Hi, I am trying to make some changes to the searchbox for seo. I need to have the variable $sSearchTerm in the .php file rather then the .tpl file. I can control this in the .tpl file, adding to it or making a link with it etc. However I want to add some features and require the 'q' value from the url in the .php coding so I can make changes here and not in the .tpl file. How do I call it?
I am only working with the search pages. I hope this makes sence.

Thanks, Phil.

the 'q' value is part of the globals.

I won't tell you exactly as it's more fun learning, but I'll give you a clue:

add this line to the .php file and see what happens:

echo $_GET['q'].'<br />';
you might also find some answers by doing this too:

echo $oShopCore->sQuery.'<br />';
infact, all the answers to every question you could possibly have about how to call any element can be found by looking in the main shopcore object.
Add these lines in product_display_list.php somewhere after: $oShopCore->syncApiParams($oProductDisplayListParams);


print('<pre>');
print_r($oShopCore);
print('</pre>');
the further down the "stack" you add this, the closer the $oShopCore Object will be to the end Object used for the display data.

Hi, thanks for that I will have a play. I understand what you mean about it's more fun learning, better to learn than just be told something.

I can make lots of changes in the tpl files, changing alt and title tags and the displayed text but when it comes to using the string value in the .php files I just cannot get them to work.

It maybe just the way I am trying to use them but as far as I can tell $sSearchTerm does not seem to exist in the php files and yet it seems to get further down the line to the tpl file called be the preceeding php file.

On a similar thing I have also found the value sBrand. If I wanted this as a string $sBrandName would I have to make a new variable towards the begining of the SW code or can I just make it further on, say in

includes/elements/product_dispaly.php.

Something like:-

$sBrandName = $oProduct->sBrand; (Not sure of the correct coding)

and then display the $sBrandName in the temp/temp 3b/product_display.tpl file? I am on the right track?

Cheers, Phil.

Hi, I have tried

print('<pre>');
print_r($oShopCore);
print('</pre>');

in

product.php
inc/ele/prod_disp.php
inc/ele/prod_disp_list.php

Nothing happens, I forgot to mention that I am using version one, sorry.

Cheers, Phil.

oh, version one works very differently.

You're just looking to use $_GET['q'].

but be warned.
$_GET['q'] is whatever the user inputs into your searchbox, eg:

user enters: ben10
$_GET['q'] = "ben10" :)

user enters: underpants
$_GET['q'] = "underpants" :p

user enters: mysql_query("DROP TABLE table_name")
$_GET['q'] = "An intense headache" :eek:

so, I would consider sanitizing everything before executing it, either to the screen, into a DB or anywhere. It's best to do this before ANY other code is executed.

eg:

ensure it is set, so cannot be maliciously set further down the script:

$sQuery = (isset($_GET['q']) ? htmlspecialchars(stripslashes($_REQUEST['q'])) : '');
(Keep that line in your toolkit, it's very handy for all GET POST and REQUEST variables. I basically sets the new variable ($sQuery) to an empty string if it isn't already set to something else)

next, make sure the input is something like the input we're expecting by change it to alphanumerics (allowing spaces and dashes):

$sQuery = ereg_replace("[^A-Za-z0-9 -]", "",$sQuery);
(off the top of my head, I can't think of any reason for allowing any other characters)

and before letting it anywhere near a DB, make sure you give it the old mysql_real_escape_string(), like so:

mysql_query("INSERT INTO my_table VALUES ('".mysql_real_escape_string($sQuery)."'),$db)$sQuery is a generic name Ive just given it, you can give it any name you like.

I would advise dropping Version 1 though, especially if you're only in development.

V2 is far superior in what can be achieved, is easier to work on (although more complicated), has a more logical file structure and isn't scheduled to be turned off any time soon.