0

basically this is a search function.(i have to search the data from database)

<form  method="post" action="search.php"  name="submitted" value ="true"  /> 
  <label>TYPE: 
  <select name="field"> 
    <option value = "sid">StudentID</option> 
    <option value = "sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit"  /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

   

$field= $_POST['field']; 
$searchword = $_POST['searchword']; 
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

// = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 

} 

mysql_close($con); 

?>
5
Contributors
14
Replies
16
Views
6 Years
Discussion Span
Last Post by monica singh
0

>> Line 1 - There is no attribute for the form tag called 'value'

>> Line 4, 5 - Do not use spaces between attributes and their values (so value = "sid" needs to be value="sid" )

>> Line 12 - Add a attribute "name" with the value "submitted" to the submit element, else the if statement on line 17 does not work correctly

>> Line 25, 26 - This is not an error but if the code goes online, it can be exploited by adding SQL code into the value of the form elements, clean it up before adding them to the query:

$searchword = htmlentities(addslashes($_POST['searchword']));

>> Line 48 - You need to place this line within the if statement brackets, as there only is a connection when it has been openend on line 19

~G

Edited by Graphix: n/a

0

>> Line 1 - There is no attribute for the form tag called 'value'

>> Line 4, 5 - Do not use spaces between attributes and their values (so value = "sid" needs to be value="sid" )

>> Line 12 - Add a attribute "name" with the value "submitted" to the submit element, else the if statement on line 17 does not work correctly

>> Line 25, 26 - This is not an error but if the code goes online, it can be exploited by adding SQL code into the value of the form elements, clean it up before adding them to the query:

$searchword = htmlentities(addslashes($_POST['searchword']));

>> Line 48 - You need to place this line within the if statement brackets, as there only is a connection when it has been openend on line 19

~G

hi dear i just made some correction as you suggested but still some error. im bit stupid on php so could u pls check this code again for me?

<body>

<form  method="post" action="new.php"  name="submitted"   /> 
  <label>TYPE: 
  <select name="field"> 
    <option value ="sid">StudentID</option> 
    <option value ="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name ="submitted" /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 
$searchword = htmlentities(addslashes($_POST['searchword']));

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

$field= $_POST['field'];
$searchword = $_POST['searchword'];


$result = mysql_query("SELECT* FROM student WHERE $field ='$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

//$result = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 


} 

mysql_close($con); 

?>
</body>
</html>

NB: this is my error.....
Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 37

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 45

0

hi, dear..
In line 37 ,why are you using $field ='$searchword'".....
and in line 45 try to use mysql_num () or mysql_assoc() with mysql_fetch_array.

let me know what exactly you want...

0

I adjusted the code so that it should work, pay attention to the changes I made that I typed out in my first post:

<body>

<form  method="post" action="new.php" /> 
  <label>TYPE: 
  <select name="field"> 
    <option value="sid">StudentID</option> 
    <option value="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name="submitted" /> 
  
</form> 

<?php 

/* If the form is submitted: */

if (isset($_POST['submitted'])){ 

 /* Connecting to the database: */

 $con = mysql_connect("localhost","root",""); 

 mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

 /* Retrieving form values: */

 $searchword = htmlentities(addslashes($_POST['searchword']));
 $field = htmlentities(addslashes($_POST['field']));
 $searchword = htmlentities(addslashes($_POST['searchword']));

 /* Executing search query: */

 $query = "SELECT * FROM student WHERE ".$field." = '".$searchword."'";
 $result = mysql_query($query) or trigger_error('MySQL error: ' . mysql_error());  
 
 /* Showing search results: */

 if (mysql_num_rows($result) > 0) {

  /* If the amount of rows is bigger than 0: */

  echo "<table>"; 
  echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 

  while($row = mysql_fetch_array($result)){ 

    echo "<tr><td>"; 
    echo $row['sid']; 
    echo "</td><td>"; 
    echo $row['sname']; 
    echo "</td></tr>"; 

  } 

  echo "</table>"; 

 } else {

  /* If no records were found: */
  echo "You search query did not match any record.";

 }

 mysql_close($con); 

} 
?>
</body>
</html>

~G

Edited by Graphix: n/a

0

hi, dear..
In line 37 ,why are you using $field ='$searchword'".....
and in line 45 try to use mysql_num () or mysql_assoc() with mysql_fetch_array.

let me know what exactly you want...

HI DEAR, basicaly i hav a table student, column names (StudentID,StudentName and some more.......) in my database. so now i need to search data using StudentID or StudentName.
if you could watch this clip you will get more.

http://www.youtube.com/watch?v=IYmS5HRo6JI&feature=channel

if you could help me with this function. i would appreciate.
thanx

1

Alright, I guess you stopped reading my posts which provided the solution and which only need one more adjustment to work with the table you described in your last post. Finding a solution when you show no effort on solving your OWN problem and use youtube films to learn PHP, is not going to work...

Good luck.

Votes + Comments
Agree
0

Alright, I guess you stopped reading my posts which provided the solution and which only need one more adjustment to work with the table you described in your last post. Finding a solution when you show no effort on solving your OWN problem and use youtube films to learn PHP, is not going to work...

Good luck.

Dear, i copied your coding and ran again, there was same error message like this...

Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 48

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 52
You search query did not match any record.

that is why i posted the youtube video to understand my question to you all guys.
hope you get my point. if you can provide any solution for me. would appreciate.
thank you

0

hi, dear

can u tell me what you what to do in this code or what functionality you want in your code...so that i can code for you.

0

You will never learn if you just get other people to fix your errors, just like Graphix said. I can see the change that needs to be done to get the code to work and it's a very minor correction needed.

I will tell you what the problem is but I won't provide the solution.

What's happening is your column name is "StudentID" but your code is trying to match a variable to something in the non-existent column called "sid".

0
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());

in this line you have used php variable($field)in mysql query. you can use only table field name.

0
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());

in this line you have used php variable($field)in mysql query. you can use only table field name.

Graphix provided a solution to that which allowed the use of a variable.

0

thank you so much guys for your helps and positive advice. :)

-1

Hi dear,

Here Your code.

<html><head></head>
<body>
<form action="only_check.php" method="POST">
enter ID <input type="text" name="id"><br/>
enter Name<input type="text" name="name">
<input type="submit" ><br/>
</form>


</body></html>

<?php
$id =$_POST['id'];
$name =$_POST['name'];
$server = "localhost";
$username = "root";
$password = "";
$db_name = "students";
$db = mysql_connect($server,$username,$password) or DIE("Connection to database failed, perhaps the service is down !!");
$db1=mysql_select_db($db_name) or DIE("Database name not available !!");

$login = mysql_query("select * from info where (stu_id ='".$id."')");

$row = mysql_fetch_row($login);
echo "<b>Search by Id</b><br/>";
echo $row[0]."<br/>";
echo $row[1]."<br/>";
echo $row[2]."<br/>";
echo $row[3]."<br/>";
echo"<br/>";

$login = mysql_query("select * from info where (stu_name ='".$name."')");

$row = mysql_fetch_row($login);
echo "<b>Search by name</b><br/>";
echo $row[0]."<br/>";
echo $row[1]."<br/>";
echo $row[2]."<br/>";
echo $row[3]."<br/>";

?>

Just change your database name, table name and also table fields according to your database.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.