Do not execute query upon load of page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
emilcarlo
Forum Commoner
Posts: 43
Joined: Wed Jul 21, 2010 12:38 pm

Do not execute query upon load of page

Post by emilcarlo »

Good evening,

I am currently doing a web application which requires pulling out of data from the database. I am still a novice in the programming industry, and is still seeking help from my colleagues and of course forum sites like phpdn. I have an existing code which my friend provided me. I have already done some modifications with the code. I have a problem though with the code, it executes database query upon loading of the page. I do understand how the code works, however, I am not able to modify the code to disallow the execution of query upon loading of page. Here is the code:

Code: Select all

<?PHP
include("dbconnection.php");

$query = "SELECT * FROM records";

if(isset($_POST["btnSearch"]))

{
		$query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;
}

$result = mysql_query($query, $connection) or die(mysql_error());
?>
I do know that this php code, the way it is written, is supposed to do that - to select data from my database (This code was provided by a friend). But my requirement for the project is actually to give it a search engine and display the information based from the search query. I have a search engine already together with the code, and it works pretty well. What I must do is to disallow the pulling of data from the first load, but just pull data if the search engine is used.

Here's the whole code:

Code: Select all

<link href="add_client.css" rel="stylesheet" type="text/css">

<?PHP
include("dbconnection.php");

$query = "SELECT * FROM records";

if(isset($_POST["btnSearch"]))

{
		$query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;
}

$result = mysql_query($query, $connection) or die(mysql_error());
?>

<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td><table width="760" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="199" align="center" valign="top"><a href="login.html"><img src="asia.gif" alt="" width="152" height="58" border="0" /></a>        <script type="text/javascript" src="menu.js"></script></td>
        <td width="176" align="right" valign="bottom"><a href="main.php"><img src="Home.jpg" width="104" height="20" border="0"/></a></td>
        <td width="130" align="right" valign="bottom"><img src="View.jpg" width="104" height="20" border="0"/></td>
        <td width="146" align="right" valign="bottom"><a href="add_client.php"><img src="Add.jpg" width="104" height="20" border="0"/></a></td>
        <td width="109" align="right" valign="bottom">&nbsp;</td>
        </tr>

    </table></td>
  </tr>
  <tr>
    <td><table width="760" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="200" height="3"  bgcolor="#1B1C78"><img src="images/topspacerblue.gif" alt="" width="1" height="3" /></td>
        <td width="560"  bgcolor="#0076CC"><img src="images/topspacerlblue.gif" alt="" width="1" height="3" /></td>

      </tr>
    </table></td>

  </tr>
  <tr>
    <td height="553" align="center" valign="top" bgcolor="#F3FAFE"><br />

      <form name="form" action="view_client.php" method="post">
      <table width="351" border="0">
          <tr>
            <td width="137" align="left" valign="middle">SEARCH RECORD:</td>
            <td width="144" align="center" valign="middle"><input type="text" name="search" /></td>
            <td width="56" align="left" valign="middle"><input type="submit" name="btnSearch" value="Search" /></td>
          </tr>
        </table>
        <br />
        <table width="680" border="0" cellpadding="3" cellspacing="1" bordercolor="38619E" >
          <tr>
            <th width="100" align="center" bgcolor="#E0E8F3">Territory</th>
            <th width="110" align="center" bgcolor="#E0E8F3">Employer</th>
            <th width="110" align="center" bgcolor="#E0E8F3">Job Title</th>
            <th width="50" align="center" bgcolor="#E0E8F3">Title</th>
            <th width="110" align="center" bgcolor="#E0E8F3">First Name</th>
            <th width="110" align="center" bgcolor="#E0E8F3">Last Name</th>
            <th width="70" align="center" valign="middle" bgcolor="#E0E8F3">&nbsp;</th>
          </tr>
          <?php
  if($result)
  {
	  for($i=0; $i<mysql_num_rows($result); $i++)
	  {
		  $id = trim(mysql_result($result, $i, "id"));
		  $territory = trim(mysql_result($result, $i, "territory"));
		  $employer = trim(mysql_result($result, $i, "employer"));
		  $job_title = trim(mysql_result($result, $i, "job_title"));
		  $title = trim(mysql_result($result, $i, "title"));
		  $first_name = trim(mysql_result($result, $i, "first_name"));
		  $last_name = trim(mysql_result($result, $i, "last_name"));
				  
		  echo "<tr>";
  		  echo "<td>".$territory."</td>";
		  echo "<td>".$employer."</td>";
		  echo "<td>".$job_title."</td>";
		  echo "<td>".$title."</td>";
		  echo "<td>".$first_name."</td>";
		  echo "<td>".$last_name."</td>";
		  echo "<td><a href='admin_edit.php?id=".$id."'>edit</a> | <a href='admin_delete.php?id=".$id."'>del</a> </td>";
		  echo "</tr>";
	  }
  }
  ?>
        </table>
<br />
   </form>
    <p>&nbsp;</p></td>

  </tr>
  <tr>
    <td height="38"><table width="760" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="200" height="35" align="center"  bgcolor="#1B1C78" class=white><img src="images/topspacerblue.gif" alt="" width="1" height="3" />&nbsp;<a href="disclaimer.html"><font color="#FFFFFF">Legal Disclaimer</font></a> </td>

        <td width="560" align="center"  bgcolor="#0076CC"  class=white><img src="images/topspacerlblue.gif" alt="" width="1" height="3" />&nbsp;Copyright &copy; 2006 - 2010 Limited. All rights reserved.
</td>
      </tr>

    </table></td>
  </tr>
</table>


Immediate response is well appreciated. Thank you very much!
Gargoyle
Forum Contributor
Posts: 130
Joined: Wed Jul 14, 2010 12:25 am

Re: Do not execute query upon load of page

Post by Gargoyle »

Code: Select all

$result = false;
if(isset($_POST["btnSearch"]))
{
$query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;
$result = mysql_query($query, $connection) or die(mysql_error());
}
note that you're having mysql injection vulnerabilities all over the place.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: Do not execute query upon load of page

Post by yacahuma »

But you are running it.

Code: Select all

$query = "SELECT * FROM records";
$result = mysql_query($query, $connection) or die(mysql_error());
if you want to run only after click on the button, you have to move your query inside the if. right now is outside, so is always executed.
emilcarlo
Forum Commoner
Posts: 43
Joined: Wed Jul 21, 2010 12:38 pm

Re: Do not execute query upon load of page

Post by emilcarlo »

Hi Gargoyle,

Thank you for your feedback. I am quite new with programming, ahmm can you kindly explain what you said?
Gargoyle wrote:

Code: Select all

$result = false;
if(isset($_POST["btnSearch"]))
{
$query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;
$result = mysql_query($query, $connection) or die(mysql_error());
}
note that you're having mysql injection vulnerabilities all over the place.
Hi Yakahuma,

I tried to put it inside, but it game me this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE last_name LIKE '%%' OR first_name LIKE '%%'OR territory LIKE '%%'OR job_ti' at line 1
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: Do not execute query upon load of page

Post by yacahuma »

it is because you divided your query

the query should be

Code: Select all

$query .= "SELECT * FROM records WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;
emilcarlo
Forum Commoner
Posts: 43
Joined: Wed Jul 21, 2010 12:38 pm

Re: Do not execute query upon load of page

Post by emilcarlo »

Hello again xD

I tried what you suggested yacahuma, now I get "Query is empty" message.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: Do not execute query upon load of page

Post by yacahuma »

do

Code: Select all

$query = '...'

not
$query .= '...'

emilcarlo
Forum Commoner
Posts: 43
Joined: Wed Jul 21, 2010 12:38 pm

Re: Do not execute query upon load of page

Post by emilcarlo »

Yup, I did that. The problem has already been solved, but still, thank you for all the help ^^

Here's the solution :)

Code: Select all

include("dbconnection.php");

$query = "SELECT * FROM records";
$result = array();

if(isset($_POST["btnSearch"]))

{
                $query .= " WHERE last_name LIKE '%".$_POST["search"]."%' OR first_name LIKE '%".$_POST["search"]."%'OR territory LIKE '%".$_POST["search"]."%'OR job_title LIKE '%".$_POST["search"]."%'OR title LIKE '%".$_POST["search"]."%'OR employer LIKE '%".$_POST["search"]."%' " ;

$result = mysql_query($query, $connection) or die(mysql_error());

} 
Post Reply