Page 1 of 1

Creating an address book - how to display search results

Posted: Fri Jan 28, 2005 4:54 pm
by tapir
Hi all, recently found this corner of the web, and so far it's been a great help. I'm new to PHP, and I'm creating a basic contacts database (MySQL, PHP) and so far I've managed on my own, but now I think that user error is hindering me. I've posted the PHP below, I hope that someone can point out my simple errors!
The problem: When I load the page, my search button and text field are displayed, but the text that should only be displayed when there are no matches is also displayed. When I enter a correct value into the search field, the page does not return the users. If it's any help, when I change the dynamic search variable to a static value (ie a known surname) the correct values are displayed in the table.

Thanks in advance for any tips and pointers, and any solutions that you have to offer
:t:

Code: Select all

<html>
<body>

<form method="POST" action="./search_test002.php"> 
Surname: <input type="text" name="query"> 
<input type="SUBMIT" value="Search"> 
</form>

<?php

// create MySQL connection

$connection=mysql_connect("server","user","password");
if (!$connection) &#123;
echo "Could not connect to MySql server!";
exit;
&#125;

// select database

$db=mysql_select_db("contacts",$connection);
if (!$db) &#123;
echo "Could not select database";
exit;
&#125;

//select record fields from database table and check for results

$sql="SELECT title,first_name,last_name, date_birth FROM users WHERE last_name = '%$query%' ";

$mysql_result=mysql_query($sql,$connection);
$num_rows=mysql_num_rows($mysql_result);


// We have no results

if ($num_rows == 0) &#123;
echo "Sorry, we have no records";
&#125; else &#123;

// results returned so create a table to display them

echo "<TABLE  BORDER="1">";
echo "<TR><TH>TITLE</TH><TH>FIRST NAME</TH><TH>LAST NAME</TH><TH>DATE OF BIRTH</TH></TR>";

//table population using a 'while' loop

while ($row=mysql_fetch_array($mysql_result))
&#123;
$title=$row&#1111;"title"];
$fname=$row&#1111;"first_name"];
$lname=$row&#1111;"last_name"];
$dob=$row&#1111;"date_birth"];

//display the results under the correct headings

echo "<TR><TD>$title</TD><TD>$fname</TD><TD>$lname</TD><TD>$dob</TD></TR>";

&#125;

&#125;// End else while

//close the MySQL connection

mysql_close($connection);

?>

</TABLE>
</body>
</html>

Posted: Fri Jan 28, 2005 5:06 pm
by feyd
the code you posted always performs a query, based on a probably nonexistant variable as register_globals is probably not on. Which is a good thing.

You can avoid performing the query based on checking if the request method is post.

Code: Select all

if($_SERVER&#1111;'REQUEST_METHOD'] == 'POST')
&#123;
// your query handling code in here
&#125;
$query should be created with the value stored in $_POST['query'], where the data should actually be. You may need to pass the data through addslashes() as blindly passing user sent variables into a query can be very vulnerable to SQL injection.

Posted: Sat Jan 29, 2005 7:55 am
by tapir
feyd wrote:the code you posted always performs a query, based on a probably nonexistant variable as register_globals is probably not on. Which is a good thing.

You can avoid performing the query based on checking if the request method is post.

Code: Select all

if($_SERVER&#1111;'REQUEST_METHOD'] == 'POST')
&#123;
// your query handling code in here
&#125;
$query should be created with the value stored in $_POST['query'], where the data should actually be. You may need to pass the data through addslashes() as blindly passing user sent variables into a query can be very vulnerable to SQL injection.
Hi, thanks for the prompt response, appreciate your help.

I kind of understand what you're recommending, so I'll go an play with my code some more. To clarify something: where you say 'value stored in $_POST['query'] ' should I replace the '$query' value in my sql statement with $_post['query']?

Thanks in advance
:t:

Posted: Sat Jan 29, 2005 2:12 pm
by tapir
Well, I've spent an afternoon swearing and pulling my hair out over this, and still no success.
Can anyone point me to a tutorial for a really simple search page? All I need is to enter a value, search for it, and return the results in a table on the same page. Once I have nailed the basics I can then make progress.
Alternatively, if anyone can explain this in terms that are so simple it's laughable, I'd appreciate it.

Thanks in advance

:t: