Blank search displays all records

Use No records on the first page option on SQL query tab in PHPRunner.

Use No records on the first page option on SQL query tab in PHPRunner.

Hi, I've already checked off that option on the SQL query tab. When I go to the search page there are no records displayed however the problem is when I click the search button all the records are displayed.

Any ideas? When I sign into my database and click "Search" without entering anything into the search box, all the records are displayed. I do not want people to be able to get a list of everything in my database. I have the "No records on the first page" checked off on the SQL query tab which works for the initial page however it's when I'm searching which is the problem. Thanks!

This behavior is by design.
Search button with no parameters and Show all button are used to display all records in the database.
There are many ways to prevent the whole content of the database from being displayed.
In PHPRunner 4.1 you can use "Before SQL query" event and the following code:

This behavior is by design.

I added this to the "Before SQL query" event page but it's still displaying all the database records when a blank search is performed. I've posted the .PHP page I'm having trouble with, I don't know if this helps but it may give you some insight into my problem.
<?php
// Before record added

function BeforeAdd(&$values,&$message)

{

// Parameters:

// $values - Array object.

// Each field on the Add form represented as 'Field name'-'Field value' pair
//** Check if specific record exists ****

global $conn;

$strSQLExists = "select * from _Customer where Phone_1='".$values["Phone_1"]."'";

$rsExists = db_query($strSQLExists,$conn);

$data=db_fetch_array($rsExists);

if($data)

{

echo "A customer in the database already has this phone number. Please search for the existing customer.";

return false;

}

else

{

return true;

}
} // function BeforeAdd
// List page: Before SQL query

function BeforeQueryList(&$strSQL)

{

//** Custom code ****

if(!count($_GET) && !count($_POST))

$strSQL = AddWhere($strSQL,"1=0");

}
?>

Try using this code in Before SQL query event:

if(!count($_GET) && !count($_POST) || @$REQUEST["SearchFor"]=="")

Try using this code in Before SQL query event:

Okay. I inserted the code and am getting this error message:
[codebox]Error type 8

Error description Undefined variable: gstrSQL

URL test.com/_Customer_list.php?

Error file /home/contract/public_html/include/_Customer_events.php

Error line 86

SQL query select `ID`, `Last_update`, `Created_by`, `Last_name`, `First_name`, `Created_date`, `Last_update_date`, `Last_update_by`, `Phone_1`, `Address`, `City`, `State`, `Zip`, `Customer_num` From `_Customer` where 1=0[/codebox]

Sorry, my fault.

Try this one:

global $gstrSQL;

Sorry, my fault.

I had to tweak one little thing with your code (it's in blue) and now it works! Thanks so much for the help, (and the future help to come hehe), you guys rock!!!
@$REQUEST["a"]=="search" && @$****REQUEST["SearchFor"]=="")

Hi,

How about advanced search.

And from ad new - back to list, edit - back to list. Here show all records, whats is in any time not need.

Thanks

Rimantas

Rimantas,
you need to modify this sample code for this purpose.

For example to add advanced search parameters use this code:

global $gstrSQL;

where FieldName is your actual field name.