Select all if text box is empty - php

I have five textboxes which are associated with its own field from the my sql database. What I want to do is fetch data from the mysql database depending on what the user has entered in the text box. The problem is that if a text box is empty, it outputs no record as that the textbox is trying to post '' as a piece of data. How can I implement it so that if a textbox is empty, it will look for all (or any data) in that field. E.g if SessionID textbox is empty, then select all sessionID's. Below is my current coding:
<body>
<form action="exam_interface.php" method="post" name="sessionform"> <!-- This will post the form to its own page"-->
<p>Session ID: <input type="text" name="sessionid" /></p> <!-- Enter Session Id here-->
<p>Module Number: <input type="text" name="moduleid" /></p> <!-- Enter Module Id here-->
<p>Teacher Username: <input type="text" name="teacherid" /></p> <!-- Enter Teacher here-->
<p>Student Username: <input type="text" name="studentid" /></p> <!-- Enter User Id here-->
<p>Grade: <input type="text" name="grade" /></p> <!-- Enter Grade here-->
<p><input type="submit" value="Submit" /></p>
</form>
<?php
$username="u0867587";
$password="31may90";
$database="mobile_app";
$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];
mysql_connect('localhost',$username,$password);
#mysql_select_db($database) or die("Unable to select database");
$result = mysql_query("SELECT * FROM Module m INNER JOIN Session s ON m.ModuleId = s.ModuleId JOIN Grade_Report gr ON s.SessionId = gr.SessionId JOIN Student st ON gr.StudentId = st.StudentId WHERE gr.SessionId = '$sessionid' AND m.ModuleId = '$moduleid' AND s.TeacherId = '$teacherid' AND gr.StudentId = '$studentid' AND gr.Grade = '$grade'");
$num=mysql_numrows($result);
echo "<table border='1'>
<tr>
<th>Student Id</th>
<th>Forename</th>
<th>Session Id</th>
<th>Grade</th>
<th>Mark</th>
<th>Module</th>
<th>Teacher</th>
</tr>";
while ($row = mysql_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['StudentId'] . "</td>";
echo "<td>" . $row['Forename'] . "</td>";
echo "<td>" . $row['SessionId'] . "</td>";
echo "<td>" . $row['Grade'] . "</td>";
echo "<td>" . $row['Mark'] . "</td>";
echo "<td>" . $row['ModuleName'] . "</td>";
echo "<td>" . $row['TeacherId'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close();
?>
Thank You


The simplest way would be to build the WHERE part of the query dynamically based on what has been submitted, this way if the field in question is empty, that part of the where statement wouldn't exist.
Take this example, that has two possible inputs $_POST['foo'] and $_POST['bar']:
<?php
//bind vars to be used in filtering - if blank they are false
$foo = (!empty($_POST['foo']) ? mysql_real_escape_string($_POST['foo']) : false);
$bar = (!empty($_POST['bar']) ? mysql_real_escape_string($_POST['bar']) : false);
//base query: 1=1 will always be true and not filter anything
$query = "SELECT * FROM `my_table` WHERE 1=1"
if($foo){
$query.=" AND `foo` = ".$foo);
}
if($bar)
{
$query.=" AND `bar` = ".$bar;
}
$r = mysql_query($query);
?>


if you want a lazy solution so that you don't create the query one field at a time you can just add this:
foreach ($_POST as $key=>$value)
{
if (empty($value))
{
$_POST[$key] = '%';
}
}
before the block where you get the data from post and replace every equal sign (=) after the where in your query with the keywork LIKE
but the recommended solution would be the one that picus gave you with the note that you should filter the user input and escape it when you use it in the query


You want to Short circuit the logic if the entered value is empty e.g:
when you build your where for each predicate, rather than
AND m.ModuleId = '$moduleid'
use
AND ('$moduleid' = '' OR m.ModuleId = '$moduleid')
this should short circuit the column = value check


Build your query dynamically, and do not add empty variables to the WHERE clause of the query:
<?php
// Map database attributes to POST variables
$postVars = array(
'gr.SessionId' => 'sessionid',
'm.ModuleId' => 'moduleid',
's.TeacherId' => 'teacherid',
'gr.StudentId' => 'studentid',
'gr.Grade' => 'grade'
);
// Determine the parts of the WHERE clause
$whereParts = array();
foreach ($postVars as $attributeName => $postVar) {
if (isset($_POST[$postVar]) && !empty($_POST[$postVar])) {
$whereParts[] = $attributeName . " = " . mysql_real_escape_string($_POST[$postVar]);
}
}
// Create the WHERE clause if there are parts
$whereClause = "";
if (! empty($whereParts)) {
$whereClause = " WHERE " . implode(" AND ", $whereParts);
}
// Construct the complete query
$query = "SELECT * FROM table" . $whereClause;
EDIT:
Added a mapping from database attribute names to POST variable names, because these are not equal in the provided code in the question.

Related

search database with php (new to php)

I am brand new to php and I am trying to teach myself to code. I am hoping that someone here can help a newb out. I have a database with 300 client records in it. I am using the following code to access the database. It works great but I am having two issues that I cannot seem to fix.
1) not all clients have a middle name listed and when the middle name field is blank it adds a
2) all 300 client records display at once. Is there a way I can set it to display only 1 to a max of 10 records at a time and use next previous buttons?
additionally, is there a way to search the database? for example a box, and I enter john in it and click search and it returns all records with John? If there is a video or walkthrough that is detailed enough I can figure it out if no one is able to provide me with the code.
Thank you in advance for the help.
<html>
<head>
</head>
<body>
<?php
$con = mysql_connect("localhost", "root", "");
if (!$con) {
die("can not connect: " . mysql_error());
}
mysql_select_db ("new_concepts" ,$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE clients SET ClientID='$_POST[ClientID]', FirstName='$_POST[FirstName]', MiddleName='$_POST[MiddleName]', LastName='$_POST[LastName]', Diagnosis='$_POST[Diagnosis]', Gender='$_POST[Gender]', LevelCare='$_POST[LevelCare]', Counselor='$_POST[Counselor]' WHERE ClientID='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM clients WHERE ClientID='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO clients (ClientID, FirstName, MiddleName, LastName, Diagnosis, Gender, LevelCare, Counselor) VALUES ('$_POST[uclientid]','$_POST[ufirstname]','$_POST[umiddlename]','$_POST[ulastname]','$_POST[udiagnosis]','$_POST[ugender]','$_POST[ulevelcare]','$_POST[ucounselor]')";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM clients";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>First Name</th>
<th>Middle Name</th>
<th>Last Name</th>
<th>Client ID</th>
<th>Diagnosis</th>
<th>Gender</th>
<th>Level of Care</th>
<th>Counselor</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=mydata5.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=FirstName value=" . $record['FirstName'] . " </td>";
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
echo "<td>" . "<input type=text name=LastName value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=ClientID value=" . $record['ClientID'] . " </td>";
echo "<td>" . "<input type=text name=Diagnosis value=" . $record['Diagnosis'] . " </td>";
echo "<td>" . "<input type=text name=Gender value=" . $record['Gender'] . " </td>";
echo "<td>" . "<input type=text name=LevelCare value=" . $record['LevelCare'] . " </td>";
echo "<td>" . "<input type=text name=Counselor value=" . $record['Counselor'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['ClientID'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=mydata5.php method=post>";
echo "<tr>";
echo "<td><input type=text name=ufirstname></td>";
echo "<td><input type=text name=umiddlename></td>";
echo "<td><input type=text name=ulastname></td>";
echo "<td><input type=text name=uclientid></td>";
echo "<td><input type=text name=udiagnosis></td>";
echo "<td><input type=text name=ugender></td>";
echo "<td><input type=text name=ulevelcare></td>";
echo "<td><input type=text name=ucounselor></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
Ok I changed the page to sqli but now when I try to add a record nothing happens and I cannot find the error, I had it working until I started adding more fields then first/last names. I think I have narrowed the error to
if ($stmt = $mysqli->prepare("INSERT clients (FirstName, MiddleName, LastName) VALUES (?,?, ?)"))
{
$stmt->bind_param("ss", $FirstName, $MiddleName, $LastName);
$stmt->execute();
$stmt->close();
}
But I have no idea how to fix it. I found the error!!! Ive only been learning php and MySQL for a week. I still have a lot to learn...
<?php
/*
Allows the user to both create new records and edit existing records
*/
// connect to the database
include("connect-db.php");
// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first = '', $middle = '', $last = '', $ClientID = '', $error = '', $ID = '')
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($ID != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($ID != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>
<form action="" method="post">
<div>
<?php if ($ID != '') { ?>
<input type="hidden" name="ID" value="<?php echo $ID; ?>" />
<p>ID: <?php echo $ID; ?></p>
<?php } ?>
<strong>First Name: *</strong> <input type="text" name="FirstName"
value="<?php echo $first; ?>"/><br/>
<strong>Middle Name: *</strong> <input type="text" name="MiddleName"
value="<?php echo $middle; ?>"/>
<strong>Last Name: *</strong> <input type="text" name="LastName"
value="<?php echo $last; ?>"/>
<strong>Client ID: *</strong> <input type="text" name="ClientID"
value="<?php echo $ClientID; ?>"/>
<strong>Diagnosis: *</strong> <input type="text" name="Diagnosis"
value="<?php echo $last; ?>"/>
<strong>Gender: *</strong> <input type="text" name="Gender"
value="<?php echo $last; ?>"/>
<strong>Counselor: *</strong> <input type="text" name="Counselor"
value="<?php echo $last; ?>"/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'ID' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['ID']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'ID' in the URL is valid
if (is_numeric($_POST['ID']))
{
// get variables from the URL/form
$ID = $_POST['ID'];
$FirstName = htmlentities($_POST['FirstName'], ENT_QUOTES);
$MiddleName = htmlentities($_POST['MiddleName'], ENT_QUOTES);
$LastName = htmlentities($_POST['LastName'], ENT_QUOTES);
$ClientID = htmlentities($_POST['ClientID'], ENT_QUOTES);
// check that FirstName and LastName are both not empty
if ($FirstName == '' || $MiddleName == '' || $LastName == '' || $ClientID == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FirstName, $MiddleName, $LastName, $ClientID, $error, $ID);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE clients SET FirstName = ?, MiddleName = ?, LastName = ?, ClientID = ?
WHERE ID=?"))
{
$stmt->bind_param("ssi", $FirstName, $MiddleName, $LastName, $ClientID, $ID);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: view.php");
}
}
// if the 'ID' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'ID' value is valid
if (is_numeric($_GET['ID']) && $_GET['ID'] > 0)
{
// get 'ID' from URL
$ID = $_GET['ID'];
// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM clients WHERE ID=?"))
{
$stmt->bind_param("i", $ID);
$stmt->execute();
$stmt->bind_result($ID, $FirstName, $MiddleName, $LastName, $ClientID);
$stmt->fetch();
// show the form
renderForm($FirstName, $MiddleName, $LastName, $ClientID, NULL, $ID);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'ID' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}
/*
NEW RECORD
*/
// if the 'ID' variable is not set in the URL, we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$FirstName = htmlentities($_POST['FirstName'], ENT_QUOTES);
$MiddleName = htmlentities($_POST['MiddleName'], ENT_QUOTES);
$LastName = htmlentities($_POST['LastName'], ENT_QUOTES);
$ClientID = htmlentities($_POST['ClientID'], ENT_QUOTES);
// check that FirstName and LastName are both not empty
if ($FirstName == '' || $MiddleName == '' || $LastName == '' || $ClientID == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FirstName, $MiddleName, $LastName, $ClientID, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT clients (FirstName, MiddleName, LastName, ClientID) VALUES (?, ?)"))
{
$stmt->bind_param("ss", $FirstName, $MiddleName, $LastName, $ClientID);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close the mysqli connection
$mysqli->close();
?>

First, you're not escaping your value attributes. That's probably the cause of your <td that you're seeing.
You've got:
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
EDIT To demonstrate, the output from this assuming there was no MiddleName ("" should be: <td><input type=text name=MiddleName value= </td>, that doesn't look right. The output from below would be: <td><input type="text" name="MiddleName" value=""></td> now you can see that empty MiddleName value is "" in the HTML - an empty string there as well.
And it should be:
echo "<td><input type=\"text\" name=\"MiddleName\" value=\"" . $record['MiddleName'] . "\"></td>";
That should resolve that issue. Notice that I've placed \" around your attributes. This is not PHP, this is HTML, all attribute values should be enclosed in quotes (I could have used single quotes (') but I prefer double quotes).
The second problem is also a simple solution but again, not PHP - this is a SQL question.
A search is basically where X is like Y. There is actually an operator for this in SQL, LIKE. Now, this example isn't necessarily the most efficient means of searching, but it's definitely useful.
So you're getting the name from the request.
$name = $_REQUEST["query"];
// NEVER DO THE FOLLOWING, NOT EVER. Never trust input from a user, NEVER.
// Don't even think about putting input from the user in a query like this.
// If this input was: "'; DROP TABLE users; --" then you just lost your
// user database.
// $sql = "SELECT * FROM users WHERE FirstName LIKE '%" . $name . "%';";
// Do this instead (with mysqli, not mysql)
$sql = "SELECT * FROM users WHERE FirstName LIKE '%" . mysqli_real_escape_string($conn, $name) . "%';";
// Now search
$results = mysqli_query($conn, $sql);
// Do something with results.
And of course, finally - pagination. You want to paginate. That's a good idea. Here's a simple way to do that. First things first, you'll want to pass a piece of query data along with your request, like ?page=1 on the end of your URLs. This is important.
const PER_PAGE = 30;
if (array_key_exists($_REQUEST, "page")) {
$page = intval($_REQUEST["page"]);
} else {
$page = 1;
}
$offset = PER_PAGE * ($page - 1);
$sql = "SELECT * FROM users LIMIT " . $offset . ", " . PER_PAGE . ";";
$res = mysqli_query($conn, $sql);
// Render your page links:
// leave php, no need to echo every line of HTML.
// Fetch the count of total users with:
// SELECT COUNT(id) FROM users; -- replace id with your primary key field
// and then get your number of pages by '$count / PER_PAGE'
?>
<?php if ($pageCount > 1) { ?>
<div class="pagination">
<?php if ($page > 1) { ?>
Previous
<?php } else { ?>
<span>Previous</span>
<?php } ?>
<?php for ($i = 1; i < $pageCount; $i++) {
if ($page === $i) { ?>
<span class="current-page"><?php echo $i; ?></span>
<?php } else { ?>
<?php echo $i; ?>
<?php }
} ?>
<?php if ($page < $pageCount) { ?>
Next
<?php } else { ?>
<span>Next</span>
<?php } ?>
</div>
<?php } ?>
It is rather ugly with the embedded PHP, my apologies for that. There are other alternatives but I wouldn't want to push too much into one post for a newbie.
EDIT
Obviously you might want to make your pagination smarter. Like, if you have 10 pages you might not want to see: Previous 1 2 3 4 5 6 7 8 9 10 Next if you're onw page 7, you might just want to show: Previous 5 6 7 8 9 Next or some other alternative to keep your list from getting out of control. I didn't demonstrate this, I demonstrated the basic form of Pagination that you can start with and then you can try to modify that with to achieve your desired goals.
For further study I would like to give you some topics to research once you feel you've gotten a grasp on these and other basic tasks.
Prepared statements - while the way I showed you (using mysqli_real_escape_string()) is safer than adding the string directly to the query, prepared statements are even safer than that.
PDO - A seemingly logical next step up the chain of database access is PDO - basically building an ORM for you Database objects (and, I guess, also ORM).
Different pagination techniques, not just of rendering the links. But try your hand with "infinite scrolling." this will require some knowledge of AJAX.
AJAX - need to know some JavaScript and I'd recommend doing this, at first, without something like jQuery.
Something like jQuery, building interactive applications.
From there, I hope you're already finding new things to learn that are referenced when trying to seek the above. This is all basic web development knowledge that would be good to have.

For first part, you don't have quotes outputting correctly.
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
should be
echo "<td>" . '<input type="text" name="MiddleName" value="' . $record['MiddleName'] . '"/> </td>';
or
echo "<td><input type='text' name='MiddleName' value='{$record['MiddleName']}'></td>";
You can use variables inside double quotes in PHP. You can access array inside if you surround with curly braces, you can also access objects. I feel it is more readable but some like to concatinate.
For second par, you can use GET variables in url, such as index.php?page=1&per_page=10
For searching
$query = "SELECT * FROM clients WHERE FirstName = '$firstName'";
// or
$query = "SELECT * FROM clients WHERE FirstName LIKE '%$firstName%'";
Also, the mysql driver is being removed in the next version of PHP, as it has been deprecated for a while, mysqli should be used instead.

As Xeridea wrote check your html. And if you need to display 10 results change your sql request to
$sql = "SELECT * FROM clients LIMIT 10";
or if you need clienst 10 - 20
$sql = "SELECT * FROM clients LIMIT 10,10";
first 10 - from,
second how many
if you need select clients the name is John
$sql = "SELECT * FROM clients WHERE name = 'John';
Create dinamicly links depends on pages(you can set it in url $_GET request) and use LIMIT to flip pages. Good luck.

You just have to add below code before select query and use my select query.
$SearchString = ''; if(isset($_POST['searchtext']) &&
$_POST['searchtext']!=''){ $searchtext = $_POST['searchtext'];
$SearchString = " WHERE FirstName LIKE "'.$searchtext.' ";
mysql_query($AddQuery, $con); };
$sql = "SELECT * FROM clients".$SearchString;

Option Search Bar in html that searches using different attributes

I want to make a search bar in a table called items with two different options: IID, Type. The code is below.
<h1> Search </h1>
<form name="search" action="items.php" method="get">
Search For: <input type="text" name="item"> in
<select name = "Option">
<option value= "IID"> IID </option>
<option value= "Type"> Type </option>
</select>
<input type="submit" value="search">
</form>
The data is stored as a table called Item with attributes IID and type.
I then do a query, but I'm getting lost here on how to change the select clause.
I have the code here so that it searches for item(s) with a certain type the user inputs, but how can I also change the clause so that it corresponds to the option menu in the search bar where you can find items with IID? Would I have to write 2 different queries?
Any help would be appreciated!
<?php
//SEARCH by type
$item = ucfirst($_GET["item"]);
if($item != null){
$result = executePlainSQL("select * from item where type = '" . $item . "'");
}
else{
$result = executePlainSQL("select * from item");
}
printItem_byType($result);
//Print result
function printItem_byType($result){
echo '<table>';
echo '<tr><td>IID</td><td>Type</td></tr>';
while ($row = OCI_Fetch_Array($result, OCI_BOTH)) {
echo "<tr><td>" . $row[0] . "</td>
<td>" . $row[1] . "</td>
<td><a href= profile.php?type= ". $row[2] . ">" $row[2] . "</td></tr>";
}
echo '</table>';
}

//SEARCH by type
$item = ucfirst($_GET["item"]);
$option = $_GET["option"];
if($item != null){
$result = executePlainSQL("select * from item where type = '" . $item . "' and filter_by = '" . $option . "'");
}
else{
$result = executePlainSQL("select * from item");
}
then add one colum called "filter_by" on the sql table.

PHP, MYSQL and HTML FORMS not working together

I have this code but when I press the submit button No data is being transferred via Get, with the exemption on the submit.
<table cellspacing="0px">
<tr>
<td>Name</td><td>Today - <?php echo $date;?></td>
</tr>
<form method="get" action="update_reg.php">
<?php
$result = mysqli_query($con,"SELECT * FROM TABLE WHERE GROUP = 'Penguins' ORDER BY Rank, Name ");
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>";
if($row['Rank'] == "a"){
$rank = "TOP ";
}
if($row['Rank'] == "b"){
$rank = "MIDDLE ";
}
if($row['Rank'] == "c"){
$rank = "SECOND ";
}
if($row['Rank'] == "d"){
$rank = "BOTTOM ";
}
if($row['Rank'] == "e"){
$rank = "";
}
echo $rank . $row['Name'] . "</td>";
$num = $num + 1;
echo "<td><input type=\"text\" class=\"today\" id=\"" . $row['id'] . "\" data-number=\"" . $num . "\" size=\"1\" maxlength=\"1\"></td></tr>";
}
?>
</table>
<input type="submit" value="submit">
</form>
For some reason this isn't working, anyone got any ideas why? Thanks in advance.

You need to add a value="" attribute and name="" attribute to your <input>s.
For example:
echo "<td><input type=\"text\" class=\"today\" id=\"" . $row['id'] . "\" name=\"" . $row['id'] . "\" data-number=\"" . $num . "\" value=\"" . $num . "\" size=\"1\" maxlength=\"1\"></td></tr>";
I'm not sure what you're trying to submit exactly, but place that in the value for the value attribute and make sure to give each one a name attribute and value. In my example, I used $num for the value and $row['id'] for the name.

None of your <input> tags have name attributes. No name, no form submission.

GROUP is a reserved keyword.
So you need to backtick it as
`GROUP`
SELECT * FROM TABLE WHERE `GROUP` = 'Penguins' ORDER BY Rank, Name
UPDATE FROM LAST COMMENT
Input need a name which is not there and if you give same name for all of them they will not work. So give a name="something[]" and on submit get the data as array

How to order a query result using a drop down list

I want to use a dropdown list to order the query result. Whatever option is chosen in the dropdown list, the query will be ordered in ascending order by the option selected. My query works fine, I just need to include the ORDER BY clause. Please look at the form carefully and please help me on this problem.
Below is the code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Exam Interface</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form action="exam_interface.php" method="post" name="sessionform"> <!-- This will post the form to its own page"-->
<p>Session ID: <input type="text" name="sessionid" /></p> <!-- Enter Session Id here-->
<p>Module Number: <input type="text" name="moduleid" /></p> <!-- Enter Module Id here-->
<p>Teacher Username: <input type="text" name="teacherid" /></p> <!-- Enter Teacher here-->
<p>Student Username: <input type="text" name="studentid" /></p> <!-- Enter User Id here-->
<p>Grade: <input type="text" name="grade" /></p> <!-- Enter Grade here-->
<p>Order Results By: <select name="order">
<option name="noorder">Don't Order Results</option>
<option name="ordersessionid">Session ID</option>
<option name="ordermoduleid">Module Number</option>
<option name="orderteacherid">Teacher Username</option>
<option name="orderstudentid">Student Username</option>
<option name="ordergrade">Grade</option>
</select>
<p><input type="submit" value="Submit" /></p>
</form>
<?php
$username="xxx";
$password="xxx";
$database="mobile_app";
mysql_connect('localhost',$username,$password);
#mysql_select_db($database) or die("Unable to select database");
$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];
$result = mysql_query("SELECT * FROM Module m INNER JOIN Session s ON m.ModuleId = s.ModuleId JOIN Grade_Report gr ON s.SessionId = gr.SessionId JOIN Student st ON gr.StudentId = st.StudentId WHERE ('$sessionid' = '' OR gr.SessionId = '$sessionid') AND ('$moduleid' = '' OR m.ModuleId = '$moduleid') AND ('$teacherid' = '' OR s.TeacherId = '$teacherid') AND ('$studentid' = '' OR gr.StudentId = '$studentid') AND ('$grade' = '' OR gr.Grade = '$grade')");
$num=mysql_numrows($result);
echo "<table border='1'>
<tr>
<th>Student Id</th>
<th>Forename</th>
<th>Session Id</th>
<th>Grade</th>
<th>Mark</th>
<th>Module</th>
<th>Teacher</th>
</tr>";
while ($row = mysql_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['StudentId'] . "</td>";
echo "<td>" . $row['Forename'] . "</td>";
echo "<td>" . $row['SessionId'] . "</td>";
echo "<td>" . $row['Grade'] . "</td>";
echo "<td>" . $row['Mark'] . "</td>";
echo "<td>" . $row['ModuleName'] . "</td>";
echo "<td>" . $row['TeacherId'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close();
?>
</body>
</html>

Well, the ORDER BY clause goes after the WHERE clause, so you just need to add it in there, right? I suggest that the easiest way to do it given your current code is to use a switch to set the value of a variable, $orderbyclause say, and append that variable to the end of the query. (The default case of your switch should set $orderbyclause to the empty string.)
Also, please read about SQL injection and learn how to protect against it. The code you have posted has big security holes.

switch ($_POST['order') {
case 'ordersessionid': $order_field = 'gr.SessionID'; break;
case 'ordermoduleid': $order_field = 'whatever'; break;
...
default: $order_field = 'default_field'; break;
}
$sql = "SELECT .... ORDER BY {$order_field} ASC";
You may be tempted to try and just directly insert $_POST['order'] into the query, with appropriate name="" values in the form, but... DON'T. Little Bobby Tables will stop in for a visit and never leave.

Dynamically create form elements with php

This short program is suppose find the column names of a table X, and create a form with at least one text field and one select element that contains all the names of the columns of the table. With that information, the user can perform a search on this table and further specify on which column he would like to do the search. I would like it for the user to be able to add more text fields with matching select elements, just in case he wants to refine his search.
How can I dynamically add those extra fields when ever the user press a button?
<?php
$table_name = "tablename";
mysql_connect("localhost", "root", "");
$query = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = '$table_name'";
$result = mysql_query($query);
$column_names="";
while($row = mysql_fetch_array($result)){
$column_names == "" ? $column_names .= $row["COLUMN_NAME"] : $column_names .= "," . $row["COLUMN_NAME"] ;
}
$column_names = explode(",", $column_names);
?>
<html>
<head>
<title>SQLSEARCH</title>
</head>
<body>
<form action="index.php" method="post">
<?php
echo "Search: <input tpe=\"text\" name=\"advtext[]\" /> in ";
echo "<select name=\"advselect[]\">";
foreach($column_names as $value)
echo "<option>" . $value . "</option>";
echo "</select>";
?>
<input type="hidden" name="searchsent" value="1" />
<input type="submit" name="searchbutton" value="Search" />
</form>
<input type="button" name="addattributes" value="Add Search Attributes" / onclick="AddSelect();">
</body>
</html>

This function adds an input element and a select element, every time the user presses the button.
function AddSelect(){
var newInput = document.createElement('input');
newInput.type='text';
newInput.name = 'advtext[]';
<?php
foreach($column_names as $value => $i){
echo "\tvar newOption" . $value . "=document.createElement('option')" . "\n";
echo "\tnewOption" . $value . ".value='" . $i . "';" . "\n";
echo "\tnewOption" . $value . ".innerHTML='" . $i . "';" . "\n\n";
}
?>
var newSelect = document.createElement('select');
newSelect.name = 'advselect[]';
<?php
foreach($column_names as $value => $i){
echo "\tnewSelect.appendChild(newOption" . $value . ")" . "\n";
}
?>
var SubmitButton = document.forms.myform.searchbutton;
document.forms.myform.insertBefore(newInput, SubmitButton);
document.forms.myform.insertBefore(document.createTextNode(" in "), SubmitButton);
document.forms.myform.insertBefore(newSelect, SubmitButton);
}

You can use innerHTML properties for your form . Otherwise use Ajax Functionality to add the extra text box to add dynamically.

Categories