I have a database created with five fields
ValueA
ValueB
ValueC
ValueD
ValueE
and I am trying to make a search form that can search by each of these individual fields, e.g if the value in ValueB was "Blue", select ValueB from the dropdown then type in "Blue" to print out all the values in the row that Blue was a part of. So far, I've created an html file called "findme.html":
<html>
<head>
<title>Search</title>
</head>
<body bgcolor=#ffffff>
<h2>Search</h2>
<form name="search" method="post" action="findme2.php">
Search for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="ValueA">Value A</option>
<Option VALUE="ValueB">Value B</option>
<Option VALUE="ValueC">Value C</option>
<Option VALUE="ValueD">Value D</option>
<Option VALUE="ValueE">Value E</option>
</Select>
<input type="submit" name="search" value="Search" />
</form>
</body>
</html>
and also created a php file called "findme2.php":
<html>
<head>
<title>Searching through Database Table mytablename</title>
</head>
<body bgcolor=#ffffff>
<?php
include "config.php";
echo "<h2>Search Results:</h2><p>";
if(isset($_POST['search']))
{
$find =$_POST['find'];
}
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}
// Otherwise we connect to our Database
$username="xxxxxxxx";
$password="xxxxxxxx";
$database="xxxxxx_xxxxxxx";
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$iname = mysql_query("SELECT * FROM mytablename WHERE upper($field) LIKE '%$find%'")
or die(mysql_error());
//And we display the results
while($result = mysql_fetch_array( $iname ))
{
echo "id :" .$result['ValueA'];
echo "<br> ";
echo "name :".$result['ValueB'];
echo "<br>";
echo "name :".$result['ValueC'];
echo "<br>";
echo "name :".$result['ValueD'];
echo "<br>";
echo "name :".$result['ValueE'];
echo "<br>";
echo "<br>";
}
$anymatches = mysql_num_rows($iname);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query...<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
?>
</body>
</html>
I believe my problem is with the query command, but I am not sure how to adjust the syntax. Can anyone help me?
You forgot to set your $field variable.
In your if statement, you should change it to
if(isset($_POST['search']))
{
$find =$_POST['find'];
$field =$_POST['field'];
}
It should work then.
Related
I am new to PHP coding. I have different preferences for the user to select from my html page. I want to retrieve all the check boxes selected by the user and display the hotel names which have all those preferences in them. For example if a user selects "Roof top", "Sea side" and "Swimming pool" check boxes, then the hotels against which their is a 1 placed in the respective columns in the mytrip.db database must be retrieved all at once and get displayed. My code takes only one checkbox value and displays the hotel name against that only. I want to display the hotels that contain all the preferences.
My code is below:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PHP: Get Values of Multiple Checked Checkboxes</title>
<link rel="stylesheet" href="css/php_checkbox.css" />
</head>
<body>
<div class="container">
<div class="main">
<h2>PHP: Get Values of Multiple Checked Checkboxes</h2>
<select id="mySelect" name="list">
<option selected>Select a place</option>
<option value="1">Lahore</option>
<option value="2">Dubai</option>
<option value="3">New York</option>
<option value="4">Canberra</option>
<option value="5">London</option>
</select>
<form action="php_checkbox.php" method="post">
<label class="heading">Select Your Preferences:</label>
<input type="checkbox" name="check_list[]" value="Swimming pool"><label>Swimming pool</label>
<input type="checkbox" name="check_list[]" value="Roof top"><label>Roof top</label>
<input type="checkbox" name="check_list[]" value="Sea side"><label>Sea side</label>
<input type="submit" name="submit" Value="Submit"/>
</html>
<?php include 'checkbox_value.php';?>
</form>
</div>
</div>
</body>
</html>
checkbox_value.php code is below:
<?php
class MyDB extends SQLite3
{
function __construct()
{
$this->open('mytrip.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
if(isset($_POST['submit'])){
if(!empty($_POST['check_list'])) {
// Counting number of checked checkboxes.
$checked_count = count($_POST['check_list']);
echo "You have selected following ".$checked_count." option(s): <br/>";
$prefarray=array();
$i=0;
// Loop to store and display values of individual checked checkbox.
foreach($_POST['check_list'] as $selected) {
$prefarray[$i]= $selected;
echo "<p>".$prefarray[$i] ."</p>";
echo "<p>".$selected ."</p>";
$i++;
}
echo "<p>".$i ."</p>";
$sql =<<<EOF
SELECT hotel_name from Dubai WHERE $prefarray[i]==1 AND $prefarray[i-1]==1 ;
EOF;
$ret = $db->query($sql);
while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
echo "<p> <br /></p>\n";
echo "\n". $row['hotel_name'] . "\n";
}
$db->close();
echo "<br/><b>Note :</b> <span>Similarily, You Can Also Perform CRUD Operations using These Selected Values.</span>";
}
else{
echo "<b>Please Select Atleast One Option.</b>";
}
}
?>
The problem with this code is that it only displays one checkbox value if I use query
SELECT hotel_name FROM Dubai WHERE $selected==1
I tried to save the check box values selected by making an array "prefarray". But when I execute the query that I have posted in my checkbox_value.php code it gives me error of "Undefined offset 3 in prefarray". I want the data base query to have only those checkbox values that have been selected by the user. For example if the user has selected 2 out of three checkboxes then my query should look like
SELECT hotel_name FROM Dubai WHERE $checkbox==1 AND $checkbox2==1;
Any help to achieve two of these tasks will be appreciated!
I have fixed and refactored (couldn't stop myself) your code.
I have changed column names to proper ones. There was some redundant code which did nothing so I got rid of it. The main thing you were looking for is concatenating each chosen column in foreach loop. I'm also checking selected values against hard coded $hotelOptions for protection against sql injection.
Here is what I got:
checkbox_value.php:
<?php
class MyDB extends SQLite3
{
function __construct()
{
$this->open('mytrip.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
$hotelOptions = array('swimming_pool', 'roof_top', 'sea_side');
if (isset($_POST['submit'])) {
if (!empty($_POST['check_list']) && is_array($_POST['check_list'])) {
// Counting number of checked checkboxes.
$checked_count = count($_POST['check_list']);
echo "You have selected following ".$checked_count." option(s): <br/>";
// Loop to store and display values of individual checked checkbox.
$where = '';
foreach($_POST['check_list'] as $selected) {
echo "<p>".$selected ."</p>";
if (array_search($selected, $hotelOptions) !== false) {
$where .= " AND {$selected} = 1";
}
}
$where = substr($where, 5, strlen($where));
$sql = "SELECT hotel_name FROM Dubai WHERE {$where};";
$ret = $db->query($sql);
while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
echo "<p> <br /></p>\n";
echo "\n". $row['hotel_name'] . "\n";
}
$db->close();
echo "<br/><b>Note :</b> <span>Similarily, You Can Also Perform CRUD Operations using These Selected Values.</span>";
} else {
echo "<b>Please Select Atleast One Option.</b>";
}
}
html layout:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>PHP: Get Values of Multiple Checked Checkboxes</title>
<link rel="stylesheet" href="css/php_checkbox.css"/>
</head>
<body>
<div class="container">
<div class="main">
<form action="checkbox_value.php" method="post">
<h2>PHP: Get Values of Multiple Checked Checkboxes</h2>
<select id="mySelect" name="list">
<option selected>Select a place</option>
<option value="1">Lahore</option>
<option value="2">Dubai</option>
<option value="3">New York</option>
<option value="4">Canberra</option>
<option value="5">London</option>
</select>
<p class="heading">Select Your Preferences:</p>
<input type="checkbox" name="check_list[]" value="swimming_pool" id="checkbox_1">
<label for="checkbox_1">Swimming pool</label>
<input type="checkbox" name="check_list[]" value="roof_top" id="checkbox_2">
<label for="checkbox_2">Roof top</label>
<input type="checkbox" name="check_list[]" value="sea_side" id="checkbox_3">
<label for="checkbox_3">Sea side</label>
<div>
<input type="submit" name="submit" Value="Submit"/>
</div>
<?php include 'checkbox_value.php';?>
</form>
</div>
</div>
</body>
</html>
I found a tutorial that looked like it would do what I've been trying to do without success. I adapted it to my details and tried it. It doesn't work. When you enter the search and hit submit, all it does is go back to the beginning. I can't see anything wrong with the code so after a couple of hours of trying things, here it is. Can you see what is wrong?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<title>test</title>
</head>
<body>
<?
if ($searching =="yes")
{
echo "<h2>Search</h2><p>";
if ($find == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
mysql_connect('localhost', 'user', 'password') or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
$data = mysql_query("SELECT * FROM engravers WHERE upper($field) LIKE'%$find%'");
while($result = mysql_fetch_array( $data ))
{
echo $result['Country'];
echo "<br>";
echo $result['Year'];
echo "<br>";
echo $result['Engraver1Surname'];
echo "<br>";
echo $result['Designer1Surname'];
echo "<br>";
echo $result['Printer'];
echo "<br>";
echo "<br>";
}
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
echo "<b>Searched For:</b> " .$find;
}
?>
<h2>Search</h2>
<form name="search" method="post" action="<?=$PHP_SELF?>">
Search for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="Country">Country</option>
<Option VALUE="Year">Year</option>
<Option VALUE="Engraver1Surname">Engraver</option>
<Option VALUE="Designer1Surname ">Designer</option>
<Option VALUE="Printer">Printer</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
</body>
</html>
As mentioned in my comment, after POSTing, you need to grab the variables from the $_POST array. Something like:
if ($_POST['searching'] == "yes") {
$find = $_POST['find'];
$field = $_POST['field'];
// etc...
This looks like very old PHP code that had register_globals on. It doesn't work like that anymore.
Use the superglobal $_POST to get to your variables, for example:
if ($_POST['searching'] =="yes") {
...
}
Also, read into SQL injection and how to avoid it.
You need to set the variables on begin:
//set default values
$find="";
$searching="";
$field="";
If(isset($_POST['searching']) && $_POST['searching']="yes"){
$find= mysql_real_escape_string($_POST['find']);
$searching=mysql_real_escape_string($_POST['searching']);
$field=mysql_real_escape_string($_POST['field']);
...
I am new to creating a search form, below is my code for the search form:
<h2>Search</h2>
<form name="search" method="post" action="search_result2.php">
Search for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="testA">A</option>
<Option VALUE="testB">B</option>
<Option VALUE="testC">C</option>
<Option VALUE="testD">D</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
UPDATED: search_result2.php:
<?php
//This is only displayed if they have submitted the form
if (isset($_POST['searching']) && $_POST['searching'] == "yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if (empty($_POST['find']))
{
echo "<p>You forgot to enter a search term";
exit;
}
// Otherwise we connect to our Database
mysql_connect("host", "username", "passw") or die(mysql_error());
mysql_select_db("testdb") or die(mysql_error());
// We preform a bit of filtering
$find = strtoupper($_POST['find']);
$find = strip_tags($_POST['find']);
$find = trim ($_POST['find']);
$field = trim ($_POST['field'])
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM testtable WHERE upper($field) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['testA'];
echo " ";
echo $result['testB'];
echo "<br>";
echo $result['testC'];
echo "<br>";
echo $result['testD'];
echo "<br>";
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>
==========================
now what is happening is whether I put in a search string or not it will display the following messages, which is exactly my code for the search result,
Results:
"; //If they did not enter a search term we give them an error if ($find == "") { echo "
You forgot to enter a search term";
exit;
} // Otherwise we connect to our Database
mysql_connect("host", "username", "passw") or die(mysql_error());
mysql_select_db("testdb") or die(mysql_error());
// We preform a bit of filtering $find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM testtable WHERE upper($field) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data )) {
echo $result['testA'];
echo " ";
echo $result['testB'];
echo " ";
echo $result['testC'];
echo " ";
echo $result['testD'];
echo " ";
echo " ";
} //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query
"; } //And we remind them what they searched for echo "Searched For: " .$find; } ?>
Indeed use <?phpinstead of <?
few other recommendations
if (isset($_POST['searching']) && $_POST['searching'] == "yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if (empty($_POST['find']))
{
echo "<p>You forgot to enter a search term";
exit;
}
also suggest you strip tags on $field
don't use <? insted of use <?php short_open_tag can be disabled at server.
I can't seem to get the following code to make a dropdown menu that contains data from a mysql database. The "include('connect.php');" connects to the mysql database and I know it works on separate pages. Any suggestions?
Below is the entire code.
listCustomer
<BODY>
<H1>Find Customer's Albums Page</H1>
From a dropdown list of customers, a user should be able to pick a customer and see a list of albums (all fields in the CD table) purchased by that customer.
<HR>
<FORM ACTION="listCustomer.php" METHOD="POST"/>
Customer:
<select name="mydropdownCust">
<option value="101">101</option>
<option value="102">102</option>
<option value="103">103</option>
<option value="104">104</option>
<option value="105">105</option>
<option value="106">106</option>
<option value="107">107</option>
<option value="108">108</option>
<option value="109">109</option>
<option value="110">110</option>
</select>
<BR>
<?php
include('connect.php');
$query = "SELECT Cnum, CName FROM Customer";
$result = mysql_query ($query);
echo "<select name=dropdown value=''>Dropdown</option>";
while($r = mysql_fetch_array($result))
{
echo "<option value=$r["Cnum"]>$r["CName"]</option>";
}
echo "</select>";
?>
<BR>
<INPUT TYPE="SUBMIT" Value="Submit"/>
</FORM>
<FORM ACTION="listMenu.html" METHOD="POST"/>
<INPUT TYPE="SUBMIT" Value="Main Menu"/>
</FORM>
</BODY>
</HTML>
<?php
include('connect.php');
$query = "SELECT Cnum, CName FROM Customer";
$result = mysql_query ($query);
echo "<select name='dropdown' value=''><option>Dropdown</option>";
while($r = mysql_fetch_array($result)) {
echo "<option value=".$r['Cnum'].">".$r['CName']."</option>";
}
echo "</select>";
?>
From the looks of things, you're missing an opening option tag, so it's just outputting "Dropdown" as a line of text.
Edit
Just to be completely transparent, because I did not have connect.php, I had to add my own DB connections. My whole page looked thusly:
<?
//Adding to display errors.
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<HTML>
<HEAD>
</HEAD>
<BODY>
<H1>Find Customer's Albums Page</H1>
From a dropdown list of customers, a user should be able to pick a customer and see a list of albums (all fields in the CD table) purchased by that customer.
<HR>
<FORM ACTION="listCustomer.php" METHOD="POST"/>
Customer:
<select name="mydropdownCust">
<option value="101">101</option>
<option value="102">102</option>
<option value="103">103</option>
<option value="104">104</option>
<option value="105">105</option>
<option value="106">106</option>
<option value="107">107</option>
<option value="108">108</option>
<option value="109">109</option>
<option value="110">110</option>
</select>
<BR />
<?php
// BEGIN ADDED CONNECTION HACKY GARBAGE
$con=mysql_connect("localhost","root","root");
// Check connection
if (mysqli_connect_errno($con)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$selected = mysql_select_db("sample",$con)
or die("Could not select examples");
// END ADDED CONNECTION HACKY GARBAGE
$query = "SELECT Cnum, CName FROM Customer";
$result = mysql_query ($query);
echo "<select name='dropdown' value=''><option>Dropdown</option>";
while($r = mysql_fetch_array($result)) {
echo "<option value=".$r['Cnum'].">".$r['CName']."</option>";
}
echo "</select>";
?>
<BR />
<INPUT TYPE="SUBMIT" Value="Submit"/>
</FORM>
<FORM ACTION="listMenu.html" METHOD="POST"/>
<INPUT TYPE="SUBMIT" Value="Main Menu"/>
</FORM>
</BODY>
</HTML>
First off, you are missing an option opening tag, as correctly mentioned by stslavik. But this is not causing the issue here as it seems (it's auto-corrected by the browser - in my tests atleast).
Secondly, this wont work (problem causer):
echo "<option value=$r["Cnum"]>$r["CName"]</option>";
You should use
echo "<option value=".$r["Cnum"].">".$r["CName"]."</option>";
or, as I always prefer single quotes to enclose echo or print output strings:
echo '<option value='.$r['Cnum'].'>'.$r['CName'].'</option>';
Third alternative (complex syntax: What does ${ } mean in PHP syntax?)
echo "<option value={$r["Cnum"]}>{$r["CName"]}</option>";
assuming you get data from the database try this
echo "<option value={$r['Cnum']}>{$r['CName']}</option>";
try,
echo "<option value=' . $r['Cnum'] . '>' . $r['CName'] . '</option>";
instead of
echo "<option value=$r[Cnum]>$r[CName]</option>";
Please check out this mock up of a search on my site:
LINK EXPIRED
The search doesn't return any results and no error messages are shown, why is this?
I have taken out my person information ie. host/username/password
HTML:
<h2>Search</h2>
<form name="search" method="post" action="<?=$PHP_SELF?>">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="fname">First Name</option>
<Option VALUE="lname">Last Name</option>
<Option VALUE="info">Profile</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
php:
<?php
//This is only displayed if they have submitted the form
if ($searching =="yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
// Otherwise we connect to our Database
mysql_connect("MYHOST", "MYUSERNAME", "MYPASSWORD") or die(mysql_error());
mysql_select_db("MYDATABSENAME") or die(mysql_error());
// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['fname'];
echo " ";
echo $result['lname'];
echo "<br>";
echo $result['info'];
echo "<br>";
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives
them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>
Thanks!
Jmames
You are assuming the server is using register_globals, which is a terrible terrible thing. You should do something like if ($_POST['searching'] =="yes") instead. This is probaly also why nothing happens.
The docs says
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
Your code is also extremely vulnerable to SQL injection, which you can fix with mysql_real_escape_string.
Your query should look like this
$data = mysql_query("SELECT * FROM users WHERE upper(".mysql_real_escape_string($field).") LIKE'%".mysql_real_escape_string($find)."%'");
Did you write:
$searching = $_POST['searching'];
Before:
if ($searching =="yes")
?