I have following statements:
if (isset($_POST['name'])) {
$name = $_POST['name'];
$sql = "SELECT * FROM patients WHERE name LIKE '{$name}' ";
} elseif (isset($_POST['surname'])) {
$surname = $_POST['surname'];
$sql = "SELECT * FROM patients WHERE surname LIKE '{$surname}' ";
} elseif (isset($_POST['pesel'])) {
$pesel = $_POST['pesel'];
$sql = "SELECT * FROM patients WHERE pesel LIKE '{$pesel}' ";
}
And I have 3 search forms. But only the first one works (name). Other do not respond. How to change it?
Please check if all the $_POST[] variables are not set at the same time. Because, $_POST['name'] is the first variable and if it is set, other conditions will not be checked.
The browser will send the input field in the request, even if it's empty.
You cannot test whether a string is empty with isset. You need !== "" too.
try this....
if(isset($_POST['name'])) {
$name = $_POST['name'];
echo $name;
$sql = "SELECT * FROM patients WHERE name LIKE '{$name}' ";
}
else if(isset($_POST['surname'])) {
$surname = $_POST['surname'];
echo $surname;
$sql = "SELECT * FROM patients WHERE surname LIKE '{$surname}' ";
}
else if(isset($_POST['pesel'])) {
$pesel = $_POST['pesel'];
echo $pesel;
$sql = "SELECT * FROM patients WHERE pesel LIKE '{$pesel}' ";
}
You can use multiple like condition in single query
$sql = "SELECT * FROM patients WHERE name LIKE '{$name}' OR LIKE '{$surname}' OR LIKE '{$pesel}' ";
try this:
if(isset($_POST['name'])||isset($_POST['surname'])||isset($_POST['pesel'])) {
$name = $_POST['name'];
$sql = "SELECT * FROM patients WHERE name LIKE '{$name}' or surname LIKE '{$surname}' or pesel LIKE '{$pesel}'";
}
Related
I want to select email address from DB to send a email. Following is my query that I have made.
$userID=$_SESSION['userID'];
$select_query = mysql_query("SELECT * FROM employee WHERE emp_id = '$userID'");
$select_sql = mysql_fetch_array($select_query);
$name=$select_sql['manager_name'];
$select_query1 = mysql_query("SELECT email FROM employee WHERE employee.name='$name'");
$select_sql1 = mysql_fetch_array($select_query1);
$email=$select_sql1['email'];
But $select_query1 return "NULL Invalid address:" instead of the correct value. I could not found the problem with this. Please help !
You are using $_SESSION['userID'] to get all data from table employee so instead of doing two queries simply try this
$empID = $_SESSION['userID'];
$query = mysql_query("SELECT * FROM employee WHERE emp_id=$empID");
$result = mysql_fetch_array($query);
$email = $result['email'];
hi i am new to php mysql. I have created a form where the user can search the database, and the result depends on how the user fills in the form. form has 6 search fields. where user can choose / fill any of one or more fields to make his search. i have coded it as follows
php
<?php require_once('Connections/osrc.php'); ?>
<?php
$maxRows_search_result = 10;
$pageNum_search_result = 0;
if (isset($_GET['pageNum_search_result'])) {
$pageNum_search_result = $_GET['pageNum_search_result'];
}
$startRow_search_result = $pageNum_search_result * $maxRows_search_result;
mysql_select_db($database_osrc, $osrc);
$propertyid = $_POST['propertyid'];
$offered = $_POST['offered'];
$property_type = $_POST['property_type'];
$beds = $_POST['beds'];
$city = $_POST['city'];
$locality = $_POST['locality'];
$query_search_result = "SELECT * FROM osrc_data WHERE propertyid LIKE '%$propertyid%' OR offered LIKE '%$offered%' AND property_type LIKE '%$property_type%' AND beds LIKE '%$beds%' AND city LIKE '%$city%' AND locality LIKE '%$locality%' ";
$query_limit_search_result = sprintf("%s LIMIT %d, %d", $query_search_result, $startRow_search_result, $maxRows_search_result);
$search_result = mysql_query($query_limit_search_result, $osrc) or die(mysql_error());
$row_search_result = mysql_fetch_assoc($search_result);
if (isset($_GET['totalRows_search_result'])) {
$totalRows_search_result = $_GET['totalRows_search_result'];
} else {
$all_search_result = mysql_query($query_search_result);
$totalRows_search_result = mysql_num_rows($all_search_result);
}
$totalPages_search_result = ceil($totalRows_search_result/$maxRows_search_result)-1;
?>
now when user It works but it shows all rows in database table.
for example user fills up three fields beds, city, locality and rest of three are blank.
search result page shows all rows in data base with all records.
pls help me to correct my codes. Thanks in advance
First, I agree with #VaaChar, you should be using mysqli or even better yet PDO.
You will have determine IF a value has been placed in a field and if so use it in your query. If no value was placed in the field ignore it in your query.
Something like this...
$sqlid = "";
$sqloffered = "";
$sqltype = "";
$sqlbeds = "";
$sqlcity = "";
$sqllocality = "";
if(isset($propertyid)) {
$sqlid = " propertyid LIKE '%$propertyid%'";
}
if(isset($propertyid) && isset($offered)) {
$sqloffered = " OR offered LIKE '%$offered%'";
}
if(!isset($propertyid) && isset($offered)) {
$sqloffered = " offered LIKE '%$offered%'";
}
if(isset($property_type)) {
$sqltype = " AND property_type LIKE '%$property_type%'";
}
if(isset($beds)) {
$sqlbeds = " AND beds LIKE '%$beds%'";
}
if(isset($city)) {
$sqlcity = " AND city LIKE '%$city%'";
}
if(isset($locality)) {
$sqllocality = " AND locality LIKE '%$locality%'";
}
$sql = "SELECT * FROM osrc_data WHERE {$sqlid}{$sqloffered}{$sqltype}{$sqlbeds}{$sqlcity}{$sqllocality} ";
When you build the sql query with (say) $propertyid empty, you get this :
.... LIKE '%%' ...,
which is like saying "anything". You must build your query only with the fields that have been filled.
In my database I have a column "first_name" and "last_name" (there is more in there but not related to my question)
Here is the code :
//Get variables for email
$qry_get = mysql_query("SELECT * FROM members WHERE id = $id");
while($row_get = mysql_fetch_array($qry_get))
{
$id = $row_get['id'];
$name = $row_get['first_name'];
$email = $row_get['email'];
$password = $row_get['password'];
}
And this works fine. But im trying to get $name to fetch both first_name and last_name. Is it possible?
It is so when the details are inserted into the database it will show both names rather than just the first name.
I have tried to do it like
//Get variables for email
$qry_get = mysql_query("SELECT * FROM members WHERE id = $id");
while($row_get = mysql_fetch_array($qry_get))
{
$id = $row_get['id'];
$name = $row_get['first_name'],['last_name'];
$email = $row_get['email'];
$password = $row_get['password'];
}
But it failed.
You can't get two values at once like you did, you have to concatenate the value of $row_get['first_name'] and the value of $row_get['last_name'] :
//Get variables for email
$qry_get = mysql_query("SELECT * FROM members WHERE id = $id");
while($row_get = mysql_fetch_array($qry_get))
{
$id = $row_get['id'];
$name = $row_get['first_name'] . ' ' .$row_get['last_name'];
$email = $row_get['email'];
$password = $row_get['password'];
}
You shouldn't use SQL, it's open to attack and is deprecated, Look into SQLi or PHP PDO data objects. Why are you selecting all in your query when you only need 2 fields ? I will work with your code though
SELECT first_name,last_name FROM members WHERE id = $id"
I need to read a text file, query the database table with that name, and store that table's data in another table. So far I have written this code but I don't know why it's not working.
foreach ($lindb as $namedb) {
$query = "SELECT * FROM ntable WHERE name =" .$namedb. "";
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
$query = "INSERT INTO ndtable (name,details,address,login,country) VALUES (\"".$r["name"]."\", \"".$r["details"]."\", \"".$r["address"]."\", \"".$r["login"]."\", \"".$r["country"]."\")";
mysql_query($query);
}
}
You don't have quotes around $namedb
ie. SELECT * FROM ntable WHERE name =" .$namedb. ""; should be SELECT * FROM ntable WHERE name ='" .$namedb. "'";
I suggest a SELECT INTO would be the better choice... and please post the error so we are able to help...
I've written this PHP-Script which is working, and now I want to change the row name into a variable to (not sure if row is correct), I mean the "name" from the select name...
I've tried nearly everything, but nothing gave me the right result.
I know that the normal thing how I can use variables in a statement like ("'. $var .'") won't work.
<?php
require_once 'config.php';
$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"]; //ID OF THE CURRENT USERS
$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->name;
$retval = trim($retval);
echo $retval;
?>
This is much easier isn't it?
$sql_insert =
"INSERT INTO customers (
`name`,
`address`,
`email`,
`phone`
)
VALUES (
'$name',
'$address',
'$email',
'$phone'
)";
Is it this you're looking for? Even your question in German isn't that clear to me :
$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;
You can usi it something like this. Currently i assume you get only one row back and want to use only one field.
<?php
require_once 'config.php';
$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"]; //ID DES DERZEITIGEN USERS
//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
if (!$query) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field
$retval = trim($retval);
echo $retval;
?>
Please post in English. Everyone else does.
Try using a different fetch method - fetch an associative array, then use the dynamic parameter to retrieve whatever column it is you need.
Have you considered using PDO?
I believe you are confusing matters (unintentionally) due to your use of the word 'row'. Judging by your example you mean field/column. It sounds like you wish to specify the fields to select using a variable which can be done by any of these methods...
$fields = "name, age";
$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";
NB it is important that you have secure date in the $fields element, I would suggest using a whitelist of allowed values i.e.
// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();
foreach ($_POST['fields'] as $field) {
if (in_array($field, $allowed)) {
$fields[] = $field;
}
$fields = implode(', ', $fields);
Wouldn't this work?
$result = mysql_fetch_array($query);
echo trim($result['name']);
You should never put a variable into field list.
If want a variable field name, select *
and then use your variable to fetch particular field
<?php
require_once 'config.php';
$id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"]; //ID DES DERZEITIGEN USERS
$query = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'";
$result = mysql_query($query) or trigger_error(mysql_error().$query);
$row = mysql_fetch_array($result);
//and finally
$fieldname = "name";
$retval = $row[$fieldname];
echo $retval;
?>