I'm trying to get the php code to search the database and return all the matching "park_name"s but it says that the search variable is undefined and also only returns one park from the database.
This is the code I have for the search:
<form method="post" action="Search_page.php" name="search" id="Search">
<label for="search">Search:</label><input type="text" name="Search" id="search" />
<input type="submit" name="submit" value="Search"/>
</form>
<?php
if(isset($_POST['search'])){
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search); }
$sql="SELECT Park_name, street FROM park_list WHERE park_name LIKE '%$search%'";
//query db
$result = $db->query($sql);
?>
</div>
<?php while ($row = $result->fetch_assoc()) { ?>
<div class="results">
<h2><?php echo $row['Park_name']?></h2> </br>
<p><?php echo $row['street']?></p>
</div>
<?php } ?>
Because, Search != search.
Error reporting told you about it too.
Btw, != is the logical operator for "does not equal" ;-)
Those are case-sensitive.
By the way; do yourself a favor and use a prepared statement if you want to save/keep your database.
https://en.wikipedia.org/wiki/Prepared_statement
and check for errors on the query, should it fail using mysqli_error($db).
You're also using a name attribute here in conjunction with the POST array of the same name:
<form method="post" action="Search_page.php" name="search" id="Search">
^^^^^^^^^^^^^
Remove that ^
and rename name="Search" for the input to name="search".
where you thought would pan out, which it won't. Your search is relying on the input's name attribute (and the input itself). Forms generally do not use name attributes.
You need to remove it.
Side note: It's usually best to use a !empty() < (not empty) for a user input, instead of isset(). The latter is mostly used for radios/checkboxes/submit inputs.
Form field names are case sensitive.
Change your second line to
<label for="search">Search:</label><input type="text" name="search" id="search" />
I don't have rep to comment yet, but Park_name should be lowercase.
You have inconsistent case in the sql statement:
$sql="SELECT Park_name, street FROM park_list WHERE park_name LIKE '%$search%'";
Related
I have a data base 'School'. It has only one table - 'Words'. There are word_id, word_name, word_description in it. I want to pull a random description and display it on a page. Then I want to input a word and see if the word has the same description as the random one that was pulled. What am I doing wrong? Here is the code -
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Изпит</title>
</head>
<body>
<?php
$connection = mysqli_connect('localhost', 'root', '', 'school');
if(!$connection){
echo 'NOT OK';
exit;
}
if(isset($_POST['submit_description'])){
$q = mysqli_query($connection, ' SELECT word_description
FROM words ORDER BY rand() LIMIT 1
');
$row=mysqli_fetch_assoc($q);
if($row){
$_POST['word_description'] = $row['word_description'];
echo $_POST['word_description'];
}
}
if(isset($_POST['submit_word'])){
$word_name = $_POST['word_name'];
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
$result=mysqli_query($connection, $q2);
$count=mysqli_num_rows($result);
if($count==1){
echo 'Позна ве.';
}else{
echo 'Не позна ве.';
}
}
?>
<br><br><br>
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
</body>
</html>
I think you have some typos.
This line of code here:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
Should be like this:
$q2="SELECT * FROM words WHERE word_name='".$word_name."' and word_description='".$_POST['word_description']."'";
1) There is a typo in $_POST['word_description'] in your query:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
2) Also, I would recommend using the word_id instead of the word description to make the verification... you would need to write it in a <input name="word_id" type="hidden" value="..." /> in your form to pass it along.
What would be even better, to prevent people from knowing the answer by looking at the code (in case they would know what word matches what id), you could encode the value in the hidden field to be md5($word_id.$word_name) and then in your query you check "WHERE MD5(CONCAT(word_id, word_name))='".$_POST['word_md5']."'" (assuming your hidden input is now called "word_md5).
EDIT:
After looking at the HTML I see what your problem is:
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
This should all be in the same <form> element:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
When the form is submitted, the $_POST array should contain the word_description AND the word_name submitted.
EDIT 2:
If you wish to use the id, you would have to first add it to your SELECT query:
$q = mysqli_query($connection, ' SELECT word_id, word_description
FROM words ORDER BY rand() LIMIT 1
');
Then you'd need to set it to some variable, and then later in your HTML:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_id" value="<?php echo $word_id?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
Your second SQL query should then look like:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_id='".$_POST['word_id']."'";
Note: it is a bad practice to change the $_POST array in your code.
This array is populated by the request sent by the client and things can get confusing if you change the values there.
It is better to create another variable and set it to the value from the $_POST (example: $word_description = $_POST['word_description'];).
This way, you can still use array_key_exists('word_description', $_POST) to verify if the client actually sent something.
I'm trying to make a user search with the following code:
<?php
session_start();
include("../BD/bd.php");
$searched_for = $_POST['searched_for'];
$query = #mysql_query("SELECT * FROM user_media WHERE nombre LIKE '%$searched_for%'") or die(mysql_error());
while($got_users = #mysql_fetch_array($query)){
echo '<div class="searched-content-info">'.
'<div class="searched-photo"><img src="'.$got_users['foto'].'"></div>
<div class="searched-names"><h3>'.$got_users['nombre'].'</h3></div>
<div class="searched-dates"><h3>'.'Miembro desde: '.$got_users['created_on'].'</h3></div>
</div>
<div class="divisor-search-user"></div>';
}
?>
But I'm getting all the rows, I just want to display the searched users info, seems like the $query is receiving a clean $searched_for
Any help here? Btw, I'm a little newbie here, please don't bully :)
EDIT: I tried changing $got_users['nombre']; with $searched_for to see if $searched_for is empty and yes it doesn't return any string that's why I am getting all the rows. $query is getting an empty variable but Why?
Here's my HTML:
<form target="u-n" id="search_input" action="search_user.php" method="post">
<input id="search-input" name="searched_for" type="search" placeholder="Search">
</form>
You used <input type="search" /> which is a HTML5 feature. Older browsers may not support this. Replace this input with type="text".
Then, your $_POST['searched_for'] should populate properly, that is:
<input name="searched_for" type="text" placeholder="Search" />
Also, you used the same id multiple times, which is an invalid HTML syntax.
Reference: HTML input tag at MDN
I'm creating a php-post form, containing: Who, What, Where, Contact and date_created.
I've made a database with these rows.
Here's my HTML Form code:
<form id="contactform" action="post.php">
<p class="contact"><label for="who">Who</label></p>
<input id="who" name="who" placeholder="Who are you? (First & Second name)" required="" tabindex="1" type="text">
<p class="contact"><label for="email">What</label></p>
<input id="what" name="what" placeholder="What do you want?" required="" type="text">
<p class="contact"><label for="username">Where</label></p>
<input id="where" name="where" placeholder="Country, City, Street..." required="" tabindex="2" type="text">
<p class="contact"><label for="password">Contact</label></p>
<input type="text" id="contact" name="contact" placeholder="Phone number or email"required="">
<br><br>
<input class="buttom" name="submit" id="submit" tabindex="5" value="Submit" type="submit">
And here's the php post.php code:
<?php
// Grab our POSTed form values
// Note that whatever is enclosed by $_POST[""] matches the form input elements
$who = $_POST["who"];
$what = $_POST["what"];
$where = $_POST["where"];
$contact = $_POST["contact"];
// Connect to our DB with mysql_connect(<server>, <username>, <password>)
$sql_connection = mysql_connect("server_name", "admin", "password");
mysql_select_db("database_name", $sql_connection);
$sql = "INSERT INTO content (
who,
what,
where,
contact,
date_created
)
VALUES (
'$who',
'$what',
'$where',
'$contact',
NOW()
)";
mysql_query($sql, $sql_connection);
mysql_close($sql_connection);
?>
When I try to post something, nothing is happening. The screen is just white, the database is empty and the url is like this:
http://my-website.com/post.php?who=Firstname+Secondname&what=Some+sentences+here-and&where=America&contact=some#website.com&submit=Submit%21
Just as HamZa DzCyberDeV said, you didn't specify which method you're using in <form> tag.
For situations when you're POSTing something in your database, just as you are now - use method="post" and for forms when you're searching for something, use method="get".
In case of using post method, your URL will change to only my-website.com/post.php and in case of using get method, your URL will change to something like my-website.com/post.php?... (where your things which you're getting are going) - just how you got URL after submitting.
The screen is just white because post.php (where you're going after clicking on submit button) doesn't contain anything to send to output, which you can easily do with echo.
For instance, you can make a new html page which will be written down with echo:
echo '
<html
<body>
This is my website!
</body>
</html>
';
Also, what you could do is to use include() php script which has already formed HTML, or you can check out here for some other redirect methods:
http://php.about.com/od/learnphp/ht/phpredirection.htm
Just remember that PHP is language which server is processing and only HTML tags (with CSS and JS) are sent to other browser to be read.
For more about POST and GET method you can read here:
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/reserved.variables.get.php
why don't you try this to get an error or a clue to what is going wrong, enclose your code in try and catch blocks:
try {
// your code
} catch ( Exception $e ) {
echo $e->getMessage();
}
I have a form with a hidden field that looks something like this:
<form id="myform" method="post" action="/myphp.php">
<div>
<label for="name">Name</label>
<input type="text" id="name" name="name" />
</div>
<div>
<input type="hidden" id="id" name="title" value="Bob's Group (test)" />
</div>
<div>
<input type="submit" value="Sign up" class="send_button" />
</div>
</form>
The hidden value 'title' get's its value from a Perch CMS php inline script and in this case it's "Bob's Group (test)".
The php script to process this form looks like this:
<?php
// Get and check input
$title = check_input($_POST['title']);
echo "title: $title<br>";
$name = check_input($_POST['name']);
$title = mysql_real_escape_string($title);
// Some sql queries that use $title
?>
The output looks like this:
title: Bob's Group (test)
title:
In other words, mysql_real_escape_string causes title to become a blank string.
Is there a way to handle this form value and generate a safe sql string to use?
mysql_real_escape_string() is MySQL server-side. It requires an active DB connection. Check if you have one in the moment of check.
Just a note, not an advice: mysql_escape_string() is client-side, i.e. works in PHP even without active MySQL connection.
You have to have an active connection to MySQL for msyql_real_escape_string() to work. You're most likely getting back a boolean FALSE from m_r_e_s() because you haven't connected, and it's issuing an error. If you do
$title = mysql_real_escape_string($title) or die(msyql_error());
^^^^^^^^^^^^^^^^^^^^^^
you'll most likely get a "not connected" error message.
The connection is required so m_r_e_s can properly escape things - it basically asks the server what its must-be-escaped metacharacters are so it can do its job properly.
I wrote this statements but it is not work :(
... can you tell me why?
HTML:
<form action="join.php" method="post">
<label name="RoomName">Room1</label>
</form>
PHP:
$roomName = $_POST['RoomName'];
$roomID = "SELECT RoomID FROM rooms WHERE RoomName = $roomName";
EDIT:
thanks but in my work the user does not have the ability to edit the room name
so i need to display the room name in a label (on any thing else) instead of text box
You need an <input> element as well.
<input type="text" name="RoomName">
This way the value is available by $_POST['RoomName']. You likely also need a submit button:
<input type="submit" value="Submit">
The label just associates the label with an input element, usually with the for attribute pointing to the input element's id:
<label for="RoomName">Room1</label>
<input type="text" id="RoomName" name="RoomName">
The benefit of this is mainly in accessibility (screen readers, clicking label, etc).
To learn more about HTML forms, go through this quick guide: http://www.w3schools.com/html/html_forms.asp
As to the SQL query, read the comments others posted to your question. You need to quote strings and escape the values from SQL injections as well.
Update: as per your edit, just set the readonly attribute to avoid the field being edited:
<input type="text" id="RoomName" name="RoomName" value="somevalue" readonly>
or make use of a hidden input element:
<input type="hidden" name="RoomName" value="somevalue">
Your code should look like this instead:
<form action="join.php" method="post">
<label name="RoomName">Room Name:</label>
<input type="text" name="RoomName" value="Room 1" />
<input type="submit" value="Submit Room" />
</form>
Also, you can't just set the value to the SQL query. You need to use the mysql_fetch_assoc() function. So it would be more like:
$sqlQuery = "SELECT RoomID FROM rooms WHERE RoomName = '".mysql_real_escape_string($roomName)."'";
$result = mysql_query($sqlQuery);
while ($row == mysql_fetch_assoc($result)) {
$roomID = $row['rooms'];
//do stuff with the current roomID
}
RoomName = $roomName"
to
RoomName = '$roomName'"
In SQL, strings must be quoted. Also, be safe by doing mysql_real_escape_string() on $roomName.