Member Avatar for fiey.hamzah

can anyone help to check my coding? what i need is to enter the groupcode and when i click search,it will retrieve all the modules. but only one module that appear instead of all.

<?php

$server="localhost";
$username="root";
$password="";
$connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
$mysql_db=mysql_select_db("reportdatabase",$connect_mysql) or die ("Could not Connect to Database");
    $db_sch = "SELECT * FROM cweb01group WHERE  `GroupCode` ='$GroupCode'";
    //echo $db_sch;
    $i = 0;
    $res = mysql_query($db_sch) or die(mysql_error());
    //echo mysql_num_rows($res);
    while($row = mysql_fetch_assoc($res))
        {
        echo " <tr>
              <td><a href='testingagain.php?module=".$row['ModuleCode']."</td>
              <td>".$row['ModuleTitle']."</td></br>
              </tr>";

        }
         mysql_close($connect_mysql);
            ?>

thanks :)

  • 3 Contributors
  • 3 Replies
  • 288 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by Szabi Zsoldos
Member Avatar for Bob Hensley

Where is $GroupCode being defined? The lack of a definition (due to it being indicative of having register_globals turned on) is more worrysome than the rest of the issues in your code. Let's start with that and work our way through it.

Member Avatar for fiey.hamzah

This is my html form. if i insert groupcode and click search it will proceed to the next page which is semMod.php which i send earlier.

<form id="form1" name="form1" method="POST" action="semMod.php">
<p>
  <label for="groupcode"></label>Group Code:
  <input type="text" name="group" id="group" class="intext" />
  eg.CWEB0212  </p>
<p>
  <input name="submit" id="submit" type="submit" value="Search"/><br />

</form>
Member Avatar for Szabi Zsoldos

In that case you have to use this

<?php
$server="localhost";
$username="root";
$password="";
$connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
$mysql_db=mysql_select_db("reportdatabase",$connect_mysql) or die ("Could not Connect to Database");
    $db_sch = "SELECT * FROM cweb01group WHERE  `GroupCode` ='".$_POST['group']."'";
    //echo $db_sch;
    $i = 0;
    $res = mysql_query($db_sch) or die(mysql_error());
    //echo mysql_num_rows($res);
    while($row = mysql_fetch_assoc($res)) {
        echo " <tr>
              <td><a href='testingagain.php?module=".$row['ModuleCode']."</td>
              <td>".$row['ModuleTitle']."</td></br>
              </tr>";
        }
mysql_close($connect_mysql);
?>

Anyway, you should check if there is any value in the post request and be aware of the injection possibilities.

Edited by Szabi Zsoldos
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.