954,597 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

PHP/MYSQL Input problem

Hi Guys I am new to PHP and slowly learning. I have a piece of code that I need some help with. I am trying to take user input and use it to query data from a table in MYSQL. I know all my connections are working because I can change my query and make it dump the entire database, but now I want to search it I have tried so many things and just cannot seem to get any results from it. This is a small piece of the code but it is where the problem is. If I change '$_POST['text']' to '100' for example I get the results back just how I want them but the user input seems to be where my problem is how can I fix this? Thank you for your help in advance!

<?php

include "sql_connect.php";

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$_POST['text']'")
or die(mysql_error());

echo "<table border='1'>";
echo "<tr> <th>ID</th> <th>Title</th> <th>Actor 1</th> <th>Actor 2</th> <th>Actor 3</th> <th>Actor 4</th> <th>Notes</th> <th>Status</th> <th>Media</th></tr>";

while($row = mysql_fetch_array($test)){

        echo "<tr><td>"; 
        echo $row['Mov_ID'];
        echo "</td><td>";
        echo $row['Title'];
        echo "</td><td>";
        echo $row['Actor_1'];
        echo "</td><td>";
        echo $row['Actor_2'];
        echo "</td><td>";
        echo $row['Actor_3'];
        echo "</td><td>";
        echo $row['Actor_4'];
        echo "</td><td>";
        echo $row['Notes'];
        echo "</td><td>";
        echo $row['Status'];
        echo "</td><td>";
        echo $row['Media'];
        echo "</td><td>";


-Justin

ON_Jtharpe
Newbie Poster
11 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

In your line:

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$_POST['text']'") or die(mysql_error());


I'm not terribly sure how PHP deals with ' inside of ' but you might be safer to add a line so it looks like:

$Post_text=$_POST['text'];
$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$Post_text'") or die(mysql_error());


I've never used this one, but I saw someone else use something like this:

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '{$_POST['text']}'") or die(mysql_error());

Short of that, I'd look at the HTML where you got the $_POST['text'] from.

dietdew12z
Junior Poster
102 posts since May 2010
Reputation Points: 18
Solved Threads: 20
 
1 Year Ago
0


this should work

<?php

include "sql_connect.php";

$text = $_POST['text'];
$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '".$text."'");
?>
lyrico
Junior Poster in Training
94 posts since Dec 2010
Reputation Points: 33
Solved Threads: 15
 
1 Year Ago
0

Try the code above. I've used it and it's fine.

$text=$_POST['text'];
$sql="SELECT * FROM doctors WHERE epitheto='$text'";

panagosa
Newbie Poster
5 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

Thanks everyone for your great answers and for helping the "new guy" LOL I used dietdew12z first solution and was successful. Now I have another question and I am not sure how involved the answer will be. I can now search by name for a movie in my database however the search has to be PERFECT to the entry in the database. Is there a way I could for example enter the letter C and have it return the movies that start with C or enter Ca and have it return movies that start with Ca exc.? Thanks in advance!

-Justin

ON_Jtharpe
Newbie Poster
11 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

For example:

SELECT * FROM movies WHERE title LIKE 'Ca%'
pritaeas
Posting Expert
Moderator
5,484 posts since Jul 2006
Reputation Points: 653
Solved Threads: 875
 
1 Year Ago
0

Thank you so much pritaeas and to all of you for not just saying "Read the Book" because I am learning as I go and I find that this works for me, and helpful people like you make it so much easier.

-Justin

ON_Jtharpe
Newbie Poster
11 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

I'd like to throw in an extra bit of advice as well:

sanitizing input: your 'text' variable could inadvertently mess up your record. Use mysql_real_escape_string() about every POST variable, e.g.

$text= mysql_real_escape_string($_POST['text']);


That would be the bare minimum, though. You may also like to look at htmlentities() in addition.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,796 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
1 Year Ago
0

Hey guys all this help is much appreciated, but I have yet another issue. This time I don't even know if this forum is the right place to post. When I enter my search and the code above is used I get my results correctly however in Firefox and IE if one of the cell's is empty I do not get the border around it and it is messy to read. If I use Google Chrome it displays fine. Any ideas?

Thanks,
Justin

ON_Jtharpe
Newbie Poster
11 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0


That is cross browser issue. Checking below link may help you. http://www.elated.com/articles/cross-browser-website-tips/

lyrico
Junior Poster in Training
94 posts since Dec 2010
Reputation Points: 33
Solved Threads: 15
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed