1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:01 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

PHP and MYSQL Posting and Searching

         

tiranto

5:59 am on Feb 19, 2010 (gmt 0)

10+ Year Member



Hi All,

Iv successfully searched and managed to make a form populate a MYSQL Database with values that are unique to the CNA ID and that is all working fine, It takes the data, posts it in the Database and returns a page with the values for printing. I now need to search that database.

My search script is as follow (File name: search.php)
---------------------------------------------------
<html>
<link href="../style.css" rel="stylesheet" type="text/css">
<body>
<center>

<table border="0" width="850" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
<tr>
<td><img src="../images/Small_Logo.jpg"></td>
<td><font size="6"><center><b>Free of Charge Accessory Request</b></font></center></td>
</tr>
<tr>
<td colspan="2">&nbsp;</td>
</tr>
</table>

<form name="cnasearch" method="post" action="searchprint.php">
<input type="text" name="cnadata" id="cnadata" size="16" value="CNA123456123456" MAXLENGTH="15" />
<input type="submit" name="search" value="Search">
</form>
<p>
<a href="index.php"><b><u>Back to the FOC Form.</b></u></a>
------------------------------------

The value "CNA123456123456" is the ID of an exisiting record in the Database Im trying to recall and echo the values for

This is where im at so far (file name: focprint.php)
-----------------------------------
<?PHP
// username and password sent from form
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="foc"; // Database name
$tbl_name="foc_data"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$cnadata=$_POST['cnadata']

$sql = "fetch from $tbl_name where cna = $cnadata";

$cna=$_GET["cna"];
$f_name=$_GET["f_name"];
$s_name=$_GET["s_name"];


?>
<html>
<link href="../style.css" rel="stylesheet" type="text/css">
<body>
<center>
<p>
<b>CNA ID:</b> <?php echo $cnadata; ?>
<p>
<b>Customers Name:</b> <?php echo $f_name; ?> - <?php echo $s_name; ?>
<p>
<a href="index.php"><b><u>Back to the FOC Form</b></u></a> - <a href="search.php"><b><u>Search FOC system again</b></u></a>

<?php
?>
----------------------------------------------
I know this is not the complete code to make it work but google searching has given me varing results and ways to do this but all have failed for me in what im trying to do and now im finding my self stuck.

I dont expect anyone to write the whole thing for me im more then happy to read source codes to understand and then work them into my own data.

Any help would be greatly appreciated.

Readie

6:08 am on Feb 19, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Welcome to Webmaster World Tiranto

The following code should grab you what you want, be sure to change the "column1" "column2" etc to the correct MySQL column header names. 
$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE cna="' . $cnadata . '"';
$result = mysql_query($sql);
$some_info_one = mysql_result($result,0,"column1");
$some_info_two = mysql_result($result,0,"column2");
$some_info_three = mysql_result($result,0,"column3");


Then you can just echo the "$some_info_[x]"

www.w3schools.com [w3schools.com] has a fairly good tutorial for quickly learning the basics of using a MySQL database with PhP.

Matthew1980

8:43 am on Feb 19, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there tiranto,

Dont forget to:-

$cnadata = mysql_real_escape_string(strip_tags($_POST['cnadata']));
$cna = mysql_real_escape_string(strip_tags($_GET["cna"]));
$f_name = mysql_real_escape_string(strip_tags($_GET["f_name"]));
$s_name = mysql_real_escape_string(strip_tags($_GET["s_name"]));

Clean the data from the globals, because if you dont and you are using them in a sql query, you are leaving yourself open to code injections that could potentially harm your site. Always good practice to sanitise $_POST's & $_GET's ;-p

Cheers,

MRb

tiranto

9:56 pm on Feb 21, 2010 (gmt 0)

10+ Year Member



Hi MRb (Mathew1980)

Many thanks it worked perfectly and did exactly what I need it to do, very much appreciate the help you have provided, ill be able to rework use this information into other forms i have awaiting.

Trev (Tiranto)

tiranto

1:32 am on Mar 5, 2010 (gmt 0)

10+ Year Member



I now have the form working sucessfully, but but when the ID trying to be search doesnt exisit it results with

---------------------------------
Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in D:\xampp\htdocs\foc\snsearchprint.php on line 49

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in D:\xampp\htdocs\foc\snsearchprint.php on line 50

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in D:\xampp\htdocs\foc\snsearchprint.php on line 51

ETC

----------------------------------------------
in the posting the page did a If check which im having diffulty trying to replicate which looked like this

Note: I tired to incorporate the "mysql_real_escape_string(strip_tags)" into the post code but allways resulted in the error pages showing so iv had to remove it till I also work that one out but other wise the posting into the DB is fine with the error checking
----------------------------------------------
$CNA=$_POST['CNA'];

$sql = "insert into `$tbl_name` (`cna`, `phone`, `mobile`, `f_name`, `s_name`, `address`, `suburb`, `p_code`, `state`, `country`, `focdate`, `agent`, `model`, `serial`, `dop`, `product_desc`, `part_no_1`, `part_qty_1`, `part_desc_1`, `part_no_2`, `part_qty_2`, `part_desc_2`, `message`, `mgr`, `status`)
values ('$cna', '$phone', '$mobile', '$f_name', '$s_name', '$address', '$suburb', '$p_code', '$state', '$country', '$focdate', '$agent', '$model', '$serial', '$dop', '$product_desc', '$part_no_1', '$part_qty_1', '$part_desc_1', '$part_no_2', '$part_qty_2', '$part_desc_2', '$message', '$mgr', '$status')";
//$result=mysql_query($sql)or die("test");

$result=mysql_query($sql)or header("location:fail.php");


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

//Register $cna and redirect to file "success.php"
session_register("cna");


}
else {
$focid = mysql_real_escape_string(strip_tags($_GET["focid"]));
$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE cna="' . $cna . '"';
$result = mysql_query($sql);
$output_focid = mysql_result($result,0,"focid");

?>
<html>
<link href="../style.css" rel="stylesheet" type="text/css">

<script language="javascript">
--------------------------------------------

Trying to replicate the above into this is where im having issues.

--------------------------------------------

$sndata = mysql_real_escape_string(strip_tags($_POST['sndata']));
$focid = mysql_real_escape_string(strip_tags($_GET["focid"]));
$cna = mysql_real_escape_string(strip_tags($_GET["cna"]));
$phone = mysql_real_escape_string(strip_tags($_GET["phone"]));
$mobile = mysql_real_escape_string(strip_tags($_GET["mobile"]));


$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE serial="' . $sndata . '"';
$result = mysql_query($sql);

$output_cna = mysql_result($result,0,"cna");
$output_focid = mysql_result($result,0,"focid");
$output_phone = mysql_result($result,0,"phone");
$output_mobile = mysql_result($result,0,"mobile");

?>
<html>
<link href="../style.css" rel="stylesheet" type="text/css">

<script language="javascript">

--------------------------------

Iv tried to add the --> or header("location:fail.php"); <-- to the end of the $result = mysql_query($sql); string then running some If statements but it either page errors or doesnt acknoledge the if statement.

Any Idea's ? hopfully the above is understandable.

Readie

2:02 am on Mar 5, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



For searching, I tend to do this:

$sql = "SELECT * FROM table WHERE column LIKE '%$search_string%'";

[edited by: Readie at 2:30 am (utc) on Mar 5, 2010]

tiranto

2:30 am on Mar 5, 2010 (gmt 0)

10+ Year Member



Yeah I have, In my Search page it have the DB information listed i only gave ths short snipet of the code but the full looks like below

--------------------------- focidsearchprint.php
<?PHP
// username and password sent from form
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="foc"; // Database name
$tbl_name="foc_data"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$fociddata = mysql_real_escape_string(strip_tags($_POST['fociddata']));
$focid = mysql_real_escape_string(strip_tags($_GET["focid"]));
$cna = mysql_real_escape_string(strip_tags($_GET["cna"]));
$phone = mysql_real_escape_string(strip_tags($_GET["phone"]));
$mobile = mysql_real_escape_string(strip_tags($_GET["mobile"]));
$f_name = mysql_real_escape_string(strip_tags($_GET["f_name"]));
$s_name = mysql_real_escape_string(strip_tags($_GET["s_name"]));
$address = mysql_real_escape_string(strip_tags($_GET["address"]));
$suburb = mysql_real_escape_string(strip_tags($_GET["suburb"]));
$p_code = mysql_real_escape_string(strip_tags($_GET["p_code"]));
$state = mysql_real_escape_string(strip_tags($_GET["state"]));
$country = mysql_real_escape_string(strip_tags($_GET["country"]));

$focdate = mysql_real_escape_string(strip_tags($_GET["focdate"]));
$agent = mysql_real_escape_string(strip_tags($_GET["agent"]));


$model = mysql_real_escape_string(strip_tags($_GET["model"]));
$serial = mysql_real_escape_string(strip_tags($_GET["serial"]));
$dop = mysql_real_escape_string(strip_tags($_GET["dop"]));
$product_desc = mysql_real_escape_string(strip_tags($_GET["product_desc"]));

$part_no_1 = mysql_real_escape_string(strip_tags($_GET["part_no_1"]));
$part_qty_1 = mysql_real_escape_string(strip_tags($_GET["part_qty_1"]));
$part_desc_1 = mysql_real_escape_string(strip_tags($_GET["part_desc_1"]));

$part_no_2 = mysql_real_escape_string(strip_tags($_GET["part_no_2"]));
$part_qty_2 = mysql_real_escape_string(strip_tags($_GET["part_qty_2"]));
$part_desc_2 = mysql_real_escape_string(strip_tags($_GET["part_desc_2"]));

$message = mysql_real_escape_string(strip_tags($_GET["message"]));

$mgr = mysql_real_escape_string(strip_tags($_GET["mgr"]));

$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE focid="' . $fociddata . '"';
$result = mysql_query($sql);

$output_cna = mysql_result($result,0,"cna");
$output_focid = mysql_result($result,0,"focid");
$output_phone = mysql_result($result,0,"phone");
$output_mobile = mysql_result($result,0,"mobile");
$output_f_name = mysql_result($result,0,"f_name");
$output_s_name = mysql_result($result,0,"s_name");
$output_address = mysql_result($result,0,"address");
$output_suburb = mysql_result($result,0,"suburb");
$output_p_code = mysql_result($result,0,"p_code");
$output_state = mysql_result($result,0,"state");
$output_country = mysql_result($result,0,"country");

$output_focdate = mysql_result($result,0,"focdate");
$output_agent = mysql_result($result,0,"agent");


$output_model = mysql_result($result,0,"model");
$output_serial = mysql_result($result,0,"serial");
$output_dop = mysql_result($result,0,"dop");
$output_product_desc = mysql_result($result,0,"product_desc");

$output_part_no_1 = mysql_result($result,0,"part_no_1");
$output_part_qty_1 = mysql_result($result,0,"part_qty_1");
$output_part_desc_1 = mysql_result($result,0,"part_desc_1");

$output_part_no_2 = mysql_result($result,0,"part_no_2");
$output_part_qty_2 = mysql_result($result,0,"part_qty_2");
$output_part_desc_2 = mysql_result($result,0,"part_desc_2");

$output_message = mysql_result($result,0,"message");

$output_mgr = mysql_result($result,0,"mgr");


?>
<html>
--- HTML Echo Loads here ---
</html>
<?php

?>

Readie

2:31 am on Mar 5, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yeah, looked over your first post's code a moment ago and was editing it as you posted that.

tiranto

3:04 am on Mar 5, 2010 (gmt 0)

10+ Year Member



The current Search condition works, it will respond with the value as long as its in the DB, im trying to make it show an eror.php page on event the data doesnt exist rather then showing the (Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in D:\xampp\htdocs\foc\snsearchprint.php on line 49 ) messages.

tiranto

3:06 am on Mar 5, 2010 (gmt 0)

10+ Year Member



But you would recomend i change it from
---------------------------
$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE serial="' . $sndata . '"';
---------------------------
to somthing like
---------------------------
$sql = "SELECT * FROM $tbl_name WHERE serial LIKE '%$sndata%'";

Would it benifit in the loading of an error page?

Readie

4:10 am on Mar 5, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No.

Honestly, if I'd actually read your post properly the first time, I would of saved you several hours. And I tell other people not to skim read :/


To make it so an error page shows up when there is no results: 

if(mysql_fetch_array($result)) {
// Results exist
} else {
// Results do not exist
}

tiranto

4:49 am on Mar 5, 2010 (gmt 0)

10+ Year Member



Perfect, Thanks heaps for your help worked like a dream i was trying varying if commands which would never work, much appreciated for your assistance.

tiranto

10:16 pm on Mar 17, 2010 (gmt 0)

10+ Year Member



Hi all,

With the form in use iv come accross an issue with the the form validating information.

When using and posting all is fine, same for recalling the data, but when you post with a (') somewhere in the field IE with the name Richard O'Keith it will assume the document exists and result in the fail.php loading.

The code is as below
------------------------------------------------------
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="foc"; // Database name
$tbl_name="foc_data"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$cna=$_POST['cna'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$f_name=$_POST['f_name'];
$s_name=$_POST['s_name'];


$sql = "insert into `$tbl_name` (`cna`, `phone`, `mobile`, `f_name`, `s_name`)
values ('$cna', '$phone', '$mobile', '$f_name', '$s_name')";
//$result=mysql_query($sql)or die("test");

$result=mysql_query($sql)or header("location:../error messages/fail.php");


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

//Register $cna and redirect to file "success.php"
session_register("cna");


}
else {
$focid = mysql_real_escape_string(strip_tags($_GET["focid"]));
$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE cna="' . $cna . '"';
$result = mysql_query($sql);
$output_focid = mysql_result($result,0,"focid");

?>
<html>

Data Echo'ed as HTML page.

<?php
}
?>
------------------------------------

I have utilized code lines like this below

$cna = mysql_real_escape_string(strip_tags($_POST['cna']));

from your prior assistance for the search pages. but Iv tried to load them into the index form with the same string information and it failed.

is mainly all i need to add is the "Strip_tags" so the code will ignore the commers (') from the post?

Hope you know what i mean :).

tiranto

12:35 am on Mar 18, 2010 (gmt 0)

10+ Year Member



Hi all,

With the form in use iv come across an issue with the form validating information.

When using and posting all is fine, same for recalling the data, but when you post with an apostrophise (') somewhere in the field IE with the name Richard O'Keith it will assume the document exists and result in the fail.php loading.

The code is as below
------------------------------------------------------
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="foc"; // Database name
$tbl_name="foc_data"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$cna=$_POST['cna'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$f_name=$_POST['f_name'];
$s_name=$_POST['s_name'];


$sql = "insert into `$tbl_name` (`cna`, `phone`, `mobile`, `f_name`, `s_name`)
values ('$cna', '$phone', '$mobile', '$f_name', '$s_name')";
//$result=mysql_query($sql)or die("test");

$result=mysql_query($sql)or header("location:../error messages/fail.php");


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

//Register $cna and redirect to file "success.php"
session_register("cna");


}
else {
$focid = mysql_real_escape_string(strip_tags($_GET["focid"]));
$sql = 'SELECT * FROM ' . $tbl_name . ' WHERE cna="' . $cna . '"';
$result = mysql_query($sql);
$output_focid = mysql_result($result,0,"focid");

?>
<html>

Data Echo'ed as HTML page.

<?php
}
?>
------------------------------------

I have utilized code lines like this below

$cna = mysql_real_escape_string(strip_tags($_POST['cna']));

from your prior assistance for the search pages. But I’ve tried to load them into the index form with the same string information and it failed.

is mainly all I need to add is the "Strip_tags" so the code will ignore the apostrophises (') from the post?

Hope you know what i mean :).

tiranto

1:30 am on Mar 18, 2010 (gmt 0)

10+ Year Member



Hi,

If your reading over my new post i accadenty posted twice rather then update the original.

But iv got it working using the following lines

--------------------------
$cna = mysql_real_escape_string($_POST['cna']);
$phone = mysql_real_escape_string($_POST['phone']);
$mobile = mysql_real_escape_string($_POST['mobile']);
--------------------------

Is this the best way to obtain what I need? as it shows o/'Keith
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 5:01 pm Apr 28, 2026