How to stop search field returning all results when submitting empty search field?

Question

If i click on my search field and submit it without entering any text all the data in my database is returned. How is this stopped so nothing happens?

Check out the site:

weezy.co.uk/newresults.php

Thanks!

James

 <?php

    $conn = mysql_connect("cust-mysql-123-02", "uwee_641290_0001", "La0%-Mr4");

    if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
    }

    {

      $search = "%" . $_POST["search"] . "%";
    $searchterm = "%" . $_POST["searchterm"] . "%";

    }

    if (!mysql_select_db("weezycouk_641290_db1")) {
    echo "Unable to select mydbname: " . mysql_error();
    exit;
    }

    $sql = "SELECT name,lastname,email 
    FROM   test_mysql
    WHERE  name LIKE '%".$search."%' AND lastname LIKE '%".$searchterm."%'";

    $result = mysql_query($sql);

    if (!$result) {
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
    }

    if (mysql_num_rows($result) == 0) {
    echo "No rows found, nothing to print so am exiting";
    exit;
    }


while ($row = mysql_fetch_assoc($result)) {
    echo '<br>';
    echo '<br>';
    echo '<div class="data1">';
    echo $row["name"];
    echo '</div>';
    echo '<br>';
    echo '<div class="data2">';
    echo $row["lastname"];
    echo '</div>';
    echo '<br>';
    echo '<div class="data3">';
    echo $row["email"];
    echo '</div>';
    }

    mysql_free_result($result);

    ?>

Answer 1

you should check if it's empty before making a query:

if(empty($_POST['searchterm'])){
    //don't search and show an error message
}else{
   //proceed as normal, do the query
}

otherwise you might end up making a query like:

WHERE name LIKE('%%')

which is really expensive and returns all your database rows