dicklee

This is my first mod, i used the one Shrek posted as source and added the abilitie to select a city to search in. <?php session_start(); include "globals.php"; if($_POST['submit']) { $levelmin_clause="WHERE level >= {$_POST['levelmin']}"; $levelmax_clause=" AND level <= {$_POST['levelmax']}"; $name_clause=($_POST['name']) ? " AND username LIKE('%{$_POST['name']}%')" : ""; $location_clause=($_POST['location']) ? " AND location = {$_POST['location']}" : ""; $gender_clause=($_POST['gender']) ? " AND gender LIKE('%{$_POST['gender']}%')" : ""; $job_clause=($_POST['job']) ? " AND job = {$_POST['job']}" : ""; $house_clause=($_POST['house']) ? " AND maxwill = {$_POST['house']}" : ""; $online_clause=($_POST['online']) ? " AND laston >= unix_timestamp() - {$_POST['online']}" : ""; $daysmin_clause=($_POST['daysmin']) ? " AND daysold >= {$_POST['daysmin']}" : ""; $daysmax_clause=($_POST['daysmax']) ? " AND daysold <= {$_POST['daysmax']}" : ""; $db->query("SELECT * FROM users $levelmin_clause$levelmax_clause$name_clause$location_clause$gender_clause$job_clause$house_clause$online_clause$daysmin_clause$daysmax_clause",$c,$h); print $db->num_rows($q)." players found. <table><tr style='background-color:gray;'><th>User</th><th>Level</th><th>Money</th></tr>"; while($r=$db->fetch_row($q)) { print "<tr><td>[url='viewuser.php?u={$r[']{$r['username']}[/url]</td><td>{$r['level']}</td><td>\${$r['money']}</td></tr>"; } print "</table>"; } else { print <<<EOF <h3>Search</h3> <font color=red>*</font> is a required field. <form action=search.php method=post> <input type=hidden name=submit value=1> Name: <input type=text name=name> Level: From: <font color=red>*</font><input type=text name=levelmin value=1> To: <font color=red>*</font> <input type=text name=levelmax value=100> Gender: <select name=gender type=dropdown> <option value=0 selected>Either</option> <option value=Male>Male</option> <option value=Female>Female</option></select> Job: <select name=job type=dropdown> <option value=0 selected>Any Job</option> <option value=1>Driver</option> <option value=2>Medical</option> <option value=3>Bank</option> <option value=4>Police Officer</option> <option value=5>Technician</option></select> House: <select name=house type=dropdown> <option value=0 selected>Any House</option> EOF; $q=$db->query("SELECT * FROM houses ORDER BY hWILL ASC", $c); while($r=$db->fetch_row($q)) { print "\n<option value='{$r['hWILL']}'>{$r['hNAME']}</option>"; } print <<<EOF </select> Location: <select name='location' type='dropdown'>"; <option value=0 selected>Any Location</option> EOF; $q=$db->query("SELECT * FROM cities", $h); while($r=$db->fetch_row($q)) { print "\n<option value='{$r[cityid]}'>{$r[cityname]}</option>"; } #print "</select> print <<<EOF </select> Days Old: From: <input type=text name=daysmin> To: <input type=text name=daysmax> <input type='submit' value='Go'></form></select> EOF; } $h->endpage(); ?>   Give me your commentson what i could improve. I am new at this PHP stuff so be gentle and by all means let me know if there are any security vulnerabilities in it.