0

Hi Guys I am new to PHP and slowly learning. I have a piece of code that I need some help with. I am trying to take user input and use it to query data from a table in MYSQL. I know all my connections are working because I can change my query and make it dump the entire database, but now I want to search it I have tried so many things and just cannot seem to get any results from it. This is a small piece of the code but it is where the problem is. If I change '$_POST' to '100' for example I get the results back just how I want them but the user input seems to be where my problem is how can I fix this? Thank you for your help in advance!

<?php

include "sql_connect.php";

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$_POST['text']'")
or die(mysql_error());

echo "<table border='1'>";
echo "<tr> <th>ID</th> <th>Title</th> <th>Actor 1</th> <th>Actor 2</th> <th>Actor 3</th> <th>Actor 4</th> <th>Notes</th> <th>Status</th> <th>Media</th></tr>";

while($row = mysql_fetch_array($test)){

        echo "<tr><td>"; 
        echo $row['Mov_ID'];
        echo "</td><td>";
        echo $row['Title'];
        echo "</td><td>";
        echo $row['Actor_1'];
        echo "</td><td>";
        echo $row['Actor_2'];
        echo "</td><td>";
        echo $row['Actor_3'];
        echo "</td><td>";
        echo $row['Actor_4'];
        echo "</td><td>";
        echo $row['Notes'];
        echo "</td><td>";
        echo $row['Status'];
        echo "</td><td>";
        echo $row['Media'];
        echo "</td><td>";

-Justin

Edited by ON_Jtharpe: n/a

6
Contributors
9
Replies
11
Views
6 Years
Discussion Span
Last Post by lyrico
0

In your line:

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$_POST['text']'") or die(mysql_error());

I'm not terribly sure how PHP deals with ' inside of ' but you might be safer to add a line so it looks like:

$Post_text=$_POST['text'];
$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '$Post_text'") or die(mysql_error());

I've never used this one, but I saw someone else use something like this:

$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '{$_POST['text']}'") or die(mysql_error());

Short of that, I'd look at the HTML where you got the $_POST from.

Edited by dietdew12z: n/a

0

this should work

<?php

include "sql_connect.php";

$text = $_POST['text'];
$test = mysql_query("SELECT * FROM Movies WHERE Mov_ID = '".$text."'");
?>

Edited by lyrico: n/a

0

Try the code above. I've used it and it's fine.

$text=$_POST;
$sql="SELECT * FROM doctors WHERE epitheto='$text'";

0

Thanks everyone for your great answers and for helping the "new guy" LOL I used dietdew12z first solution and was successful. Now I have another question and I am not sure how involved the answer will be. I can now search by name for a movie in my database however the search has to be PERFECT to the entry in the database. Is there a way I could for example enter the letter C and have it return the movies that start with C or enter Ca and have it return movies that start with Ca exc.? Thanks in advance!

-Justin

0

Thank you so much pritaeas and to all of you for not just saying "Read the Book" because I am learning as I go and I find that this works for me, and helpful people like you make it so much easier.

-Justin

0

I'd like to throw in an extra bit of advice as well:

sanitizing input: your 'text' variable could inadvertently mess up your record. Use mysql_real_escape_string() about every POST variable, e.g.

$text= mysql_real_escape_string($_POST['text']);

That would be the bare minimum, though. You may also like to look at htmlentities() in addition.

0

Hey guys all this help is much appreciated, but I have yet another issue. This time I don't even know if this forum is the right place to post. When I enter my search and the code above is used I get my results correctly however in Firefox and IE if one of the cell's is empty I do not get the border around it and it is messy to read. If I use Google Chrome it displays fine. Any ideas?

Thanks,
Justin

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.