I'm making a search feature on my website that will find flights in the phpvms_schedules table, with a HTML form and a few different search parameters:
<form method="get" action="">
<select name="code" value="<?php echo $_GET['code'];?>" required>
<?php
// select all airlines
$query = mysql_query("SELECT * FROM phpvms_airlines WHERE enabled=1");
// loop thru
while($row = mysql_fetch_assoc($query)) {
?>
<option value="<?php echo $row['code'];?>"><?php echo $row['name'];?></option>
<?php
} // end loop
?>
</select><br /><br />
<input type="text" name="depicao" maxlength="5" placeholder="Airport of Departure" value="<?php echo $_GET['depicao'];?>"><br />
<input type="text" name="arricao" maxlength="5" placeholder="Airport of Arrival" value="<?php echo $_GET['arricao'];?>"><br />
<input type="text" name="mindis" maxlength="5" placeholder="Minimum distance" value="<?php echo $_GET['mindis'];?>"><br />
<input type="text" name="maxdis" maxlength="5" placeholder="Maximum distance" value="<?php echo $_GET['maxdis'];?>"><br />
<input type="submit" name="submit" value="Search">
</form>
What would be the most code efficient way to construct a MySQL query with these parameters, considering some of them will NOT be filled out by the user?
I tried SELECT * FROM phpvms_schedules WHERE code='$code' OR depicao='$depicao' OR arricao='$arricao' OR distance >= $mindis AND distance <= $maxdis but it was no use.
This is the solution I went with in the end:
// sanitise the user inputs
$code = strip_tags(mysql_real_escape_string($_GET['code']));
$depicao = strip_tags(mysql_real_escape_string($_GET['depicao']));
$arricao = strip_tags(mysql_real_escape_string($_GET['arricao']));
$mindis = strip_tags(mysql_real_escape_string($_GET['mindis']));
$maxdis = strip_tags(mysql_real_escape_string($_GET['maxdis']));
// start constructing the WHERE clause for the query
$WHERE = "enabled=1";
if(strlen($code)!=0) {
$WHERE .= " AND code='$code'";
}
if(strlen($depicao)!=0) {
$WHERE .= " AND depicao='$depicao'";
}
if(strlen($arricao)!=0) {
$WHERE .= " AND arricao='$arricao'";
}
if(strlen($mindis)!=0) {
$WHERE .= " AND distance >= $mindis";
}
if(strlen($maxdis)!=0) {
$WHERE .= " AND distance <= $maxdis";
}
// query
$query = mysql_query("SELECT * FROM phpvms_schedules WHERE $WHERE");
Related
I start by showing a list of businesses I have stored in a db. There is a form to search by industry or state. When showing a list of search results, I also provide the option to move the businesses to different tables. After submitting the form to move a business to a different table, the list refreshes to default result list, and we have to enter search term again.
I've tried assigning $_POST values to dynamic urls in the action url of my forms, I've tried assigning $_POST values to the value="" parameter of my forms.
<?php
if (isset($_POST['update']) && ($_POST['update'] == 'true')){
$sql = 'INSERT INTO table1 (columns,columns,columns)
SELECT columns,columns,columns
FROM table2 WHERE id = 1';
if (mysqli_query($db, $sql)) {}
}
?>
<div>
<form action="./?action=list" method="POST">
<input type="hidden" name="search" value="true" />
<input placeholder=" INDUSTRY" type="text" size="15" name="kw" />
<select name="state" onchange='this.form.submit()'>
<option value=''>BY STATE</option>
<?php require('includes/stateselect.php'); ?>
</select>
<input type="submit" value="SEARCH">
</form>
</div>
<table>
<?php
$sql = 'SELECT * FROM db.table ';
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE \'%'.$_POST['kw'].'%\' ';
}
if ((isset($_POST['state'])) && (!empty($_POST['state']))){
$sql .=' WHERE `state` = \''.$_POST['state'].'\' ';
}
if ($result = mysqli_query($db, $sql)){
while ($row = mysqli_fetch_array($result)) {
echo '<tr><form method="POST" action="./?action=list">
<input type="hidden" name="id" value="'.$row['id'].'" />
<input type="hidden" name="update" value="true" />
<td>'.$row['kw'] .'</td><td>'. $row['state'].'</td>';
echo '<td>
<select name="move">
<option>--Fresh--</option>
<option value="dnc">DNC</option>
</select>';
echo '<input type="submit" value="submit">';
echo '</td></form></tr>';
}
}
?>
</table>
We want to be able to search for lawyers, then disposition them from the list as we call them, but retain our search results.
You can store the search term inside a session so that you can use that term multiple times in your form. Store the search term in the session like this,
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){\
$_SESSION['search_term] = $_POST['kw'];
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE
\'%'.$_POST['kw'].'%\' ';
}
You could try to re-set the kw as a hidden input within the second form to retain the search terms, like this :
<?php
if (isset($_POST['update']) && ($_POST['update'] == 'true')){
$sql = 'INSERT INTO table1 (columns,columns,columns)
SELECT columns,columns,columns
FROM table2 WHERE id = 1';
if (mysqli_query($db, $sql)) {}
}
?>
<div>
<form action="./?action=list" method="POST">
<input type="hidden" name="search" value="true" />
<input placeholder=" INDUSTRY" type="text" size="15" name="kw" />
<select name="state" onchange='this.form.submit()'>
<option value=''>BY STATE</option>
<?php require('includes/stateselect.php'); ?>
</select>
<input type="submit" value="SEARCH">
</form>
</div>
<table>
<?php
$sql = 'SELECT * FROM db.table ';
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE \'%'.$_POST['kw'].'%\' ';
}
if ((isset($_POST['state'])) && (!empty($_POST['state']))){
$sql .=' WHERE `state` = \''.$_POST['state'].'\' ';
}
if ($result = mysqli_query($db, $sql)){
while ($row = mysqli_fetch_array($result)) {
echo '<tr><form method="POST" action="./?action=list">
<input type="hidden" name="id" value="'.$row['id'].'" />
<input type="hidden" name="update" value="true" />
<td>'.$row['kw'] .'</td><td>'. $row['state'].'</td>';
echo '<td>
<select name="move">
<option>--Fresh--</option>
<option value="dnc">DNC</option>
</select>';
// added below blocks
if (!empty($_POST['kw'])){
echo '<input type="hidden" name="kw" value="'.$_POST['kw'].'" />';
// echo '<input type="hidden" name="search" value="true" />';
}
if (!empty($_POST['state'])){
echo '<input type="hidden" name="state" value="'.$_POST['state'].'" />';
}
echo '<input type="submit" value="submit">';
echo '</td></form></tr>';
}
}
?>
</table>
I created an auto populate multiple input fields based on the dropdown selection. My problem is the 2nd select box is not populating the corresponding input fields. I know this is wrong because the ID's are the same from select1 but how can I make it work? I need to create around 20 or more select dropdown and I can't figure out how to fix it.
<?php
$con = mysql_connect("localhost","root","");
if (!$con) { die('Could not connect: ' . mysql_error()); }
$db = mysql_select_db("pbiees") or die('Could not select DB: ' . mysql_error());
?>
<html>
<head>
<script type="text/javascript">
var compInfoArray = new Array();
<?php
$query1 = "SELECT * FROM subject ORDER BY course_id";
$result1 = mysql_query($query1) or die(mysql_error());
// build javascript array
while($row1=mysql_fetch_array($result1)){
echo 'compInfoArray['.$row1['subj_id'].'] = new Array();';
echo 'compInfoArray['.$row1['subj_id'].']["course_code"] = "'.$row1['course_code'].'";';
echo 'compInfoArray['.$row1['subj_id'].']["course_desc"] = "'.$row1['course_desc'].'";';
echo 'compInfoArray['.$row1['subj_id'].']["pr"] = "'.$row1['pr'].'";';
echo 'compInfoArray['.$row1['subj_id'].']["unit"] = "'.$row1['unit'].'";';
}
?>
function showname() {
var subj_id = document.form1.subj_id.value;
document.form1.course_code.value = compInfoArray[subj_id]["course_code"];
document.form1.course_desc.value = compInfoArray[subj_id]["course_desc"];
document.form1.pr.value = compInfoArray[subj_id]["pr"];
document.form1.unit.value = compInfoArray[subj_id]["unit"];
}
window.onload=function() {
showname();
}
</script>
</head>
<body>
<form name="form1">
<select name="subj_id" onchange="showname()">
<?php
$query1 = "SELECT * FROM subject ORDER BY course_id";
$result1 = mysql_query($query1) or die(mysql_error());
// build javascript array
while($row1=mysql_fetch_array($result1)){
echo '<option value="'.$row1['subj_id'].'">'.$row1['course_code'].'</option>';
}
?>
</select>
<label>
<input type="text" name="course_code" value="" />
<input type="text" name="course_desc" value="" />
<input type="text" name="pr" value="" />
<input type="text" name="unit" value="" />
</label>
<select name="subj_id" onchange="showname()">
<?php
$query1 = "SELECT * FROM subject ORDER BY course_id";
$result1 = mysql_query($query1) or die(mysql_error());
// build javascript array
while($row1=mysql_fetch_array($result1)){
echo '<option value="'.$row1['subj_id'].'">'.$row1['course_code'].'</option>';
}
?>
</select>
<label>
<input type="text" name="course_code" value="" />
<input type="text" name="course_desc" value="" />
<input type="text" name="pr" value="" />
<input type="text" name="unit" value="" />
</label>
</form>
</body>
<html>
Basically I have a table with data, and I have a form with boxes and stuff, and what I am trying to do is when the I click on the next or previous button, it will take the next record from the database. I can do the first and the last record, but I cant manage to figure the in between. this what I have.
$sql="SELECT * FROM Emails where ID > 1 ORDER BY UserEmail LIMIT 1";
if ($result=mysqli_query($connection,$sql))
{
// Return the number of rows in result set
$rowcount=mysqli_num_rows($result);
while( $row = mysqli_fetch_array( $result ) )
{
$Email_Field = $row['UserEmail']; //primary key
$Name_Field = $row['UserName'];
$UserTel = $row['UserTel'];
$Drop_Down = $row['Drop_down'];
$MessageType = $row['MessageType'];
$Comments = $row['Comments'];
$SubjectOther = $row['SubjectOther'];
$Check = $row['Request'];
}
<form method="POST" action="Controller_leads.php">
<p><strong>What kind of comment would you like to send?</strong></p>
<input type="radio" <?php if ($MessageType == "Complaint") echo "checked"; ?> name="MessageType" value="Complaint">Complaint
<input type="radio" <?php if ($MessageType == "Problem") echo "checked"; ?> name="MessageType" value="Problem">Problem
<input type="radio" <?php if ($MessageType == "Suggestion") echo "checked"; ?> name="MessageType" value="Suggestion">Suggestion
<br>
<p><strong>What about us do you want to comment on?</strong></p>
<select name="Drop_Down" size="1">
<option value ="Web Site" <?php if ($Drop_Down == "Web Site") echo selected ?>>Web Site</option>
<option value ="Office Hours" <?php if ($Drop_Down == "Office hours") echo selected ?>>Office Hours</option>
<option value ="Pamphlet" <?php if ($Drop_Down == "Pamphlet") echo selected ?>>Pamphlet</option>
</select>
Other: <input type="text" size="26" maxlength="256" name="SubjectOther" value="<?php echo $SubjectOther ?>">
<p><strong>Enter your comments in the space provided below:</strong></p>
<textarea name="Comments" rows="5" cols="42"><?php echo $Comments;?></textarea><br><br>
<strong>Tell us how to get in touch with you:</strong><br><br>
<table>
<tr><td width="45"> Name </td> <td><input type="text" size="35" maxlength="256" name="UserName" value="<?php echo $Name_Field ?> "></td></tr>
<tr><td width="45"> E-mail </td> <td><input type="text" size="35" maxlength="256" name="UserEmail" value="<?php echo $Email_Field ?>"></td></tr>
<tr><td width="45"> Telephone</td> <td><input type="text" size="35" maxlength="256" name="UserTel" value="<?php echo $UserTel ?>"></td></tr>
</table>
<br>
<input type="checkbox" name="Check" <?php if ($Check == "Contact Requested") echo checked; ?> value="Contact Requested">Please contact me as soon as possible regarding this matter
<br><br>
<input type="submit" value="First" name="first">
<input type="submit" value="Next" name="next">
<input type="submit" value="Previous" name="previous">
<input type="submit" value="Last" name="last"> code here
Try adding an offset to the query. On each next click add one to $offset, on each previous, subtract one from offset. Then, include offset in the query like this:
# get the current offset
# initial value
$offset = 1;
# if we have an offset from a previous or next click, use that
if (isset($_POST['offset'])) {
# validate this input to protect against sql injection
if (is_int($_POST['offset'])) {
$offset = $_POST['offset'];
}
# now that we have our current value, see if we need to get the next or previous
if ($_POST['submit']=="Next") {
# next, add one offset
$offset++;
} else if ($_POST['submit']=="Previous") {
# previous, go back one if we are greater than one
if ($offset > 1) {
$offset--;
}
}
}
# query time, give me one result (LIMIT 1), staring at record $offset
$sql = "select SELECT * FROM Emails where UserEmail > 1
ORDER BY UserEmail LIMIT 1, $offset";
In your form add this:
<input type="hidden" name="offset" value="<?php echo $offset; ?>">
On a different note, UserEmail > 1 seems weird, but I don't know your data.
I'm trying to use this search for searching more than one words or single word at a time from a database. Now the problem is that my script only running properly but please help me...
<form name="ds" method="post">
<input type="text" name="name" placeholder="Entername" />
<!--<input type="text" name="search" placeholder="Location" />-->
<select name="location[]" multiple="multiple">
<option value="delhi">Delhi</option>
<option value="Mumbai">Mumbai</option></select>
<input type="submit" name="submit" value="Search" />
</form>
<?
$conn=mysql_connect("localhost","root","");
mysql_select_db("dbrozgarexpress",$conn);
echo $search =$_POST['location'];
$description = "";
$name2=$_POST['name'];
if(isset($name2)&&$name2 != ""){
if($flag){
$cheack.= "AND ";
}
$cheack.="user_first_name ='$name2' ";
$flag =true;
}
if(isset($search)&&$search != ""){
if($flag){
$cheack.= "AND ";
}
foreach($search AS $s)
{
$cheack.="user_current_location_id ='$s' or ";
$flag =true;
}
}
$cheack = substr($cheack, 0, -4);
echo $query = "SELECT * FROM `tb_user` WHERE $cheack ";
?>
error SELECT * FROM `tb_user` WHERE user_first_name ='kum
I think I have a general idea of what you are after.
P.S. the query will only show after you submit the form - i.e. after you click search button
Try this:
<?php
// Handle Post
if (count($_POST))
{
// Load Params
$name = isset($_POST['name']) ? $_POST['name'] : '';
$locations = isset($_POST['location']) ? $_POST['location'] : array();
// Start Query
$sql = 'SELECT * FROM `tb_user` WHERE ';
// Build Query
$sql_parts = array();
if (!empty($name)) {
$sql_parts[] = "`user_first_name` = '$name'";
}
if (sizeof($locations)) {
foreach ($locations as $location) {
$sql_parts[] = "`user_current_location_id` = '$location'";
}
}
$sql = $sql . implode(' AND ', $sql_parts);
// Debug
echo $sql ."<br><br>";
}
?>
<form action="" name="ds" method="post">
<input type="text" name="name" placeholder="Entername" />
<select name="location[]" multiple="multiple">
<option value="delhi">Delhi</option>
<option value="Mumbai">Mumbai</option></select>
<input type="submit" name="submit" value="Search" />
</form>
Here's an example of this working:
No location selected, name only
name and one location
name and two location
I'm trying to build a page where my users can paste in multiple item #s for that product and it will give them the parent model # for that particular item, where items are given individual identifiers.
However, my users paste there information into the textboxs, but it doesn't pull anything up. When I had one value to search it was able to find the items. My table structure is very simple.Fcsku varchar(45), fnsku varchar(45), updated time(45 are not important to this function).
Here is my query Updated:
<form action="" method="get">
Paste your ZZZ's here: <br><input type="text" name="item" id="textbox"/><br>
<input type="text" name="item2" id="textbox2"/>
<script>document.getElementById('textbox').focus()</script><br />
<input type="submit" value="Submit"/>
</form>
<?php
if (!empty($_REQUEST['item'])) {
$item = mysql_real_escape_string($_REQUEST['item']);
$item2 = mysql_real_escape_string($_REQUEST['item2']);
$sql = "select * from oak3_zzz_to_boo WHERE fcsku like '%".$item."%' or fcsku like '%".$item2."%'";
$r_query = mysql_query($sql);
while ($row = mysql_fetch_array($r_query)) {
echo "<font color=red size=7>";
echo '<center><br /> Parent ASIN: '.$row['fnsku'];
echo "</center></font>";
echo "<br><br><br><br><br>";
}
}
?>
This worked at my server:
<form action="" method="post">
Paste your ZZZ's here:<br />
<input type="text" name="item" id="textbox" /><br />
<input type="text" name="item2" id="textbox2"/><br />
<input type="submit" value="Submit" name="submit"/>
<script>document.getElementById('textbox').focus()</script>
</form>
<?php
if (isset($_POST['submit'])) {
$item = mysql_real_escape_string('%'.$_POST['item'].'%');
$item2 = mysql_real_escape_string('%'.$_POST['item2'].'%');
$sql = "SELECT * FROM oak3_zzz_to_boo WHERE fcsku LIKE '" . $item . "' OR fcsku LIKE '" . $item2 . "'";
$r_query = mysql_query($sql);
while ($row = mysql_fetch_assoc($r_query)) {
echo "<font color=red size=7>";
echo '<center><br />Parent ASIN: ' . $row['fnsku'];
echo "</center></font>";
echo "<br /><br /><br /><br /><br />";
}
}
?>