PHP/mysql_query problems

Question

Rian19 0 Newbie Poster

13 Years Ago

Hi

I'm just starting with php programming and need some help. This is just a test script I'm writing to see how it works.

I'm trying to search for phone of a certain make and price using a different search box for Make and price.

I want the results to return all the phones that is of a certain Make and below a certain price. And also if just make is searched for that all the ones with that make must be returned. The same with price.

I have been searching all over the internet and trying hundreds of different things but it just doesn't want to work.

Here is my code so far.

<?php
//connect to database
mysql_connect('localhost', 'rian', 'ri0401')
or die(mysql_error('Could not connect'));
mysql_select_db("test")
or die(mysql_error('Could not select database'));

//Identify verubles
$make = $_POST['Make'];
$price = $_POST['Price'];

//query
$sql=mysql_query("Select *
     From test
	 Where Price <= '.%$price%.'
	 AND 
	 Make Like '".$make."'")
	or die(mysql_error());

while ($row=mysql_fetch_array($sql)){
	echo $row['Make'];
	echo '<br/>';
	echo $row['Model'];
	echo '<br/>';
	echo $row['Price'];
	echo '<br/><br/>';
}
?>

Any help will be appreciated.

Thanks
Rian

mysql php seo

5 Contributors
8 Replies
236 Views
2 Days Discussion Span
Latest Post 13 Years Ago Latest Post by cwarn23

ajbest 0 Light Poster

13 Years Ago

<?php
//connect to database
mysql_connect('localhost', 'rian', 'ri0401')
or die(mysql_error('Could not connect'));
mysql_select_db("test")
or die(mysql_error('Could not select database'));

//Identify verubles
$make = $_POST['Make'];
$price = $_POST['Price'];

//query
$sql=mysql_query("Select *
     From test
	 Where Price <= '".$price."'
	 AND 
	 Make Like '%".$make."%'")
	or die(mysql_error());

while ($row=mysql_fetch_array($sql)){
	echo $row['Make'];
	echo '<br/>';
	echo $row['Model'];
	echo '<br/>';
	echo $row['Price'];
	echo '<br/><br/>';
}
?>

looks like you had some % signs in the wrong place on your query. Try this and post back the sql error if it still doesn't work.

Edited 13 Years Ago by ajbest because: n/a

rotten69 20 Posting Whiz

13 Years Ago

Good practice is to have something like this in mind.. If you're dealing with DB systems, connection_name.open at the top and once all queries and things are done with the DB then close it... connection_name.close

please check the php manual site for more info on how to open/close connection.. php.net

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Rian19 0 Newbie Poster · Answer 1 · 2011-10-15T14:56:44+00:00

Thanks, ajbest

There was no error. The only problem is when you only add a Make search no results is returned. When you add both make and price the results is returned correctly. And also if you just enter a Price search.

ajbest 0 Light Poster · Answer 2 · 2011-10-15T22:09:27+00:00

You will have to use a couple if statements to construct your query. Something like this

//initialize the same way with your db connection
$query="SELECT * FROM test WHERE";
if (isset($_POST['make'])){
   $query.=" Make LIKE '%".mysql_real_escape_string($_POST['make'])."%' AND"
}
if (isset($_POST['price']{
   $query.=" Price <= '".mysql_real_escape_string($_POST['price'])."'";
} 
else {$query=substr($query, 0, -3);}// this takes out the and statement in the event price was not posted

if (!isset($_POST['make'], $_POST['price'])){$query=substr($query, 0, -5);}//this takes out the where statement in the event neither the price nor make was posted

$sql=mysql_query($query) or die (mysql_error());
//continue with same display

Note that I have also implemented mysql_real_escape_string. This function will sterilize the post vars to prevent potential sql injection attacks. It is always best to not trust any user input. Assume everyone is a hacker and your code will end up a lot safer.

Rian19 0 Newbie Poster · Answer 3 · 2011-10-16T15:00:54+00:00

I tried that but now it just returns everything in the database regardless of what you enter.

Here is the code. I might have done something wrong.

<?php
//connect to database
mysql_connect('localhost', 'rian', 'ri0401')
or die(mysql_error('Could not connect'));
mysql_select_db("test")
or die(mysql_error('Could not select Database'));

//Identify verubles
$make = $_POST['Make'];
$price = $_POST['Price'];

//query
$query=("Select * From test Where");
if (isset($_POST['make'])){
	$query.="  Make LIKE '%".mysql_real_escape_string($_POST['make'])."%' AND";
}
if (isset($_POST['price'])){
	$query.=" price <= '".mysql_real_escape_string($_POST['price'])."'";
}
else {$query=substr($query, 0, -3);}

if (!isset($_POST['make'], $_POST['price'])){$query=substr($query, 0, -5);}

$sql=mysql_query($query) or die (mysql_error());
while ($row=mysql_fetch_array($sql)){
	echo $row['Make'];
	echo '<br/>';
	echo $row['Model'];
	echo '<br/>';
	echo $row['Price'];
	echo '<br/><br/>';
}
?>

Rian19 0 Newbie Poster · Answer 4 · 2011-10-16T19:39:04+00:00

I was wondering if you can't do something like this.

//query
if (isset($_POST['make'])){
	$query.="  Make LIKE '%".mysql_real_escape_string($_POST['make'])."%'";
}
if (isset($_POST['price'])){
	$query.=" price <= '".mysql_real_escape_string($_POST['price'])."'";
}

if (isset($_POST['make'], $_POST['price'])){
	$query.="Select *
     From test
	 Where Price <= '".mysql_real_escape_string($price)."'
	 AND 
	 Make Like '%".mysql_real_escape_string($make)."%'"
	or die(mysql_error());
}
$sql=mysql_query($query) or die (mysql_error());

Where you change the query depending on what was entered.
But it has an error saying "Undefined variable: query in C:\wamp\www\Test\Untitled-1.php on line 28"

Stefano Mtangoo 455 Senior Poster · Answer 5 · 2011-10-16T22:43:59+00:00

Since you are beginning, it is better you forget mysql_** and use mysqli or the more portable PDO. I would recommend PDO after reading several threads and try it out. Here is a workig script I did for a thread in this forum:

change username password and db to match yours

<html>
<head>

</head>
<body>
<?php
    ini_set("display_errors", 1);//error mgt
    try{
        $db = new PDO("mysql:host=localhost;dbname=xxx", "xxxx", "xxxx");
    }catch(PDOException $e){        
        echo $e->getMessage();
    }
    
    $stmt=$db->prepare("INSERT INTO likesys(liked) VALUES(:like)");
    $stmt2=$db->prepare("SELECT SUM(liked) AS likes FROM likesys WHERE liked=:like");
    $display=false;
    if(isset($_POST["like"])){
        $stmt->execute(array(":like"=>"1")); 
        $display=true;
    }
    if(isset($_POST["dislike"])){
        $stmt->execute(array(":like"=>"-1")); 
        $display=true;
    }
    $stmt->closeCursor();
    
    //if($display){ 
        $stmt2->execute(array(":like"=>"1"));
        $res = $stmt2->fetch(PDO::FETCH_ASSOC);  
        echo "<p>Likes: ". $res['likes']."</p>";
        
        $stmt2->execute(array(":like"=>"-1"));
        $res = $stmt2->fetch(PDO::FETCH_ASSOC);  
        echo "<p>Dislikes: ". abs($res['likes'])."</p>";
   // }
    
    $db=null;
?>
    <form action=<?php echo $_SERVER["PHP_SELF"];?> method="POST" >
        <input name="like" type="submit" value="Like" />
        <input name="dislike" type="submit" value="Dislike" />
    </form>
</body>
</html>

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 6 · 2011-10-17T07:57:58+00:00

But it has an error saying "Undefined variable: query in C:\wamp\www\Test\Untitled-1.php on line 28"

Don't forget to put the following at the beginning of your script.

$query='';