FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


php and mysql form





davidmp3
Hello there pretty new to PHP & mysql but eager to learn... i understand HTML clearly... working on a small project. The problem is that my php form is not retrieving the information from mysql
what am i missing ? and how can i sanitize the 2nd part?

Thanks in advance



1st PHP file
[php]
<html>

<head>
<title>Searching for a customer...</title>
</head>

<h2>Search</h2>

<form name="search" method="post" action="custsearch.php">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="CustPhone">Phone Number</Option></option>
<Option VALUE="CustId">Cust ID</option>
<Option VALUE="CustAdd">Address</option>
<Option VALUE="CustCity">City</option>
<Option VALUE="CustState">State</option>
</Select>

<input type="submit" name="search" value="Search" />
</form>

</body>

</html>
[/php]

2nd file
[php]
<html>
<head><title>Searching for a Customer...</title>
</head>

<?php

echo "<h2>Search Results:</h2><p>";

//If they did not enter a search term we give them an error
if(empty($_POST['find']))

{
echo "<p>You forgot to enter a search term!!!";
exit;
}

// Otherwise we connect to our Database
mysql_connect("localhost:8888", "Admin", "xxxx") or die(mysql_error());
mysql_select_db("customer") or die(mysql_error());

echo "Successful Connection </br> <hr />";

mysql_select_db("customer") or die (mysql_error());
echo "Connected to Database </br> <hr />";

// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);

//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM bldgid WHERE upper($field) LIKE'%$find%'");

//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['CustPhone'];
echo " ";
echo $result['CustId'];
echo "<br>";
echo $result['CustAdd'];
echo "<br>";
echo "<br>";
}

//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query...<br><br>";
}

//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
//}
?>


</body>
</html>
[/php]
jmraker
The things they entered in the form would be in the $_POST and $_REQUEST array

and it's possible to combine all the 3 filters into one line
Code:
$find = trim(strip_tags(strtoupper($_REQUEST['find'])));
pollux1er
What jmracker wrote for sanitizing variables is correct.
For the result of yours scripts, I advise you to check whether your mysql query give some result or not.

Copy it and pase it into PHP Myadmin with exemples datas prensent into your database.
If it is correcte, let us know
Related topics
PHP, MySQL...
ASP +PHP+MySQL Tutorials
what is your php mysql apache installer package
Need some php/mysql dlls
The Basics (php, mysql etc)
What is useful way in this php+mysql problem?
PHP/Mysql - beginner!
A very good PHP MySQL Tutorial
Setup php,mysql and others...
php, mysql and iis5
 EASY 40 frih$ IF YOU KNOW PHP+MySQL 
Php Mysql security testing
Project to join - php,mysql??
Free PHP/MySQL login script
Need a Registration form PHP/Mysql with email confirmation
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.