2011-09-23, 05:18 PM
This is the form it uses:
This is from the PHP file:
For some reason when I have it echo $searchquery, it gets the correct value, but when it runs the query it has this
<form action="{$settings['bburl']}/groups.php?action=search" method="post">
<input type="text" name="searchquery" value="{$searchquery}" />
<input type="submit" value="{$lang->search}" /></form>
This is from the PHP file:
$searchquery = filter_var($db->escape_string($_POST['searchquery']), FILTER_SANITIZE_STRIPPED);
echo $searchquery;
$posts = $db->query("SELECT DISTINCT p.*, c.*, g.*, r.*, u.*, ug.*
FROM ".TABLE_PREFIX."sgposts p
LEFT JOIN ".TABLE_PREFIX."sgconversations c ON (p.conid=c.conid)
LEFT JOIN ".TABLE_PREFIX."socialgroups g ON (c.sgid=g.sgid)
LEFT JOIN ".TABLE_PREFIX."socialgroupsread r ON (g.sgid=r.sgid)
LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
LEFT JOIN ".TABLE_PREFIX."usergroups ug ON (u.displaygroup=ug.gid)
WHERE p.message LIKE '%$searchquery%' OR c.topic LIKE '%$searchquery%'
ORDER BY p.time DESC");
For some reason when I have it echo $searchquery, it gets the correct value, but when it runs the query it has this
p.message LIKE '%%' OR c.topic LIKE '%%'
in the where clause instead of what $searchquery is. What am I not doing properly?