I am trying to do a php search into mySQL database. the following code works funny, it detect very well when I only entered 3 letter..eg i have a product name 'deepbluehealth omega' if i type 'ome' it picked up, if i type 'ega' it picked up, if i type 'omega' no result shown, also if i type 'deepbluehealth' it pick up no problem.
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$search_output = "";
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
$searchquery = $_POST['searchquery'];
if($_POST['filter1'] == "Whole Site"){
$sqlCommand = "(SELECT id, product_name FROM products WHERE product_name LIKE '%$searchquery%' OR details LIKE '%$searchquery%') ";
}
require_once("storescripts/connect_to_mysqli.php");
$query = mysqli_query($myConnection,$sqlCommand) or die(mysqli_error($myConnection));
$count = mysqli_num_rows($query);
if($count > 1){
$search_output .= "<hr />$count results for <strong>$searchquery</strong><hr />$sqlCommand<hr />";
while($row = mysqli_fetch_array($query)){
$id=$row["id"];
$product_name = $row["product_name"];
$details= $row["details"];
$category=$row["category"];
$subcategory=$row["subcategory"];
$search_output .= "ID: $id <br/> Name: $product_name -<br/>$details<br />$category<br/>$subcategory<br/>
<a href='product.php?id=$id'>link</a><br/>
";
} // close while
} else {
$search_output = "<hr />0 results for <strong>$searchquery</strong><hr />$sqlCommand";
}
}
?>
<html>
<head>
</head>
<body>
<h2>Search the Exercise Tables</h2>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Search For:
<input name="searchquery" type="text" size="44" maxlength="88">
Within:
<select name="filter1">
<option value="Whole Site">Whole Site</option>
</select>
<input name="myBtn" type="submit">
<br />
</form>
<div>
<?php echo $search_output; ?>
</div>
</body>
</html>
Here's your problem:
if($count > 1){
This needs to be:
if($count > 0){
To account for the case where there is exactly one result. Probably this is the only product that matched "omega" but in every other case, another product happened to match.
Nice random feature which I can not explain on the basis of the code only, could you give us the table structure / with indexes and some example data?
Extra tips
Don't use $_SERVER['PHP_SELF'] if you want to post to the same page because off the cross side scripting attacks that could happen now, or should use
<form action="" method="post">
Yes you should leave the action empty
And
Run $search_output when you echo through the function htmlentities to countermeasue against to most cross side scripting attacks.
Related
I am quite new to PHP and have been following tutorials and notes so far and have run into a problem.The goal is to create an e-commerce website. One function must be to search the database and display products which I can do. These results must then be able to be sorted (by price/name etc.) I can sort the products however I cannot sort the results f the search as I lose the searched term when reloading. Any help on fixing this or improving the work would be fantastic.
Here is what I have so far..
<div id = "form">
<form action="search3.php" method="get" enctype="multipart/form-data">
Search: <input type="text" name="term" /><br />
<input type="submit" name = "search" value="Submit" />
</form>
</div>
The form above stores "term" the searched term.
<?php
$term = pg_escape_string($_REQUEST['term']);?>
<p>You Searched for:</p><?php Print $term; ?>
<br><br>
Sort by
<form method=get style="display: inline;" name='orderby_form'>
<input type=hidden name='param1' value="<?php print $param1; ?>">
<input type=hidden name='param2' value="<?php print $param2; ?>">
<select name=orderby onChange="orderby_form.submit();">
<option value='none'>v-v-v</option>
<option value='title'>Title</option>
<option value='price_asc'>Price (Low - High)</option>
<option value='price_desc'>Price (High - Low)</option>
</select>
</form>
This gives options on how the user wants to sort the data
<?php
$selected = array();
$orderby = $_GET['orderby'];
if(!$orderby)
{ $orderby = ''; }
if($orderby == 'price_asc')
{
$orderby_query = "order by price asc";
}
else if($orderby == 'price_desc')
{
$orderby_query = "order by price desc";
}
else if($orderby == 'title')
{
$orderby_query = "order by title";
}
else { unset($orderby); }
// If $orderby was valid set the selected sort option for the form.
if($orderby)
{
$selected[$orderby] = 'selected';
}
// Now run your SQL query with the $orderby_query variable. Ex:
$query = "SELECT * FROM products WHERE (title LIKE '%$term%' OR description LIKE '%$term%') $orderby_query";
// SQL code goes here..
$result = pg_query($query);
if(pg_num_rows($result) == 0) {
echo "No records found";
}
else{
while ($row = pg_fetch_assoc($result)) {
?>
After the final bit here I just print the results into tables
These two pictures show the search results.
The first prints all products with "bass" in the title/description and is unsorted.
http://oi61.tinypic.com/28clzqs.jpg
The second is when I sort the data.The search 'term' is lost and ALL products become sorted.
http://oi59.tinypic.com/34g39tu.jpg
Simple enough work around. Thanks to Sean for showing me.
"add your $term to the 2nd form"
Which is
<input type=hidden name='param2' value="<?php print $param2; ?>">
//Added -VV-
<input type=hidden name='term' value="<?php print $term; ?>">
Works perfectly well now.
[FIXED]
I fixed my problem. As suggested by Fred -ii- I visited this Q&A on SO. I saw he used checkboxes which to seems much more useful than buttons since you can take multiple objects out at a time. Also he attached the id of the object to the button like so just like Subin suggested as well.
<form action="" method='POST'>
<input style='display:block; margin:0 auto;'type='submit' name='delete_button' value='<?php echo row['id']; ?>'/>
</form>
Here is the fixed code. I am now able to delete the boxes individually. Thank you for all the suggestions. I am now using mysqli as well.
$query = mysqli_query($connect, "SELECT * FROM shouts ORDER BY `id` DESC LIMIT 5") or die('<p id="formbox" style="text-align:center;">There was an unexpected error grabbing news from the database</p>');
while ($row = mysqli_fetch_array($query)) {
$title2 = $row['title'];
$post2 = $row['post'];
$date2 = $row['date'];
$author = $row['author'];
echo '<div class="news-title"><b style="float:left;">'.$author.'</b><b style="text-align:center; color:green;">'.$title2.'</b>'.$date2.'</div>';
echo '<div class="news-body">'.$post2.'</div>';
if (isset($_SESSION['username']) && ($_SESSION['level'] >= 3 || $_SESSION['group'] == 'Admin')) {
?>
<form action="" method='POST'>
<input style='display:block; margin:0 auto;'type='submit' name='delete_button[]' value="<?php echo $row['id']; ?>"/>
</form>
<?php
}
echo '<br>';
}
if(isset($_POST['delete_button'])) {
$boxid = $_POST['delete_button'];
for($i=0;$i<count($boxid);$i++){
$del_id = $boxid[$i];
mysqli_query($connect, "DELETE FROM `shoutbox`.`shouts` WHERE `shouts`.`id` = '$del_id'") or die('<p id="formbox" style="text-align:center;">There was an unexpected error deleting the post from the database</p>');
}
}
[QUESTION]
So currently I've been working on a website just for my learning purposes and Google thus far has been good help. Although, I can't seem to figure this problem out. I have a "news feed"
http://i.stack.imgur.com/oieXJ.png
it doesn't let me post images but its the only visual idea that I can give. Unless you want to visit my main page http://yuriah.net the news feed is just there without the delete buttons of course.
I want to add a "delete" button to each post so that I can delete each of them individually when I want. I am having problems with the current code im using. It deletes all of them from the database but I only want to delete the "post" that I click delete. Here is my source:
$query = mysql_query("SELECT * FROM shouts ORDER BY `id` DESC LIMIT 5") or die('<p id="formbox" style="text-align:center;">There was an unexpected error grabbing news from the database</p>');
while ($row = mysql_fetch_array($query)) {
$title2 = $row['title'];
$post2 = $row['post'];
$date2 = $row['date'];
$author = $row['author'];
$boxid = $row['id'];
echo '<div class="news-title"><b style="float:left;">'.$author.'</b><b style="text-align:center; color:green;">'.$title2.'</b>'.$date2.'</div>';
echo '<div class="news-body">'.$post2.'</div>';
if ($_SESSION['level'] > 3 || $_SESSION['group'] == 'Admin' || $_SESSION['group'] == 'Owner') {
?>
<form action="" method='post'>
<input style='display:block; margin:0 auto;'type='submit' name='delete_button' value='Delete' />
</form>
<?php
if(isset($_POST['delete_button'])) {
$con = mysql_query("DELETE FROM `shoutbox`.`shouts` WHERE `shouts`.`id` = '$boxid'") or die('<p id="formbox" style="text-align:center;">There was an unexpected error deleting the post from the database</p>');
header('refresh:1; url=/');
mysql_close($con);
}
}
echo '<br>';
}
I am fairly new at PHP HTML CSS MYSQL etc. I am open to all suggestions and comments. Any help will be appreciated thank you.
First you are selecting several rows:
mysql_query("SELECT * FROM shouts ORDER BY `id` DESC LIMIT 5")
Then you're grabbing an array for each row
while ($row = mysql_fetch_array($query)) {
Then setting the boxid for that row, and then running a delete query inside the loop for that row, where your WHERE clause looks for that boxid.
So, given this code flow you will ALWAYS delete all rows from the table.
mysql_query("DELETE FROM `shoutbox`.`shouts` WHERE `shouts`.`id` = '$boxid'")
Now, the real question becomes, how does one fix this?
In your select statement, just add a where clause that only returns the row with the boxid or whatever id you actually need so that just one row is returned (or exactly the rows to be deleted) are returned
"SELECT FROM `shoutbox`.`shouts` WHERE `shouts`.`id` = '$someSortOfID'"
Additionally, mysql_* is deprecated, so please see the following documentation on how to "upgrade" as it were to mysqli, the new standard.
I don't recommend you to use depreciated mysql_* function at all !!!!!
What you need to do is change the input value to row id :
<form action="" method='POST'>
<input style='display:block; margin:0 auto;'type='submit' name='delete_button' value='<?echo$boxid;?>' />
</form>
Then move the whole code that conatins in if(isset($_POST['delete_button'])) outside the while loop and the whole code will be :
<?php
$query = mysql_query("SELECT * FROM shouts ORDER BY `id` DESC LIMIT 5") or die('<p id="formbox" style="text-align:center;">There was an unexpected error grabbing news from the database</p>');
while ($row = mysql_fetch_array($query)) {
$title2 = $row['title'];
$post2 = $row['post'];
$date2 = $row['date'];
$author = $row['author'];
$boxid = $row['id'];
echo '<div class="news-title"><b style="float:left;">'.$author.'</b><b style="text-align:center; color:green;">'.$title2.'</b>'.$date2.'</div>';
echo '<div class="news-body">'.$post2.'</div>';
if ($_SESSION['level'] > 3 || $_SESSION['group'] == 'Admin' || $_SESSION['group'] == 'Owner') {
?>
<form action="" method='post'>
<input style='display:block; margin:0 auto;'type='submit' name='delete_button' value='<?echo$boxid;?>' />
</form>
<?php
}
echo '<br>';
}
if(isset($_POST['delete_button'])) {
$boxid = $_POST['delete_button'];
$con = mysql_query("DELETE FROM `shoutbox`.`shouts` WHERE `shouts`.`id` = '$boxid'") or die('<p id="formbox" style="text-align:center;">There was an unexpected error deleting the post from the database</p>');
header('Location: http://'.$_SERVER['HTTP_HOST']);
mysql_close($con);
}
?>
Alright, so I've been working on this for two days now - my code is somewhat sloppy & jumbled but I've gone over hundreds of questions, websites, etc. etc. looking for an answer or simply an explanation I understood; unfortunately, I still have been unsuccessful in my attempts.
I am build a "Quiz" Game in PHP/HTML - the website references a database, specifically, a tabled labeled "answers" which holds the following information:
- ID: Auto-Increment
- Question: Varchar
- Answer: Varchar
- Comment: Varchar
Now, for a little information on the site - Once a user logs in, he/she can "play" the game; the game is simply an HTML form, which above it displays a random "answers table" question. The form has 4 user inputs but only requires two. Let me get into the code details and then I will ask my question:
My index.php page (which contains the game form) is currently:
<?php # index.php
session_start();
//check session first
if (!isset($_SESSION['email'])){
include ('../includes/header.php');
}else
{
session_start();
include ('../includes/header.php');
require_once ('../../mysql_connect.php');
$query = "SELECT * FROM answers ORDER BY RAND() LIMIT 1";
$result = #mysql_query ($query);
$num = mysql_num_rows($result);
if ($num > 0) { // If it ran OK, display all the records.
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
?>
<div class="newGame">
<h2>Are you a Question Master?<hr /></h2>
<h3 style="color:#000">Find Out Now!</h3>
</div>
<br />
<div class="newGameContain">
<form action="gameSubmit.php" method="post" autocomplete="off">
<h2><? echo $row["Question"]."<hr />"; ?></h2>
<h3>Enter Player Answers</h3>
<p><input type="text" placeholder="Player 1" name="player1" value="<? echo $_POST['player1']; ?>" /> <input type="text" placeholder="Player 2" name="player2" value="<? echo $_POST['player2']; ?>" /></p>
<p><input type="text" placeholder="Player 3" name="player3" value="<? echo $_POST['player3']; ?>" /> <input type="text" placeholder="Player 4" name="player4" value="<? echo $_POST['player4']; ?>" /></p>
<p><input type="submit" class="submitButton" /> <input type="reset" class="resetButton" value="Reset" /> </p>
<input type="hidden" name="ID" value="<?php echo $row["ID"]; ?>" />
<input type="hidden" name"Answer" value="<?php echo $row['Answer']; ?>" />
<input type="hidden" name="submitted" value="TRUE" />
</form>
<p></p>
</div>
<br />
<?php
} //end while statement
} //end if statement
mysql_close();
//include the footer
include ("../includes/footer.php");
}
?>
Then my gameSubmit.php page (form action) looks like this - I will only give a snapshot, not the whole thing:
<?php # index.php
session_start();
//check session first
if (!isset($_SESSION['email'])){
include ('../includes/header.php');
}else
{
session_start();
include ('../includes/header.php');
require_once ('../../mysql_connect.php');
$query = "SELECT * FROM answers ORDER BY RAND() LIMIT 1";
$result = #mysql_query ($query);
$num = mysql_num_rows($result);
if ($num > 0) { // If it ran OK, display all the records.
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
?>
<? if (isset($_POST['submitted'])){
$correct1Msg = "<div class='correct1Msg'><p style='color:#000;font-family:Arial, Helvetica, sans-serif;'>Player 1 entered the <span id='answerUnder'>correct answer</span>.</p></div><p></p>";
$correct2Msg = "<div class='correct2Msg'><p style='color:#000;font-family:Arial, Helvetica, sans-serif;'>Player 2 entered the <span id='answerUnder'>correct answer</span>.</p></div><p></p>";
$incorrect1Msg = "<div class='incorrect1Msg'><p style='color:#F00;font-family:Arial, Helvetica, sans-serif;'>Player 1 entered the <span id='answerUnder'>incorrect answer</span>.</p></div><p></p>";
$incorrect2Msg = "<div class='incorrect2Msg'><p style='color:#F00;font-family:Arial, Helvetica, sans-serif;'>Player 2 entered the <span id='answerUnder'>incorrect answer</span>.</p></div><p></p>";
$player1Answer = $_POST['player1'];
$player2Answer = $_POST['player2'];
$player3Answer = $_POST['player3'];
$player4Answer = $_POST['player4'];
$questionID = $row['ID'];
if ($questionID == "1" && $player1Answer != "Red"){
echo $incorrect1Msg;
}elseif ($questionID == "2" && $player1Answer != "4"){
echo $incorrect1Msg;
}else {
echo $correct1Msg;
}
if ($questionID == "1" && $player2Answer == "Red"){
echo $correct2Msg;
}elseif ($questionID == "2" && $player2Answer == "4"){
echo $correct2Msg;
}else{
echo $incorrect2Msg;
}
}
?>
<?php
} //end while statement
} //end if statement
mysql_close();
//include the footer
include ("../includes/footer.php");
}
?>
As a note, the gameSubmit.php page also has identical message and if...elseif... statements for player3Answer & player4Answer.
So my question is...
If a user is logged in and opens the index.php page, he/she is prompted with the "echo $row ["Question"]" (which is a question pulled from the MySQL database using $query = "SELECT * FROM answers ORDER BY RAND() LIMIT 1"; - The user then proceeds to enter an answer in each player's respective text input. Once the user clicks the submit button, the form redirects to gameSubmit.php - once loaded, if(isset($_POST['submitted'])){ launches and cross checks each users answer and displays the respective message.
Currently, my form redirects to gameSubmit.php, however, it doesn't reference the previous question for the correct answer - thus its sheer luck the identical answer appears when "grading" the answers.
What do I need to do/what needs to be corrected in order to achieve input validation on the form action page?
Once again, I simply want to retrieve a question at random and on submit check the inputted answers with the correct answer - I would also like my code to be able to retrieve the correct answer rather than me having to type out each answer, so that way, if a record gets added, I dont have to update the code.
Thank for your time and the help, it is much appreciated! (It's finals week and I couldn't be more stressed)
Rockmandew
Just pass a POST element from index page to gameSubmit.php with the question id.
Add a hidden element in index page like..
<input type="hidden" name="questionId" value="<?php echo $row['id']; ?>">
So, You can get the question id in pageSubmit.php using $_POST['questionId']
why when i try to search mysql database, it shows 0 result? i altered the table into FULLTEXT etc properly. What am I missing? I have put the very basic search exercise code down here. I want to search into my table 'products' and extract the details from there. but no luck
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$search_output = "";
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
$searchquery = preg_replace('#[^a-z 0-9?!]#i', '', $_POST['searchquery']);
if($_POST['filter1'] == "Whole Site"){
$sqlCommand = "SELECT product_name AS name, details AS details FROM products WHERE MATCH (product_name ,details) AGAINST ('$searchquery' IN BOOLEAN MODE)";
}
require_once("storescripts/connect_to_mysqli.php");
$query = mysqli_query($myConnection,$sqlCommand) or die(mysqli_error($myConnection));
$count = mysqli_num_rows($query);
if($count > 1){
$search_output .= "<hr />$count results for <strong>$searchquery</strong><hr />$sqlCommand<hr />";
while($row = mysqli_fetch_array($query)){
$name = $row["name"];
$details= $row["details"];
$search_output .= "Name: '.$name.' - '.$details.'<br />";
} // close while
} else {
$search_output = "<hr />0 results for <strong>$searchquery</strong><hr />$sqlCommand";
}
}
?>
<html>
<head>
</head>
<body>
<h2>Search the Exercise Tables</h2>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Search For:
<input name="searchquery" type="text" size="44" maxlength="88">
Within:
<select name="filter1">
<option value="Whole Site">Whole Site</option>
</select>
<input name="myBtn" type="submit">
<br />
</form>
<div>
<?php echo $search_output; ?>
</div>
</body>
</html>
Change this:
$sqlCommand = "SELECT product_name AS name, details AS details FROM products WHERE MATCH (product_name ,details) AGAINST ('".$searchquery."' IN BOOLEAN MODE)";
i have changed
AGAINST ('$searchquery' IN
to
AGAINST ('".$searchquery."' IN
Problem is there with your if part as:
replace your current :
if($_POST['filter1'] == "Whole Site")
{
$sqlCommand = "SELECT product_name AS name, details AS details FROM products WHERE MATCH (product_name ,details) AGAINST ({$searchquery} IN BOOLEAN MODE)";
}
In case it couldnt get to query due to if statement add:
else {
echo "No seqrch query found";
}
hope it works now
Can someone have a look at my code Ive finally got working after 2 days and lots of help from here - thank you!
There are a few tweaks i would like to do on it -
for the transaction ID, if i search for any letter in the transaction id, i am shown records - I only want it to show me a record if the FULL transaction ID has been entered and matches the record in the database. Transaction id example: 87K07228GD157974M
if you want to retrieve your code, you must type in your name, email and transaction date, this works perfect BUT the time is also included with the date but i don't want anyone to have to enter the time as well ONLY the date i.e.....
you currently have to enter: 2013-03-07 01:39:23 - but i want to enter in the format of DD/MM/YY - is this possible?
I also don't know if the code is secure also, any advice would be appreciated.
Thanks,
here is the code:
findme.html
<html>
<head>
<title>Search</title>
</head>
<body bgcolor=#ffffff>
<h2>Search Transaction ID</h2>
<form name="search" method="post" action="findme.php">
Seach for: <input type="text" name="find" />
<input type="submit" name="search" value="Search" />
</form>
OR
<h2>Search Name, E-Mail & Transaction Date</h2>
<form name="search" method="post" action="findme1.php">
Full Name (on paypal account) <input type="text" name="name" /> <br><br>
Paypal E-Mail Address <input type="text" name="email" /> <br><br>
Transaction Date - DD/MM/YY <input type="text" name="date" />
<input type="submit" name="search" value="Search" /><br><br>
If searching via Name, E-Mail & Transaction date, all fields must be completed to obtain your code.
</form>
</body>
</html>
findme.php
<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>
<?php
echo "<h2>Search Results:</h2><p>";
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term!!!";
exit;
}
// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password!") or die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());
// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");
//And we display the results
while($result = mysql_fetch_array( $iname ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " ";
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): </b> " .$find;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($iname);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the correct details have been entered...<br><br>";
}
?>
</body>
</html>
findme1.php
<html>
<head><title>Searching for a student...</title>
</head>
<body bgcolor=#ffffff>
<?php
echo "<h2>Search Results:</h2><p>";
//If they did not enter a search term we give them an error
if ($name == "")
if ($email == "")
{
echo "<p>Please enter Full Name, E-Mail Address & Transaction Date EXACTLY how they appear on your PayPal Account...";
exit;
}
// Otherwise we connect to our Database
mysql_connect("location.com", "ipn", "password") or die(mysql_error());
mysql_select_db("ipn") or die(mysql_error());
// We perform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$name = mysql_query("SELECT * FROM ibn_table WHERE iemail = '$email' AND iname = '$name' AND itransaction_date = '$date'");
//And we display the results
while($result = mysql_fetch_array( $name ))
{
echo "<b>Name: </b>";
echo $result['iname'];
echo " ";
echo "<br>";
echo "<b>E-mail: </b>";
echo $result['iemail'];
echo "<br>";
echo "<b>Transaction Date: </b>";
echo $result['itransaction_date'];
echo "<br>";
//And we remind them what they searched for
echo "<b>Search Term </b>(Transaction ID): " .$name;
//}
echo "<br>";
echo "<br>";
echo "<b>Login Code: </b>";
echo $result['ipaymentstatus'];
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($name);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your search, please make sure the correct details have been entered...<br><br>";
}
?>
</body>
</html>
Fields in my database are:
iname
iemail
itransaction_id
ipaymentstatus
itransaction_date
Thanks!
As stated in comment for transaction ID you have :
$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id LIKE '%$find%'");
what LIKE with %$find% does is match any part from transaction ID with $find that is why you get results with single letter. Change that to :
$iname = mysql_query("SELECT * FROM ibn_table WHERE itransaction_id = '$find'");
for date issue you can decide what to take from user like you stated date then for example :
if you take :
$date = "12-11-2012"; //(dd-mm-yyyy)
$split = explode("-", $date);
then you can use this to generate SQL date/time format :
$sql_date = date("Y-m-d h:i:s", mktime(0, 0, 0, (int) $split[1], (int) $split[0], (int) $split[2]))
and in sql query :
transaction_date LIKE '$sql_date%'
And at last don't use mysql_* it is deprecated. Instead use mysqli.