homepage Welcome to WebmasterWorld Guest from 50.16.130.188
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
How can I keep the variables from a search box so I can use them later
ksklos




msg:4609312
 3:55 pm on Sep 12, 2013 (gmt 0)

I have category and criteria dropdowns on a page that gets the data and populates a form. Each of the rows has an edit link that takes the user to another page where they can edit the data of the chosen member. Once the category and criteria are chosen I would like the variables to be maintained within the boxes until changed by the user. Currently they default to original after submit and the user has to go back each time and reenter the category and criteria.


<form method="POST" action="Editfiltersort.php">
<input type="hidden" name="submitted" value="true" />

<label>Search Category:

<select name="category">
<option value="FName">First Name</option>
<option value="LName">Last Name</option>
<option value="City">City</option>
<option value="State">State (Abbreviation)</option>
<option value="Chapter">Chapter Name (check DHC Website for correct spelling)</option>
<option value="ChapterNumber">Chapter Number (Check DHC Website)</option>
</select>
</label>

<label>Search Criteria: <input type="text" name="criteria" /></label>

<input type="submit" />


</form>

<table>
<tr>
<td align="center">Click Edit at the end of the row to edit that member's data</td>
</tr>
<tr>
<td>
<table border="1">
<tr>
<td>Mbr Nbr</td>
<td>First Name</td>
<td>Last Name</td>
<td>Address2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
<td>Phone</td>
<td>E-Mail</td>
<td>Church</td>
<td>Chptr #</td>
<td>Member Notes</td>
<td>&nbsp;</td>
<?

//Connect to the database
$host="xxx"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="membership"; // Database name
$tbl_name="Member"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");
if (isset($_POST['submitted'])) {
$category = $_POST['category'];
$criteria = $_POST['criteria'];

$query = "Select * FROM Member WHERE $category = '$criteria'";
$result = mysql_query($query) or die('Could not get data');

while ($row=mysql_fetch_array($result)){

echo ("<tr><td>$row[MemberNumber]</td>");
echo ("<td>$row[FName]</td>");
echo ("<td>$row[LName]</td>");
echo ("<td>$row[Address]</td>");
echo ("<td>$row[Address2]</td>");
echo ("<td>$row[City]</td>");
echo ("<td>$row[State]</td>");
echo ("<td>$row[Zip]</td>");
echo ("<td>$row[Phone]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[Church]</td>");
echo ("<td>$row[Chapter]</td>");
echo ("<td>$row[ChapterNumber]</td>");
echo ("<td>$row[MemberNotes]</td>");
echo ("<td><a href=\"EditMember_Form.php?id=$row[MemberNumber]\">Edit</a></td></tr>");


 

Readie




msg:4609634
 8:00 pm on Sep 13, 2013 (gmt 0)

Try a session.

At the start of each script where you need to use session data, call the session_start() [uk3.php.net] function.

You can then do like:

<?php

session_start();

if(isset($_POST['my_text_field'])) {
$_SESSION['some_key'] = $_POST['my_text_field'];
}

?>
<form method="post" action="">
<input type="text" name="my_text_field" value="<?php echo (isset($_SESSION['some_key']))? $_SESSION['some_key'] : 'Default value' ?>">
<input type="submit" value="Submit">
</form>

To get rid of the data in a session, just call unset($_SESSION['some_key']). To get rid of the session entirely, call session_destroy().

Please bear in mind the above is an extremely simple value, don't forget to sanitize the user input with htmlentites etc before putting it into the HTML.

---

Also -

$criteria = $_POST['criteria'];

$query = "Select * FROM Member WHERE $category = '$criteria'";

This is very dangerous. At the very least, you should be doing this:

$criteria = mysql_real_escape_string($_POST['criteria']);

$query = "Select * FROM Member WHERE $category = '$criteria'";

If you don't, some unscrupulous individual might come along and submit, say,

';delete from Member; --

And just like that, you'd have lost a load of data.

ksklos




msg:4609777
 3:31 pm on Sep 14, 2013 (gmt 0)

Thanks, Readie, for this. I have some questions, however. I should have mentioned that I am an newbie with php. Most of the code I have been using has been cobbled together from Google. I am not sure where to put the session code. I looked as if it should go after my <form> code and before the category drop down. I tried that but it would not retrieve my data and gave me this message:
PHP Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /hermes/bosoraweb124/b180/ipg.daughtershcorg/DaughtersHC/source/EditMember.php:18) in /hermes/bosoraweb124/b180/ipg.daughtershcorg/DaughtersHC/source/EditMember.php on line 20
I am sure it is not in the right place now. so here is my code now. Can you help me with where to insert your code? Thanks.

Readie




msg:4609780
 4:20 pm on Sep 14, 2013 (gmt 0)

session_start() should be called before any output is sent to the browser, otherwise it throws the error you see there.

So, at the absolute top of your file.

ksklos




msg:4609971
 10:10 pm on Sep 15, 2013 (gmt 0)

Thanks. I have it sorting and keeping the criteria. Next I want to be able to send the criteria to the next page, but I am going to try this on my own first. If I run into problems I will post them on the forum. Thanks for your suggestions on the htmlentities and the mysql_real_escape_string. These are things that don't always come out when one is looking at someone else's code.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved