homepage Welcome to WebmasterWorld Guest from 54.205.144.54
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
select from php dropdown list and print
To get selection from dropdown list to print
Jaqua




msg:4483712
 10:14 pm on Aug 10, 2012 (gmt 0)

Hello
I am trying to get 4 dropdown lists to query mysql and then print the results in an html table.

There must be an error somewhere in the lines:
$query = mysql_query ("SELECT * FROM accomodation WHERE
Area='" . $_POST["Area"] . "'
AND Location='" . $_POST["Location"] . "'
AND Sleeps='" . $_POST["Sleeps"] . "'
AND Price='" . $_POST["Price"] . "'");
echo $sql;


while ($row = @mysql_fetch_array($query))

as it will not print out the query.

If I make it just
SELECT * FROM accomodation
Then I get the whole database to print.

Files are below:
search3b.php
<html>
<head>
<title>Search.</title>
</head>
<body>
<form method="post" action="results3b.php" target="_blank">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bordercolor="#000000">
<p align="center">
<table><tr>
<td style="font-family: arial, verdana; font-size: 8pt;">Area</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Location</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Sleeps</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Price range</td>
<td>&nbsp;</td></tr><tr>
<td><select name="Area">
<option value="0" selected >View All</option>
<option value="1" >South</option>
<option value="2" >Central</option>
<option value="3" >North</option>
</select></td>
<td><select name="Location">
<option value="0" selected >Any</option>
<option value="1" >Gooseberry Flat</option>
<option value="2" >Claris</option>
</select></td>
<td><select name="Sleeps">
<option value="0">Any</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
</select></td>

<td><select name="Price">
<option value="0">Any</option>
<option value="1">100</option>
<option value="2">200</option>
</select></td></tr></table>
Search database: <input name=look type=submit value=Submit></p>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>

AND results3b.php
<html>
<head>
<title>Results</title>
</head>
<body>

<div align="center">
<table border="1" cellpadding="5" cellspacing="0" bordercolor="#000000">
<tr>

<td width="100"><b>Area</b></td>
<td width="70"><b>Location</b></td>
<td width="10"><b>Sleeps</b></td>
<td width="50"><b>Price from</b></td>

</tr>
<tr>
<td>

<?php $hostname = "host"; // Our DB server.
$username = "island"; // The username you created for this database.
$password = "islandxyz"; // The password you created for the username.
$usertable = "accomodation"; // The name of the table you made.
$dbName = "Island"; // This is the name of the database you made.

MYSQL_CONNECT($hostname, $username, $password) OR DIE("DB connection unavailable");
@mysql_select_db( "$dbName") or die( "Unable to select database");
?>
<?php
//error message (not found message)begins
$XX = "No Record Found, to search again please close this window";
//query details table begins


$query = mysql_query ("SELECT * FROM accomodation WHERE
Area='" . $_POST["Area"] . "'
AND Location='" . $_POST["Location"] . "'
AND Sleeps='" . $_POST["Sleeps"] . "'
AND Price='" . $_POST["Price"] . "'");
echo $sql;


while ($row = @mysql_fetch_array($query))
{
echo "<p>",

$variable1=$row["Area"];
$variable2=$row["Location"];
$variable3=$row["Sleeps"];
$variable4=$row["Price"];

//table layout for results

print ("<tr>");

print ("<td>$variable1</td>");
print ("<td>$variable2</td>");
print ("<td>$variable3</td>");
print ("<td>$variable4</td>");

print ("</tr>");
}

//below this is the function for no record!
if (!$variable1)
{
print ("$XX");
}
//end
?>
</table>
</center>
</div>
</body>
</html>

Any help would be appreciated, thanks

 

swa66




msg:4483722
 10:32 pm on Aug 10, 2012 (gmt 0)

I hope you do plan to do input sanitation ... this is an open invitation for hackers.

Ref: [xkcd.com...]

Since you seem to be learning, I think it's far more productive to forget about the old (should be obsolete) mysql interface and move to the more modern mysqli interface instead and use prepared statements to have less security troubles.

Anyway, even if the a mysql database gives minimal useful error messages, hiding them with @ is not going to help you along.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved