Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.
Moderator: General Moderators
sjunghare
Forum Newbie
Posts: 16 Joined: Tue Sep 03, 2002 6:22 am
Location: Pune
Post
by sjunghare » Sat Sep 07, 2002 8:03 am
Here is my code...The object of this is to take user input into an html form (on another file), and do searches against a MySQL database. Unfortunately, I have no idea what the syntax is for WHERE/LIKE clauses. Where do the slashes/single and double quotes/periods go? No book seems to agree on how it works and none of them work as is. This is driving me to
madness !!!!!!
Code: Select all
<html>
<head>
<title>Search Results!!!!!!!!!</title>
</head>
<body>
<h2>Hope that this is the person you wanted...</h2>
<?php
$hostname = "192.168.1.4";
$username = "bryan";
$password = "bryan";
$dbname = "User";
$tablename = "Person";
trim($fname);
trim($lname);
trim($ssno);
$fname = addslashes($fname);
$lname = addslashes($lname);
$ssno = addslashes($ssno);
$link = mysql_pconnect($hostname,$username,$password);
if(!$link)
{
echo "Don't worry...it's never a user error ID-10-T";
exit;
}
mysql_select_db($dbname);
$query = "select * from $tablename where $fname like '$fname%'";
echo $query;
echo "<br>";
$result =@ mysql_query($query,$link);
$num_results =@ mysql_num_rows($result);
echo "Out of ".$num_results." people,";
echo " this person should be in here somewhere...";
for($i=0; $i < $num_results;$i++)
{
$row = mysql_fetch_array($result);
echo "<table>";
echo "<tr><td><b>First Name:</td></b>";
echo "<td><b>Last Name:</b></td>";
echo "<td><b>SSN: </b></td>";
echo "<tr><td>";
echo htmlspecialchars( stripslashes($rowї"fname"]));
echo "</td><td> ";
echo htmlspecialchars( stripslashes($rowї"lname"]));
echo "</td><td>";
echo htmlspecialchars( stripslashes($rowї"ssno"]));
echo "</td><td></tr>";
echo "</table>";
}
?>
</body>
</html>
Thankx in advance
Sachin
?>
Coco
Forum Contributor
Posts: 339 Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:
Post
by Coco » Sat Sep 07, 2002 8:47 am
well im a newbie myself but should $link be in here???
Code: Select all
$result =@ mysql_query($query,$link);
not a clue if that will help or not
and instead of this...
Code: Select all
for($i=0; $i < $num_results;$i++)
{
$row = mysql_fetch_array($result);
you can use this (should make it more efficient)
Code: Select all
while ($row = mysql_fetch_array($result))
{}
gite_ashish
Forum Contributor
Posts: 118 Joined: Sat Aug 31, 2002 11:38 am
Location: India
Post
by gite_ashish » Sat Sep 07, 2002 11:31 am
hi,
i think, this:
$query = "select * from $tablename where $fname like '$fname%'";
should be:
$query = "select * from $tablename where fname like '$fname%'";
the field name is constant (already defined by u, when u designed the table) value.
ONE more thing:
trim($fname);
trim($lname);
trim($ssno);
u r not collected the trimed values !!
it should have been like:
$fname = trim($fname);
$lname = trim($lname);
$ssno = trim($ssno);
anyway this has nothing to do with the current error... its just one correction to code...
Takuma
Forum Regular
Posts: 931 Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:
Post
by Takuma » Sat Sep 07, 2002 2:32 pm
The best thing to find anything is this FORUM and the Manual!
It should be like this
Code: Select all
<?php
result = @mysql_query($query,$link);
?>
Now this will not print an error even if the query fails.
sjunghare
Forum Newbie
Posts: 16 Joined: Tue Sep 03, 2002 6:22 am
Location: Pune
Post
by sjunghare » Mon Sep 09, 2002 6:52 am
It is ok now that the query should be
Code: Select all
$query = "select * from $tablename where fname like '$fname%'";
as gite_ashish posted
Thanks all u
m3mn0n
PHP Evangelist
Posts: 3548 Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada
Post
by m3mn0n » Mon Sep 09, 2002 7:21 am
You shouldn't post your accually DB login info when you request help.
It's a big security breach.
sjunghare
Forum Newbie
Posts: 16 Joined: Tue Sep 03, 2002 6:22 am
Location: Pune
Post
by sjunghare » Tue Sep 10, 2002 4:03 am
Be COOL !!! Its a only dummy values in the program.
____________________
Security is the fundamental need of software !
mikeq
Forum Regular
Posts: 512 Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland
Post
by mikeq » Tue Sep 10, 2002 4:48 am
sjunghare wrote: It is ok now that the query should be
Code: Select all
$query = "select * from $tablename where fname like '$fname%'";
as gite_ashish posted
Thanks all u
Is fname the name of your field in the table, or where you trying to put the field name in from a PHP variable
i.e.
$tablename = 'MYTABLE';
$fname = 'MYFIELD';
$nametofind = 'MIKE';
$query = "select * from $tablename where $fname like '$nametofind%';
would produce a query
select *
from MYTABLE
where MYFIELD = 'MIKE';