Page 1 of 1

Need a help for MySQL

Posted: Sat Sep 07, 2002 8:03 am
by sjunghare
Here is my code...The object of this is to take user input into an html form (on another file), and do searches against a MySQL database. Unfortunately, I have no idea what the syntax is for WHERE/LIKE clauses. Where do the slashes/single and double quotes/periods go? No book seems to agree on how it works and none of them work as is. This is driving me to madness :x !!!!!!

Code: Select all

<html> 

<head> 
<title>Search Results!!!!!!!!!</title> 
</head> 

<body> 

<h2>Hope that this is the person you wanted...</h2> 

<?php 

$hostname = "192.168.1.4"; 
$username = "bryan"; 
$password = "bryan"; 
$dbname = "User"; 
$tablename = "Person"; 

trim($fname); 
trim($lname); 
trim($ssno); 

$fname = addslashes($fname); 
$lname = addslashes($lname); 
$ssno = addslashes($ssno); 

$link = mysql_pconnect($hostname,$username,$password); 

if(!$link) 
&#123; 
echo "Don't worry...it's never a user error ID-10-T"; 
exit; 
&#125; 

mysql_select_db($dbname); 

$query = "select * from $tablename where $fname like '$fname%'"; 

echo $query; 

echo "<br>"; 

$result =@ mysql_query($query,$link); 

$num_results =@ mysql_num_rows($result); 

echo "Out of ".$num_results." people,"; 
echo " this person should be in here somewhere..."; 

for($i=0; $i < $num_results;$i++) 
&#123; 
$row = mysql_fetch_array($result); 
echo "<table>"; 
echo "<tr><td><b>First Name:</td></b>"; 
echo "<td><b>Last Name:</b></td>"; 
echo "<td><b>SSN: </b></td>"; 
echo "<tr><td>"; 
echo htmlspecialchars( stripslashes($row&#1111;"fname"])); 
echo "</td><td> "; 
echo htmlspecialchars( stripslashes($row&#1111;"lname"])); 
echo "</td><td>"; 
echo htmlspecialchars( stripslashes($row&#1111;"ssno"])); 
echo "</td><td></tr>"; 
echo "</table>"; 
&#125; 

?> 

</body> 
</html>
Thankx in advance
Sachin


?>

Posted: Sat Sep 07, 2002 8:47 am
by Coco
well im a newbie myself but should $link be in here???

Code: Select all

$result =@ mysql_query($query,$link);
not a clue if that will help or not :?

and instead of this...

Code: Select all

for($i=0; $i < $num_results;$i++) 
&#123; 
$row = mysql_fetch_array($result);
you can use this (should make it more efficient)

Code: Select all

while ($row = mysql_fetch_array($result))
&#123;&#125;

Posted: Sat Sep 07, 2002 11:31 am
by gite_ashish
hi,

i think, this:
$query = "select * from $tablename where $fname like '$fname%'";
should be:
$query = "select * from $tablename where fname like '$fname%'";


the field name is constant (already defined by u, when u designed the table) value.


ONE more thing:
trim($fname);
trim($lname);
trim($ssno);
u r not collected the trimed values !!

it should have been like:
$fname = trim($fname);
$lname = trim($lname);
$ssno = trim($ssno);
anyway this has nothing to do with the current error... its just one correction to code...

Posted: Sat Sep 07, 2002 12:09 pm
by twigletmac
The best place to learn about constructing a SELECT statement is from the manual:
http://www.mysql.com/doc/en/SELECT.html

Mac

Posted: Sat Sep 07, 2002 2:32 pm
by Takuma
The best thing to find anything is this FORUM and the Manual! :D

It should be like this

Code: Select all

&lt;?php
result = @mysql_query($query,$link); 
?&gt;
Now this will not print an error even if the query fails.

Posted: Mon Sep 09, 2002 6:52 am
by sjunghare
It is ok now that the query should be

Code: Select all

$query = "select * from $tablename where fname like '$fname%'";
as gite_ashish posted

Thanks all u

Posted: Mon Sep 09, 2002 7:21 am
by m3mn0n
You shouldn't post your accually DB login info when you request help. :roll:

It's a big security breach.

Posted: Tue Sep 10, 2002 4:03 am
by sjunghare
Be COOL !!! Its a only dummy values in the program.

____________________

Security is the fundamental need of software !

Posted: Tue Sep 10, 2002 4:48 am
by mikeq
sjunghare wrote:It is ok now that the query should be

Code: Select all

$query = "select * from $tablename where fname like '$fname%'";
as gite_ashish posted

Thanks all u
Is fname the name of your field in the table, or where you trying to put the field name in from a PHP variable

i.e.

$tablename = 'MYTABLE';
$fname = 'MYFIELD';
$nametofind = 'MIKE';

$query = "select * from $tablename where $fname like '$nametofind%';

would produce a query

select *
from MYTABLE
where MYFIELD = 'MIKE';