Magento SEARCH how do I achieve this?

magento.stackexchange https://magento.stackexchange.com/questions/16048

Question

this is my code

<form id="search_mini_form" action="<?echo $this->getUrl('catalogsearch/advanced/result') ?>" method="get">
    <div class="form-search">

            <select name="category" id="category_search_field">

    <option  >All Categories</option>
    <?php echo $categoryOptions ?>
</select>
    <label for="search"><?php echo $this->__('Search:') ?></label>
        <input id="search" type="text" name="name" value="<?php echo $this->helper('catalogsearch')->getEscapedQueryText() ?>" class="input-text" />
       <input id="description" class="input-text" value = "<?php $_GET['name'] ?>" type="hidden"   title="Description"   name="description"/>
       <input type="hidden"   class="input-text " value = "<?php $_GET['name'] ?>" title="Short Description"   id="short_description" name="short_description"/>
       <input type="hidden"   class="input-text " value = "<?php $_GET['name'] ?>" title="Artist First Name"   id="artist_first_name" name="artist_first_name"/>
        <input type="hidden"   class="input-text "  value = "<?php $_GET['name'] ?>" title="Artist Last Name"   id="artist_last_name" name="artist_last_name"/>
        <button type="submit" title="<?php echo $this->__('Search') ?>" class="button"><span><span><?php echo $this->__('Search') ?></span></span></button>

what I tried is to get the value of name field into rest of the hidden fields while submitting the form but when I submit the form the form gets re-directed and the values are passed as value "" all I need to do is

  1. give the option to search in a particular category with the particular attribute
  2. what value should I assign that when the user selects default option it searched in all category or attributes
  3. how do I make this search works so that input from search box search in all desired attribute, not just the name
Was it helpful?

Solution

The value probably stays empty because you aren't actually printing the value into the HTML. Your snippet shows <?php $_GET['name'] ?> while it should be <?php echo $_GET['name'] ?>. Mind the echo statement.

What is far more important, it's not secure to echo get/post variables directly into your HTML. I could inject all kinds of malicious javascript into your HTML. I think it's good to read about XSS on the folowing page: https://www.golemtechnologies.com/articles/prevent-xss#how-to-perform-XSS

It's very important to always escape your user data before printing it on the page or using it as a parameter in a database query. This to prevent vulnerabilities.

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top