Page 1 of 1

matched search criteria

Posted: Tue Nov 14, 2006 10:57 am
by franknu
Ok, when the user click on the link which is on a page call business_display.php

Code: Select all

this is the link on page business_display.php
$bn = $row['BusinessName'];
echo "<a href=\"bizwebpage2.php?BusinessName=$bn\">$bn</a>";
user click on the link and it takes them to page

bizwebpage2.php

here is the code for bizwebpage2.php

Code: Select all

<?php 

$host = "localhost"; 
$username = "localhost"; 
$password = "abc123"; 
$database = "contacts"; 


$db = mysql_connect($host, $username, $password) or die(mysql_error()); 
mysql_select_db($database) or die(mysql_error()); 

$BusinessName = ($_POST['BusinessName']);
$Keyword =($_POST['Keyword']); 
$Picture1 =  ($_POST['Picture1']); 
$Headline = ($_POST['Headline']); 
$Slogan2 = ($_POST['Slogan2']); 
$Description1 =($_POST['Description1']); 
$Description2 = ($_POST['Description2']); 
$Description3= ($_POST['Description3']); 
$Contact2 =  ($_POST['Contact2']); 
$Picture2 = ($_POST['Picture2']); 
$Picture3 = ($_POST['Picture3']); 

if($BusinessName) 
{ 
$query = "SELECT * FROM business_info WHERE `BusinessName`= '$BusinessName' ";
$result = mysql_query($query) or die (mysql_error()); 
}
?> 
<table> 
  <tr> 
    <td> 
      <table> 
        <tr> 
          <td valign="top"> 
            <table> 
              <tr> 
                <td valign="top"> 
                  <table> 
                    <tr>   
                      <td><?php echo"$Logo"; ?></td> 
                    </tr> 
                    <tr> 
                      <td valign="top"><h2><?php echo "<h2>$BusinessName</h2>"; ?></h2></td> 
                    </tr> 
                    <tr> 
                      <td valign="top"><?php echo "$Description1"; ?></td> 
                    </tr> 
                    <tr> 
                      <td valign="top"><?php echo "$Description2"; ?></td> 
                    </tr> 
					<tr> 
                      <td valign="top"><?php echo "$Description3"; ?></td> 
                    </tr> 
                    <tr> 
                      <td valign="top"><?php echo "$Contact2"; ?></td> 
                    </tr> 
                  </table> 
                </td> 
              </tr> 
            </table> 
          </td> 
          <td valign="top"> 
            <table> 
              <tr> 
                <td>&nbsp;</td> 
              </tr> 
              <tr> 
                <td valign="top"><?php echo"<img src='$Picture2' width='200' height='250'>"; ?>
				
				</td> 
              </tr> 
              <tr> 
                <td valign="top"> <?php echo "<img src='$Picture3'  width='200' height='250'>"; ?>  </td> 
              </tr> 
            </table> 
          </td> 
        </tr> 
      </table> 
      <table border='1'> 
        <tr> 
          <td>&nbsp;</td> 
        </tr> 
      </table> 
    </td> 
  </tr> 
</table> 
<?php 

?>
so how can i display the info that it is on Description1, Description2, ect that matched BusinessName which is on the same row on the table name business_info

Re: matched search criteria

Posted: Tue Nov 14, 2006 11:12 am
by volka
franknu wrote:$BusinessName = ($_POST['BusinessName']);
$Keyword =($_POST['Keyword']);
$Picture1 = ($_POST['Picture1']);
$Headline = ($_POST['Headline']);
$Slogan2 = ($_POST['Slogan2']);
$Description1 =($_POST['Description1']);
$Description2 = ($_POST['Description2']);
$Description3= ($_POST['Description3']);
$Contact2 = ($_POST['Contact2']);
$Picture2 = ($_POST['Picture2']);
$Picture3 = ($_POST['Picture3']);
The user clicked a link. There's no POST data. Only
echo "<a href="bizwebpage2.php?BusinessName=$bn">$bn</a>";
=> $_GET['BusinessName']
(instead of $BusinessName, see http://de2.php.net/security.globals)

Re: matched search criteria

Posted: Tue Nov 14, 2006 12:29 pm
by timvw
(Apart from what volka already said)
franknu wrote: $query = "SELECT * FROM business_info WHERE `BusinessName`= '$BusinessName' ";
If you're using data in a mysql context, you must make sure that it's prepared for use in that context...

Code: Select all

$businessName = mysql_real_escape_string($businessName);
$query = "SELECT * FROM business_info WHERE BusinessName='$businessName'";
And then you'll have to use [url=http://www.php.net/mysql_fetch_assoc]mysql_fetch_assoc[url] (or another _fetch_ method) in order to get the data in the resultset.

The documentation will probably show an example as:

Code: Select all

$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
  // use values in $row array
}
Again, here you should keep in mind that you're using data in a html context, so perhaps you want to run htmlentities before you inject the data into your html...