Result from adding the echo $sql shows that all three of the form fields are not receiving the values. This means the query reads simply as 'select all' !
SELECT * FROM table WHERE '' LIKE '%%' ORDER BY ''
Incidentally, i've never seen the mysql_real_escape_string mentioned before. Again that shows how long ago it was since i wrote the code. The database whilst being hosted on my website and accessed via a webpage is just for personal use. As a result one needs a username and password to access the search page.
Last edited by perplexed; 06-03-09 at 04:49 AM.
|