antizero
10-16-02, 01:11 AM
I'm working on a search engine for my database-driven site (movie quizzes). The search form has a drop-down selection for search methods (by title, by director, and by actor).
Each search method has it's own table in the database (searchtitle, searchdirector, and searchactor).
Anyway, when I query the database, I want to specify what table to use with a variable. The drop-down selection part of the form is named "searchparam" and the values are the same as the table names (searchtitle, searchdirector, and searchactor). So, when the user performs a search, the keyword is passed to the search scripts, as is the search method.
Now, I can call up the search method alone with a simple test script as follows:
<?php
$searchparam = $HTTP_POST_VARS['searchparam'];
echo "searchparam is: $searchparam";
?>
The result is simply:
searchparam is: searchtitle
(or whatever other method was selected).
So I know the variable is being passed appropriately. However, when I use the variable $searchparam in my database query (already initialized with "$HTTP_POST_VARS" like above), everything falls apart. I can hardcode the table name into the query and it works great, but if I try to use the variable to insert the table name...kaboom.
Here's the line with the database query:
$query = "select quizIDs from $searchparam where word = '{$arrWords[$i]}'";
The "where word = '{$arrWords[$i]}'" part works fine (that's the variable holding the processed keyword) because I can hardcode the following and the search works:
$query = "select quizIDs from searchtitle where word = '{$arrWords[$i]}'";
And likewise, I can replace "searchtitle" with the other table names (searchactor and searchdirector) and the search works like it's supposed to.
I can even try out the test script with these lines:
<?php
$searchparam = $HTTP_POST_VARS['searchparam'];
$query = "select quizIDs from {$HTTP_POST_VARS['searchparam']} where word = '{$arrWords[$i]}'";
echo $query;
?>
and it will output:
select quizIDs from searchtitle where word = ''
(it doesn't show the "word" because the test script doesn't handle the keyword).
To me, that looks like a proper query (minus the "word" value)...
Any ideas why it doesn't work?
If this isn't clear, or you think it would be easier to straighten me out on AIM, my screen name is "J0hnny0nth3sp0t" (zeros and a three in place of vowels).
Thanks!
Each search method has it's own table in the database (searchtitle, searchdirector, and searchactor).
Anyway, when I query the database, I want to specify what table to use with a variable. The drop-down selection part of the form is named "searchparam" and the values are the same as the table names (searchtitle, searchdirector, and searchactor). So, when the user performs a search, the keyword is passed to the search scripts, as is the search method.
Now, I can call up the search method alone with a simple test script as follows:
<?php
$searchparam = $HTTP_POST_VARS['searchparam'];
echo "searchparam is: $searchparam";
?>
The result is simply:
searchparam is: searchtitle
(or whatever other method was selected).
So I know the variable is being passed appropriately. However, when I use the variable $searchparam in my database query (already initialized with "$HTTP_POST_VARS" like above), everything falls apart. I can hardcode the table name into the query and it works great, but if I try to use the variable to insert the table name...kaboom.
Here's the line with the database query:
$query = "select quizIDs from $searchparam where word = '{$arrWords[$i]}'";
The "where word = '{$arrWords[$i]}'" part works fine (that's the variable holding the processed keyword) because I can hardcode the following and the search works:
$query = "select quizIDs from searchtitle where word = '{$arrWords[$i]}'";
And likewise, I can replace "searchtitle" with the other table names (searchactor and searchdirector) and the search works like it's supposed to.
I can even try out the test script with these lines:
<?php
$searchparam = $HTTP_POST_VARS['searchparam'];
$query = "select quizIDs from {$HTTP_POST_VARS['searchparam']} where word = '{$arrWords[$i]}'";
echo $query;
?>
and it will output:
select quizIDs from searchtitle where word = ''
(it doesn't show the "word" because the test script doesn't handle the keyword).
To me, that looks like a proper query (minus the "word" value)...
Any ideas why it doesn't work?
If this isn't clear, or you think it would be easier to straighten me out on AIM, my screen name is "J0hnny0nth3sp0t" (zeros and a three in place of vowels).
Thanks!