search for a specific row in MySQL using PHP - php

I'm trying to verify my search box (html) using php code
but in all times it gives all rows I dont know where is the problem
html code:
<form action="searchHotel.php" method="post">
<input value="Hotel's Name" type="text" name="Hotels_Name" id="dropdownlist" style="width:150px; hight:10px;">
</form>
</br>
<br/>
<button style = " margin-top:2%; position:relative;" type="button" onClick="location.href='searchHotel.php'" method="post" action="searchHotel.php">GO</button>
<br/><br/>
a peice of php code:
//code
echo $_POST['Hotels_Name'];
$n = (string) $_POST['Hotels_Name'];
$variable = (string)$n;
$query = "SELECT * FROM facility WHERE name LIKE '%$variable%'";
$result = mysql_query($query) or die('Query failed: ' . mysql_error() . "<br />\n$sqlquery");
$number = mysql_num_rows($result);
echo $number;
$row = mysql_fetch_assoc($result);
print_r($row);
I have already connected the database


Correct your html code use below code. In your code there is no proper form action onto form. So try below html code. Also try mysqli for database operations in php code.
<form action="searchHotel.php" method="post">
<input type="text" name="Hotels_Name" id="dropdownlist" style="width:150px; hight:10px;">
<input style = " margin-top:2%; position:relative;" type="submit" value="GO" >
</form>

Related

How to make this MySQL query using variables to work?

I have a form which sends a Roll_No value using post method to a php file:
//Query the database
$resultSet = $mysqli->query("SELECT * FROM late WHERE 'Roll_No' LIKE '" . $_POST['Roll_No'] . "';");
//Count the returned rows
if($resultSet->num_rows != 0){
//Turn the results into an array and echo them
while($rows = $resultSet->fetch_assoc())
{
$Roll_No = $rows['Roll_No'];
$Time = $rows['Time'];
echo "<p>Roll_No: $Roll_No <br />Time: $Time</p>";
}
My code seems to be unable to take the Roll_No value from the form and therefore gives no results.
EDIT: Here's the form
<form action="report-d1.php" method="post" />
<p>Search by Roll_No<input type="text" name="Roll_No" /></p>
<input type="submit" value="Submit" />
</form>

how to pre populate fields based on search results of data base

I am new to stack overflow and really appreciate all the help. I currently have a database with basic columns, name id company etc. I created a search query that shifts through this list based on firstname, lastname, or timestamp date. I was able to print the results on the query page of the search but want this to pre populate on the same form page as a new entry. i was able to link from the query page to the form page but am not sure how to populate these results on the form page.
my current query page prints as the following :
<!DOCTYPE html>
<html>
<head>
<title>
</title>
</head>
<body>
<div id="container" style="width:750px;background-color:#FFFE8D;margin-left: 250px">
<div id="Back" style="float:left; background-color:#FFFE8D;">
<form action="http://localhost/contractor/existingcontractorpage3.php">
<input type="submit" value="Back">
</form>
</div>
<div id="Is this the Contractor?" style="float:right; background-color:#FFFE8D;">
<form action="http://localhost/contractor/redirectcontractorpage.php">
<input type="submit" value="Next">
</form>
</div>
<div id="info" style="width:750px;height:95px; text-align: center">
<h3> If this is the contractor, please move on to the next page using the corresponding button above. </h3>
<h3> Please enter the exact information on the next page. </h3>
</div>
<div id="results" style="width:750px;height:225px; text-align: center">
<?php
$host = "localhost"; //server
$db = ""; //database name
$user = ""; //databases user name
$pwd = ""; //password
mysql_connect($host, $user, $pwd) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$searchTerm = trim($_GET['searchname']);
// Check if $searchTerm is empty
if($searchTerm == "")
{
echo "Enter name you are searching for.";
exit();
}
else
{
$sql = "SELECT * FROM contractor WHERE CONCAT(FIRSTNAME,' ',LASTNAME,' ', ARRIVAL) like '%$searchTerm%'";
$query = mysql_query($sql);
$count=mysql_num_rows($query);
if(($count)>=1)
{
$output = "";
while($row = mysql_fetch_array($query))
{
$output .= "First Name: " . $row['FIRSTNAME'] . "<br />";
$output .= "Last Name: " . $row['LASTNAME'] . "<br />";
$output .= "Arrival: " . $row['ARRIVAL'] . "<br />";
}
echo $output;
}
else
echo "There was no matching record for the name " . $searchTerm;
}
?>
</div>
<br> </br>
<br> </br>
</body>
</html>
Now ideally i would want the results to pop up here, and if possibly have a radio button to the right of each result( if there is ever more than one) to select and continue to the form page to pre populate each field. the form page is simply like this:
<form action="insert_submit.php" method="post">
First Name: <input type = "text" name="FIRSTNAME" id="FIRSTNAME" />
<br>
</br>
Last Name: <input type = "text" name="LASTNAME" id="LASTNAME"/>
<br>
</br>
Purpose: <input type = "text" name="PURPOSE" id="PURPOSE"/>
<br>
</br>
Company: <input type = "text" name="COMPANY" id="COMPANY" />
<br>
</br>
Who here to see: <input type = "text" name="WHOHERETOSEE" id="WHOHERETOSEE"/>
<br>
</br>
<input type="submit" value="Submit">
<br>
</br>
</form>
thanks so much! hope to hear back soon as this is my last straw on my project.

The simplest way to do this is to pull the data from the database like you're doing, except where you want to add the form into the page. Then in your loop print out form fields:
You need to give each radio a unique name. You could use an incrementing id, or you could give it the same as the row name.
Method 1:
while($row = mysql_fetch_array($query))
{
$output .= "<label>First Name: " . $row['FIRSTNAME'] . "</label><input type=\"radio\" name = \"radio[]\" value=\"".$row['FIRSTNAME']." ".$row['LASTNAME']."\"/>";
..
..
}
You will then be able to get the values from the radio buttons by using GET or POST when the from is submitted.
Setting name = "radio[]" puts all the values in an array which you can get on the next page once the form is submitted.
On the next page after form submission, $_POST['radio'] or $_GET['radio'] will return an array of all the values which you specify. Notice how the value attribute has been filled in above. Do this for each of the rows.
Also be careful about using my_sql connections. It's depreciated as of PHP 5.5.0. Use mysqli or PDO instead, it's more secure. http://ie1.php.net/function.mysql-connect
Check it this link. it compares and provides examples on both

I don't see where you're connecting the query search and form page, but you could create the link back containing the data in GET params in the url, since I don't see password or private material in these fields. Then use php to populate the forms.
$url = "your_form_page?";
while($row = mysql_fetch_array($query))
{
$url .= "fname=" . $row['FIRSTNAME'];
$url .= "&lname=" . $row['LASTNAME'];
$url .= "&arrival=" . $row['ARRIVAL'];
}
// $url = your_form_page?fname=bob&lname=jones&arrival=blah
Then to populate the form..
<form action="insert_submit.php" method="post">
First Name: <input type = "text" name="FIRSTNAME" id="FIRSTNAME" value="<?php echo $_GET['fname']; ?>" />
Hopefully this helps or at least gets you thinking in the right direction.

If content exists in database, provide form to update it - else provide form to add new row

It's all going wrong. I need to output a form onto my website that will do 1 of 2 things:
If the user already has content in the database, provide a form that posts to self to update the existing content.
If the user does not have content in the database, provide a form to let the user add information to the database.
The forms should submit to themselves to keep coding tidy. I'm getting into a right mess. I'll show what I have so far, but I'm getting in a muddle.
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
while($row = mysql_fetch_array($result))
{
$profileText = $row['text'];
}
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
echo
'<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">' .
$profileText .'
</textarea><br />
<input type="submit" value="Submit" />
</form>'
;}
else{
$profileText = $row['text'];
echo
"<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>" .
$profileText
."</textarea><br />
<input type='submit' value='Submit' />
</form>"
;}?>

You've pretty much got the functionality there, just needs tidying up.
Try something like this:
<?php
//look in db to see if content exists, if it does set variable
$profileText="";
if($result = mysql_query("SELECT * from tbl_profiles WHERE user_id = $who")) {
while($row = mysql_fetch_array($result))
{
$profileText .= $row['text'];
}
?>
<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">
<?php echo $profileText; ?>
</textarea><br />
<input type="submit" value="Submit" />
</form>
<?php
} else {
?>
<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>
<?php echo $profileText; ?>
</textarea><br />
<input type='submit' value='Submit' />
</form>
<?php
}
?>

The basic idea is to add a record if new and update if not. What you can do is use an id to represent the record or -1 if it's a new entry
Something along the lines of:
//Defaults
$recordid=-1;
$name='';
$comments='';
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
//Yes. Get the id
$recordid = $result->id;
//Get the values
$name= $result->name;
$comments= $result->name;
}
<form action="../edit/index.php" method="post" name="formdata">
<input type="hidden" name="recordid" value="<? echo htmlspecialchars($recordid) ?>">
<input type="hidden" name="name" value="<? echo htmlspecialchars($name) ?>">
<textarea name="comments" id="comments"><? echo htmlspecialchars($comments) ?></textarea>
<input type="submit" value="submit"/>
</form>
This way a new form will have a -1 but an existing will have an id.
As an additional point it is very important to sanitize your inputs for SQL and what you output in HTML to stop SQL Injections. For your reference on this:
SQL
Little Bobby Tables
Cross Site Scripting

Inserting multiple entries into table from the same form

This is my form, a pretty simple one. I have 3 text fields in which questions will be entered and i want to put each of these in a database.
questFormtest.php:
<html>
<head><title> Test Quest</title></head>
<body>
<form id= "qform" method="post" action="quest.php">
<h3>Enter Questions</h3><br><br>
<h3>Question 1: Five marks each.<br></h3>
a) <input type="text" name="field1[][field1]" size=45>* <br><br>
b) <input type="text" name="field1[][field1]" size=45>* <br><br>
c) <input type="text" name="field1[][field1]" size=45>* <br><br>
<p><input type="submit" name="submit" value="Submit" align="center" />
<input type='reset' name='Cancel' value='Cancel' /></p>
</form>
</body>
</html>
My php file is as follows:
quest.php:
<?php
include('connectionfile.php');
$cnt = count($_POST['field1']);
if ($cnt > 0) {
$insertArr = array();
for ($i=0; $i<$cnt; $i++) {
$insertArr[] = "('" .$_POST['field1'][$i]. "')";
}
$query = "INSERT INTO paper (field1) VALUES " . implode(", ", $insertArr);
mysql_query($query) or trigger_error("Insert failed: " . mysql_error());
}
mysql_close($id_link);
?>
When i run the file, it gives me the following error:
Insert failed: Unknown column 'field1' in 'field list' in quest.php on line 15
Can somebody tell me if there's an error in the query and how i can solve it? Any help is appreciated :)

The posted value is in this index: $_POST['field1'][$i]['field1']. So you use this code : $insertArr[] = "('" .$_POST['field1'][$i]['field1']. "')" in you for loop;

Edit record (should be so easy)

I have looked everywhere here in Stackoverflow and I´ve searced 16.493 sites on Google but no answers to the most basic thing in php (edit record)
I´ve managed to code the most complicated stuff - but this is like a cancer and would also help others.
I have to files - edit.php - and update.php
edit.php works and it retrieves the data from the record
Here is the edit.php
<?php
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
mysql_select_db("db") or die(mysql_error());
$UID = (int)$_GET['id'];
$query = mysql_query("SELECT * FROM cloudbig WHERE id = '$UID'") or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
?>
<form name="form1" method="post" action="update.php">
<input type="text" name="fs" value="<?php echo $texti ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
<?php
}
?>
and here is update.php
<?php
$id = $_REQUEST["id"];
$fs = $_POST["fs"];
$texti = $_POST["texti"];
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
echo "MySQL Connection Established! <br>";
mysql_select_db("db") or die(mysql_error());
echo "Database Found! <br>";
$query = "UPDATE cloudbig SET fs = '$fs', texti = '$texti' WHERE id = '$id'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>
I´ve done a whole news/online magazine site in php but simple edit.php function is a problem

I think that the short answer is that you never post the "id" up to the update.php script. Your form needs to look like this:
<form name="form1" method="post" action="update.php">
<input type="hidden" name="id" value="<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will send the id into the POST array where it can be accessed by $id = $_REQUEST["id"];
You can also accomplish this by sending it via _GET by modifying the form action:
<form name="form1" method="post" action="update.php?id=<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will put it in the $_GET array where it will also be seen in the $_REQUEST array.
Lastly, there are some MAJOR ISSUES with your code:
First and foremost, it is subject to SQL injection! You MUST escape
your variables before passing them into a MySQL query.
Second. As pointed out by iDifferent, you appear to bve echoing the wrong value into the fs field (you're setting it equal to the texti field)
Third, why do you have this loop?
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
If you're fetching by ID you should never have duplicates. Make sure that ID is a primary key and there is no reason to check for multiple rows.

Categories