how do I display values from table based on form input - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

how do I display values from table based on form input

newbie having problems getting mysql data based on form input

makimoto

8:36 pm on Feb 24, 2005 (gmt 0)

10+ Year Member

hello,
i am a new php user, with what i am sure is a hilariously simple question. i need to display data from a mysql table based on input into an html form. the input in the form will match the value in a column in the mysql table.
here is my form.html:

<html>
<head>
<title>retailers</title>
</head>
<body>
<form action="showitem.php" method="GET">
<p><strong>code:</strong><br>
<input type="text" name="code">
<P><input type="submit" value="send"></p>
</form>
</body>
</html>

here is the showitem.php:

<?php
//grab image from server
echo ("<img src='mcgaw/HIRES/F$_GET[code].jpg'></a><br \>");
//connect to database
$conn = mysql_connect("sql.domain.com", "username", "password") or die(mysql_error());
mysql_select_db("retailers",$conn) or die(mysql_error());

echo ("<h1>Item Detail</h1>");

//validate item
$get_item = "select * from BMG where CODE = $_GET[code]";
$get_item_res = mysql_query($get_item) or die (mysql_error());

if (mysql_num_rows($get_item_res) < 1) {
//invalid item
echo ("<P><em>Invalid code, please re type.</em></p>");
} else {
//valid item, get info

$code = mysql_result($get_item_res,0,'CODE');
echo $code;
}
?>

now, i realize that my php code is probably totally illogical, but it's because i am totally lost. the input into the form is: A116 and there is a field in BMG called "CODE" (primary key) that has A116 as one of its values. when i enter A116 into the form, i get the error message:

Unknown column 'A116' in 'where clause'

so i assume that i am attempting to call the field name in my select statement instead of searching for a value in the mysql field itself. i guess i should be trying to search by row?

sorry for the silliness of this post, but being a very new php user, my logic is all messed up, and i am totally lost. if anyone can help, then many thanks in advance.

ironik

9:57 pm on Feb 24, 2005 (gmt 0)

10+ Year Member

Your query should probably look more like this:

$get_item = "select * from BMG where CODE='$_GET['code']'";

When accessing a key from an array always use the single quote character $_GET['code'] instead of $_GET[code] (The latter will look for a constant named code). I've also quoted the variable itself. I'm not entirely sure how it is actually picking up the value of A116 without giving a php parser error...

Just picking up on something else with your code:

Try not to use $_GET or $_POST variables without validating them. In your example someone could easily enter some nasty information via the query string and use it to compromise your database (search 'SQL injection vulnerability'). Always validate the data you are receiving from any variable you cannot control the content of, and ensure your code is receiving what you expected it to receive.

ironik

10:12 pm on Feb 24, 2005 (gmt 0)

10+ Year Member

also, IMHO, CODE is not an ideal name for a column. Some names have special meanings in SQL. I'd use a column name like 'code_id' just to make sure your not using something reserved. That being said, I'm not sure this is actually a reserved word.

makimoto

11:04 pm on Feb 24, 2005 (gmt 0)

10+ Year Member

thanks ironik,

i changed the sql select statement as per your advice, and also changed the field name in the table from "CODE" to "code_id".

now when i run the script it gives me this error:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /nfs/2/hello/domain.com/htdocs/2005/showitem.php on line 11

i tried looking this error up, and could not make much sense of what might be causing it. any advice?

jatar_k

11:32 pm on Feb 24, 2005 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

this is a reference list for Parser Tokens [php.net] and yes, I realize it doesn't help much. ;)

try that same line this way

$get_item = "select * from BMG where code_id='" . $_GET['code_id'] . "'";

that array format won't resolve properly inside double quotes you need to concatenate it together, as above, or use braces like so

$get_item = "select * from BMG where code_id='{$_GET['code_id']}'";

I made the change to code_id as well, see what that does.

ironik

12:12 am on Feb 25, 2005 (gmt 0)

10+ Year Member

Also, with jatar_k's first example (which is what I use most of the time) any syntax highlighting editor that you are using (zend, dreamweaver, php designer...) will highlight the variables properly which makes it easier to read... and debug.

makimoto

12:55 am on Feb 25, 2005 (gmt 0)

10+ Year Member

thanks jatar_k!

i used the second of your suggestions, and it's working!

also, i want to be able to display other pieces of data from different fields in the same record. for example, the user knows the code, types it (A116) into the form, and then it displays additional data from the same row in the table to the browser.

is this possible or am i totally out to lunch here? i assume it's doable since the script has already identified the row. please advise, thx.

ironik

1:36 am on Feb 25, 2005 (gmt 0)

10+ Year Member

instead of your original code:

$code = mysql_result($get_item_res,0,'CODE');
echo $code;

use:

$row = mysql_fetch_array($get_item_res); // If you are returning 1 row
echo $row['code_id'];
echo $row['field_1'];
echo $row['field_2'];

Where field 1 and field 2 are your other field names.

If you need to return multiple rows use:
while ($row = mysql_fetch_array($get_item_res))
{
echo $row['code_id'];
echo $row['field_1'];
echo $row['field_2'];
}

That will iterate each row returned by the query. There are other ways to return data (objects etc) but I find this the easiest.

makimoto

6:53 pm on Feb 25, 2005 (gmt 0)

10+ Year Member

thanks ironik! that worked great!