mysql_num_rows($run);

echo $foundnum;

if ($foundnum==0)
echo "
No results found.";
else
{
echo " $foundnum results found!";

while ($runrows =3D mysql_fetch_assoc($run))
{
//get data

$title =3D $runrows['title'];
$desc =3D $runrows['desc'];
$key =3D $runrows['keywords'];
$url =3D $runrows['url'];

echo "

Re: What is wrong with this code??

--00151757480840d44e04a6d85201
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi list,GURU,
For the first notice error, if you try to get value from post,get variable
and the value is not sent or not present you have this kind of notice
error, this is why you have to check for every get/post value if it's set
or it's secure and you can do it with isset or empty:
example:

$start =3D ( !empty($_GET['start']) )?$_GET['start']:null;
// if $_GET['start'] is empty so store null on $start else store
$_GET['start']

also dont forget to filter your fields and investigate more to understand
better how to make a secure php program, about the $x it's not initialised
you increment it without begining value so php told you ++ of what ?
hope this email will help you and good luck in making the php world more
secure,

Great Regard

zendyani

2011/6/29 Guru=99

> Hi All,
>
> I have this search code for a library. however I have the same script in =
2
> different files, one with just search script and another with the
> pagination. But when I combined it its giving me few errors. I am getting
> the below errors.
>
>
> *Notice*: Undefined index: start in *C:\wamp\www\search with
> pagenatation\search.php* on line *12*
>
> *Notice*: Undefined variable: x in *C:\wamp\www\search with
> pagenatation\search.php* on line *41*
>
> *Notice*: Undefined variable: construct in *C:\wamp\www\search with
> pagenatation\search.php* on line *43*
>
> *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
> given in *C:\wamp\www\search with pagenatation\search.php* on line *56*
>
> No results found.
>
>
> ************************************************************ *************=
***************************************
> *
>
> Here is the search.php code:*
>
> >
> @mysql_connect("localhost","root","") or die("couldn't connect");
> @mysql_select_db("search") or die("couldn't select database.");
>
> // max displayed per page
> $per_page =3D 1;
>
> //get data
> $button =3D $_GET['submit'];
> $search =3D $_GET['search'];
> $start =3D $_GET['start'];
>
> // count records
> $record_count =3D mysql_num_rows(mysql_query("SELECT * FROM search"));
>
> //count max pages
> $max_pages =3D ceil($record_count / $per_page); // may come out as decim=
al
>
> if (!$start)
> $start =3D 0;
>
> if ($button=3D0)//or try ==0 its bean a long time
> echo "
You didn't submit a keyword.";
> else
> {
> if (strlen($search)<=3D2)
> echo "
Search term too short. >";
> else
> {
> echo "You searched for $search";
>
>
> //explode our search term
> $search_exploded =3D explode(" ",$search);
>
> foreach($search_exploded as $search_each)
> {
>
> //construct query
> $x++;
> if ($x==1)
> $construct .=3D "keywords LIKE '%$search_each%'";
> else
> $construct .=3D " OR keywords LIKE '%$search_each%'";
>
> }
>
>
>
> //echo out construct
>
> $construct =3D "SELECT * FROM search WHERE $construct LIMIT $star=
t,
> $per_page";
> $run =3D mysql_query($construct);
>
> $foundnum =3D mysql_num_rows($run);
>
> echo $foundnum;
>
> if ($foundnum==0)
> echo "
No results found.";
> else
> {
> echo " $foundnum results found!";
>
> while ($runrows =3D mysql_fetch_assoc($run))
> {
> //get data
>
> $title =3D $runrows['title'];
> $desc =3D $runrows['desc'];
> $key =3D $runrows['keywords'];
> $url =3D $runrows['url'];
>
> echo "
>