can anyone help to check my coding? what i need is to enter the groupcode and when i click search,it will retrieve all the modules. but only one module that appear instead of all.

<?php

$server="localhost";
$username="root";
$password="";
$connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
$mysql_db=mysql_select_db("reportdatabase",$connect_mysql) or die ("Could not Connect to Database");
    $db_sch = "SELECT * FROM cweb01group WHERE  `GroupCode` ='$GroupCode'";
    //echo $db_sch;
    $i = 0;
    $res = mysql_query($db_sch) or die(mysql_error());
    //echo mysql_num_rows($res);
    while($row = mysql_fetch_assoc($res))
        {
        echo " <tr>
              <td><a href='testingagain.php?module=".$row['ModuleCode']."</td>
              <td>".$row['ModuleTitle']."</td></br>
              </tr>";

        }
         mysql_close($connect_mysql);
            ?>

thanks :)

Recommended Answers

All 3 Replies

Where is $GroupCode being defined? The lack of a definition (due to it being indicative of having register_globals turned on) is more worrysome than the rest of the issues in your code. Let's start with that and work our way through it.

This is my html form. if i insert groupcode and click search it will proceed to the next page which is semMod.php which i send earlier.

<form id="form1" name="form1" method="POST" action="semMod.php">
<p>
  <label for="groupcode"></label>Group Code:
  <input type="text" name="group" id="group" class="intext" />
  eg.CWEB0212  </p>
<p>
  <input name="submit" id="submit" type="submit" value="Search"/><br />

</form>

In that case you have to use this

<?php
$server="localhost";
$username="root";
$password="";
$connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
$mysql_db=mysql_select_db("reportdatabase",$connect_mysql) or die ("Could not Connect to Database");
    $db_sch = "SELECT * FROM cweb01group WHERE  `GroupCode` ='".$_POST['group']."'";
    //echo $db_sch;
    $i = 0;
    $res = mysql_query($db_sch) or die(mysql_error());
    //echo mysql_num_rows($res);
    while($row = mysql_fetch_assoc($res)) {
        echo " <tr>
              <td><a href='testingagain.php?module=".$row['ModuleCode']."</td>
              <td>".$row['ModuleTitle']."</td></br>
              </tr>";
        }
mysql_close($connect_mysql);
?>

Anyway, you should check if there is any value in the post request and be aware of the injection possibilities.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.