Forum Moderators: open
So I have a search engine made with PHP and what it does is it searches a MySQL database but then after that I want it to take you to a web page that displays all of the data in that row. I guess this would be done with an HTML Form get tag but I don't really know. I hope that is enough information that someone can work with me from there.
Thanks in advance!
[edited by: Spiceydog at 2:27 am (utc) on May 8, 2008]
<form method="POST" action="your-results-page.php">
YOUR input field here
Submit button here
close form tag here
Then on the results page, capture the sent query
$query = $_POST['input-field-name'];
connect to db
$query = "SELECT what from WHERE etc";
$result = mysql_query($query) or die("Couldnt' execute query.");
while ($data = mysql_fetch_array($result)){
$a = $data['a'];
$b = $data['b'];
$c = $data['c'];
print "$a, $b, $c";
}
ab&c are just examples to getting all the data out of the db, to print out numerous rows of data, remember to keep the print within the closing } tag
But now I am getting a "Couldn't Execute Query." error! Here is my entire script on my output.php page. I have made sure that everything that the query is selecting is spelled correctly.:
<html>
<head>
<?php
$query = $_POST['searchname'];
include 'login.php';
$query = "SELECT name,
year,
adviser,
first,
second,
third,
fourth,
fifth,
sixth,
seventh,
eighth,
student_id
WHERE name='$searchname'
ORDER BY DESC LIMIT 0, 1";
$result = mysql_query($query) or die("Couldn't execute query.");
while ($data = mysql_fetch_array($result)){
{
$name = $data['name'];
$adviser = $data['adviser'];
$year = $data['year'];
$first = $data['first'];
$second = $data['second'];
$third = $data['third'];
$fourth = $data['fourth'];
$sixth = $data['sixth'];
$seventh = $data['seventh'];
$eighth = $data['eighth'];
}
print "$name, $adviser, $year, $first, $second, $third, $fourth, $fifth, $sixth, $seventh, $eighth";
}
{
?>
<title><?php echo " {$row['name']}'s"; ?> Daily Schedule</title>
<link href="output.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="full">
<center><div class="red">Name: <?php echo " {$row['name']}"; ?>     ¦¦     
Adviser: <?php echo " {$row['adviser']}"; ?>     ¦¦     
Year at CFS: <?php echo " {$row['year']}"; ?></div></center>
<!--DIV CLASS LINE 1-->
<div class="line1">
<b>
<div class="weekday"><center>Monday</center></div>
<div class="homeroom"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 8:30-8:40</center></div>
<div class="period1"><center><?php echo " {$row['first']}"; ?><br> 8:45-9:30</center></div>
<div class="period2"><center><?php echo " {$row['second']}"; ?><br> 9:35-9:30</center></div>
<div class="break"><center>Break<br> 10:20-10:30</center></div>
<div class="period3"><center><?php echo " {$row['third']}"; ?><br> 10:35-11:20</center></div>
<div class="period4"><center><?php echo " {$row['fourth']}"; ?><br> 11:25-12:10</center></div>
<div class="lunch"><center>Lunch<br> 12:10-12:55</center></div>
<div class="period5"><center><?php echo " {$row['fifth']}"; ?><br> 1:00-1:45</center></div>
<div class="group"><center>Group Collection<br> 1:50-2:15</center></div>
<div class="period6"><center><?php echo " {$row['sixth']}"; ?><br> 2:20-3:05</center></div>
<div class="homeroom2"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 3:05-3:15</center></div>
</div>
<!--DIV CLASS LINE 2-->
<div class="line2">
<div class="weekday"><center>Tuesday</center></div>
<div class="homeroom"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 8:30-8:40</center></div>
<div class="period3"><center><?php echo " {$row['third']}"; ?><br> 8:45-9:30</center></div>
<div class="period4"><center><?php echo " {$row['fourth']}"; ?><br> 9:35-10:20</center></div>
<div class="clerks"><center>Clerks (Long Break)<br> 10:20-10:50</center></div>
<div class="period7"><center><?php echo " {$row['seventh']}"; ?><br> 10:55-12:10</center></div>
<div class="lunch"><center>Lunch<br> 12:10-12:55</center></div>
<div class="period6"><center><?php echo " {$row['sixth']}"; ?><br> 1:00-1:45</center></div>
<div class="period8"><center><?php echo " {$row['eighth']}"; ?><br> 1:50-3:05</center></div>
<div class="homeroom2"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 3:05-3:15</center></div>
</div>
<!--DIV CLASS LINE 3-->
<div class="line3">
<div class="weekday"><center>Wednesday</center></div>
<div class="homeroom"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 8:30-8:40</center></div>
<div class="period1"><center><?php echo " {$row['first']}"; ?><br> 8:45-9:30</center></div>
<div class="period2"><center><?php echo " {$row['second']}"; ?><br> 9:35-9:30</center></div>
<div class="break"><center>Break<br> 10:20-10:30</center></div>
<div class="period3"><center><?php echo " {$row['third']}"; ?><br> 10:35-11:20</center></div>
<div class="period4"><center><?php echo " {$row['fourth']}"; ?><br> 11:25-12:10</center></div>
<div class="lunch"><center>Lunch<br> 12:10-12:55</center></div>
<div class="period5"><center><?php echo " {$row['fifth']}"; ?><br> 1:00-1:45</center></div>
<div class="group"><center>Meeting for Worship<br> 1:50-2:15</center></div>
<div class="period6"><center><?php echo " {$row['sixth']}"; ?><br> 2:20-3:05</center></div>
<div class="homeroom2"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 3:05-3:15</center></div>
</div>
<!--DIV CLASS LINE 3-->
<div class="line4">
<div class="weekday"><center>Thursday</center></div>
<div class="homeroom"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 8:30-8:40</center></div>
<div class="period1"><center><?php echo " {$row['first']}"; ?><br> 8:45-9:30</center></div>
<div class="period2"><center><?php echo " {$row['second']}"; ?><br> 9:35-9:30</center></div>
<div class="break"><center>Break<br> 10:20-10:30</center></div>
<div class="period70"><center><?php echo " {$row['seventh']}"; ?><br> 10:35-11:55</center></div>
<div class="lunch2"><center>Office Hours/Lunch<br> 11:55-12:55</center></div>
<div class="period5"><center><?php echo " {$row['fifth']}"; ?><br> 1:00-1:45</center></div>
<div class="period8"><center><?php echo " {$row['eighth']}"; ?><br> 1:50-3:05</center></div>
<div class="homeroom2"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 3:05-3:15</center></div>
</div>
<!--DIV CLASS LINE 5-->
<div class="line5">
<div class="weekday"><center>Friday</center></div>
<div class="homeroom"><center><?php echo " {$row['adviser']}'s"; ?> Room<br> 8:30-8:40</center></div>
<div class="period1"><center><?php echo " {$row['first']}"; ?><br> 8:45-9:30</center></div>
<div class="period2"><center><?php echo " {$row['second']}"; ?><br> 9:35-10:20</center></div>
<div class="break"><center>Break<br> 10:20-10:30</center></div>
<div class="period3"><center><?php echo " {$row['third']}"; ?><br> 10:35-11:20</center></div>
<div class="period4"><center><?php echo " {$row['fourth']}"; ?><br> 11:25-12:10</center></div>
<div class="lunch"><center>Lunch<br> 12:10-1:00</center></div>
<div class="advisee"><center><?php echo " {$row['adviser']}'s"; ?> Room for Advisee Time<br> 1:00-1:35</center></div>
<div class="period5"><center><?php echo " {$row['fifth']}"; ?><br> 1:40-2:25</center></div>
<div class="period6"><center><?php echo " {$row['sixth']}"; ?><br> 2:30-3:15</center>
</div>
</div></div></div></b>
<?php
}
?>
</body>
</html>
$query = $_POST['searchname'];
include 'login.php';
$query = "SELECT name,...
First thing is you've overwritten the variable $query with the select, replacing the value in $_POST['searchname'] with the select statement. Then later,
WHERE name='$searchname'
If I read this right, I think what you're trying to do is this
$searchname = $_POST['searchname'];
include 'login.php';
$query = "SELECT name,...
Second thing,
ORDER BY DESC LIMIT 0, 1";
Order by . . . what? Desc? :-) Didn't think so. try a field,
ORDER BY name DESC LIMIT 1";
Since you're pulling one record, the "0," is optional.
Third thing, this is a really REALLY bad idea:
$searchname = $_POST['searchname'];
This allows a potential hacker to directly inject malformed input into your select statement. It's an easy fix though, you just need to cleanse that variable. Read up on SQL Injection:
SQL Injection Wiki [en.wikipedia.org] is one of many resources that are required reading for any programmer.
It would make it easier to update should any of the timings change in the future as well as separating out the data from the presentation.
