displaying more than 2 records in a search form..

lilvamp 12 May, 2009
hello there guys, i've searched thru the forum's archive and found that there aren't any guides or problems on how to display more than 2 records in a search form created. I've followed the steps which is guided by diane in some topic and had made some modifications..... but i'm still stuck as i need to display at least more than 2 results from a search form.... below is my attached codes...

<?php

$db =& JFactory::getDBO();

$symp = JRequest::getString('symp', '', 'post');

if ( $symp ) {
  $sql="
    SELECT * 
      FROM `disease1`
      WHERE `disease_symptom` LIKE '%$symp%'
      ORDER BY `cf_id` DESC";

$db->setQuery($sql);

$results = $db->loadRowList();

foreach ($results as $result ); {
if (!$result){
  echo "There is no matching diseases.";
  }
else {

  echo "Your have been pre-diagnosed to have " .$result [6]; echo ".";
  
}
if ($result = 2 ){
 
  echo "Your have been pre-diagnosed to have " .$result [6]; echo",";
  }
  }


}

?>



basically this search form is to search the database for possible diseases, or something like a pre-diagnose where a user enters the symptoms and submits the form. A list of suspected diseases will be displayed.... however, i was only able to display 1 result at a time =.=...please do help

p/s: knowledge in php and programming = minimal, but will try to learn!

thank you in advance... =D
GreyHead 12 May, 2009
Hi livvamp,

Please take a look at ChronoConnectivity - that's ChronoForms sister tool intended to deal with displaying lists of results. I think it will easily handle this for you.

Bob
nml375 12 May, 2009
There are a few issues to tend to here:

First up, your code is vulnerable to SQL injection attacks. If someone adds ' to their symptom, they'll actually be able to execute arbitrary SQL-commands. The fix for this is something like this:
...
if ($symp) {
  $sql = sprintf("SELECT * FROM %s WHERE %s LIKE %s ORDER BY %s DESC", $db->nameQuote('disease1'), $db->nameQuote('disease_symptom'), $db->Quote($symp), $db->nameQuote('cf_id'));
  $db->setQuery($sql);
...

This approach lets the database engine quote any characters that otherwise would cause unexpected behaviour.

Next, your foreach-loop is kind of the correct approach, but it's flawed...
There should not be any ; right after the argument. Basically, you just print the last item in the resultSet. Also, to get the proper "item1, item2, item3." layout, we need to extract the needed item from the result-list and add it to an empty array. Since you retrieve multiple table columns (SELECT *), we can't simply use the resultlist as is.
Once we got our diseases, it's a mere matter of implode() ing it:
$results = $db->loadRowList();

$diseases = array();
foreach ($results as $result) {
  $diseases[] = $result[6];
}
echo "You have been pre-diagnosed to have: " . implode(',', $diseases) . ".";


/Fredrik
This topic is locked and no more replies can be posted.