could anyone check this code for me plsss?

Question

mtvaran 0 Newbie Poster

14 Years Ago

basically this is a search function.(i have to search the data from database)

<form  method="post" action="search.php"  name="submitted" value ="true"  /> 
  <label>TYPE: 
  <select name="field"> 
    <option value = "sid">StudentID</option> 
    <option value = "sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit"  /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

   

$field= $_POST['field']; 
$searchword = $_POST['searchword']; 
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

// = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 

} 

mysql_close($con); 

?>

php

5 Contributors
14 Replies
213 Views
5 Days Discussion Span
Latest Post 14 Years Ago Latest Post by monica singh

Graphix 68 ---

14 Years Ago

>> Line 1 - There is no attribute for the form tag called 'value'

>> Line 4, 5 - Do not use spaces between attributes and their values (so value = "sid" needs to be value="sid" )

>> Line 12 - Add a attribute "name" with the value "submitted" to the submit element, else the if statement on line 17 does not work correctly

>> Line 25, 26 - This is not an error but if the code goes online, it can be exploited by adding SQL code into the value of the form elements, clean it up before adding them to the query:

$searchword = htmlentities(addslashes($_POST['searchword']));

>> Line 48 - You need to place this line within the if statement brackets, as there only is a connection when it has been openend on line 19

~G

Edited 14 Years Ago by Graphix because: n/a

monica singh 0 Light Poster

14 Years Ago

hi, dear..
In line 37 ,why are you using $field ='$searchword'".....
and in line 45 try to use mysql_num () or mysql_assoc() with mysql_fetch_array.

let me know what exactly you want...

Graphix 68 ---

14 Years Ago

I adjusted the code so that it should work, pay attention to the changes I made that I typed out in my first post:

<body>

<form  method="post" action="new.php" /> 
  <label>TYPE: 
  <select name="field"> 
    <option value="sid">StudentID</option> 
    <option value="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name="submitted" /> 
  
</form> 

<?php 

/* If the form is submitted: */

if (isset($_POST['submitted'])){ 

 /* Connecting to the database: */

 $con = mysql_connect("localhost","root",""); 

 mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

 /* Retrieving form values: */

 $searchword = htmlentities(addslashes($_POST['searchword']));
 $field = htmlentities(addslashes($_POST['field']));
 $searchword = htmlentities(addslashes($_POST['searchword']));

 /* Executing search query: */

 $query = "SELECT * FROM student WHERE ".$field." = '".$searchword."'";
 $result = mysql_query($query) or trigger_error('MySQL error: ' . mysql_error());  
 
 /* Showing search results: */

 if (mysql_num_rows($result) > 0) {

  /* If the amount of rows is bigger than 0: */

  echo "<table>"; 
  echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 

  while($row = mysql_fetch_array($result)){ 

    echo "<tr><td>"; 
    echo $row['sid']; 
    echo "</td><td>"; 
    echo $row['sname']; 
    echo "</td></tr>"; 

  } 

  echo "</table>"; 

 } else {

  /* If no records were found: */
  echo "You search query did not match any record.";

 }

 mysql_close($con); 

} 
?>
</body>
</html>

~G

Edited 14 Years Ago by Graphix because: n/a

Graphix 68 ---

14 Years Ago

Alright, I guess you stopped reading my posts which provided the solution and which only need one more adjustment to work with the table you described in your last post. Finding a solution when you show no effort on solving your OWN problem and use youtube films to learn PHP, is not going to work...

Good luck.

Ezzaral commented: Agree +14

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mtvaran 0 Newbie Poster · Answer 1 · 2010-11-08T04:43:34+00:00

>> Line 1 - There is no attribute for the form tag called 'value'
>> Line 4, 5 - Do not use spaces between attributes and their values (so value = "sid" needs to be value="sid" )
>> Line 12 - Add a attribute "name" with the value "submitted" to the submit element, else the if statement on line 17 does not work correctly
>> Line 25, 26 - This is not an error but if the code goes online, it can be exploited by adding SQL code into the value of the form elements, clean it up before adding them to the query:
$searchword = htmlentities(addslashes($_POST['searchword']));
>> Line 48 - You need to place this line within the if statement brackets, as there only is a connection when it has been openend on line 19
~G

hi dear i just made some correction as you suggested but still some error. im bit stupid on php so could u pls check this code again for me?

<body>

<form  method="post" action="new.php"  name="submitted"   /> 
  <label>TYPE: 
  <select name="field"> 
    <option value ="sid">StudentID</option> 
    <option value ="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name ="submitted" /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 
$searchword = htmlentities(addslashes($_POST['searchword']));

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

$field= $_POST['field'];
$searchword = $_POST['searchword'];


$result = mysql_query("SELECT* FROM student WHERE $field ='$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

//$result = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 


} 

mysql_close($con); 

?>
</body>
</html>

NB: this is my error.....
Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 37

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 45

mtvaran 0 Newbie Poster · Answer 2 · 2010-11-08T22:11:16+00:00

hi, dear..
In line 37 ,why are you using $field ='$searchword'".....
and in line 45 try to use mysql_num () or mysql_assoc() with mysql_fetch_array.
let me know what exactly you want...

HI DEAR, basicaly i hav a table student, column names (StudentID,StudentName and some more.......) in my database. so now i need to search data using StudentID or StudentName.
if you could watch this clip you will get more.

http://www.youtube.com/watch?v=IYmS5HRo6JI&feature=channel

if you could help me with this function. i would appreciate.
thanx

mtvaran 0 Newbie Poster · Answer 3 · 2010-11-09T06:14:58+00:00

Alright, I guess you stopped reading my posts which provided the solution and which only need one more adjustment to work with the table you described in your last post. Finding a solution when you show no effort on solving your OWN problem and use youtube films to learn PHP, is not going to work...
Good luck.

Dear, i copied your coding and ran again, there was same error message like this...

Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 48

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 52
You search query did not match any record.

that is why i posted the youtube video to understand my question to you all guys.
hope you get my point. if you can provide any solution for me. would appreciate.
thank you

monica singh 0 Light Poster · Answer 4 · 2010-11-09T16:29:22+00:00

hi, dear

can u tell me what you what to do in this code or what functionality you want in your code...so that i can code for you.

stokes1900 -5 Light Poster · Answer 5 · 2010-11-09T17:01:42+00:00

stokes1900 -5 Light Poster

14 Years Ago

first tell me what r you trying to do..that I can help you

Graphix commented: Not helping +0

Borzoi 24 Posting Whiz · Answer 6 · 2010-11-09T19:02:51+00:00

You will never learn if you just get other people to fix your errors, just like Graphix said. I can see the change that needs to be done to get the code to work and it's a very minor correction needed.

I will tell you what the problem is but I won't provide the solution.

What's happening is your column name is "StudentID" but your code is trying to match a variable to something in the non-existent column called "sid".

stokes1900 -5 Light Poster · Answer 7 · 2010-11-09T19:38:04+00:00

$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());

in this line you have used php variable($field)in mysql query. you can use only table field name.

Borzoi 24 Posting Whiz · Answer 8 · 2010-11-09T20:09:22+00:00

$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());
in this line you have used php variable($field)in mysql query. you can use only table field name.

Graphix provided a solution to that which allowed the use of a variable.

mtvaran 0 Newbie Poster · Answer 9 · 2010-11-10T21:10:07+00:00

thank you so much guys for your helps and positive advice. :)

monica singh 0 Light Poster · Answer 10 · 2010-11-12T18:16:19+00:00

Hi dear,

Here Your code.

<html><head></head>
<body>
<form action="only_check.php" method="POST">
enter ID <input type="text" name="id"><br/>
enter Name<input type="text" name="name">
<input type="submit" ><br/>
</form>


</body></html>

<?php
$id =$_POST['id'];
$name =$_POST['name'];
$server = "localhost";
$username = "root";
$password = "";
$db_name = "students";
$db = mysql_connect($server,$username,$password) or DIE("Connection to database failed, perhaps the service is down !!");
$db1=mysql_select_db($db_name) or DIE("Database name not available !!");

$login = mysql_query("select * from info where (stu_id ='".$id."')");

$row = mysql_fetch_row($login);
echo "<b>Search by Id</b><br/>";
echo $row[0]."<br/>";
echo $row[1]."<br/>";
echo $row[2]."<br/>";
echo $row[3]."<br/>";
echo"<br/>";

$login = mysql_query("select * from info where (stu_name ='".$name."')");

$row = mysql_fetch_row($login);
echo "<b>Search by name</b><br/>";
echo $row[0]."<br/>";
echo $row[1]."<br/>";
echo $row[2]."<br/>";
echo $row[3]."<br/>";

?>

Just change your database name, table name and also table fields according to your database.