Welcome to WebmasterWorld Guest from 54.225.22.139

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

select from php dropdown list and print

To get selection from dropdown list to print

     
10:14 pm on Aug 10, 2012 (gmt 0)

New User

joined:Aug 10, 2012
posts: 1
votes: 0


Hello
I am trying to get 4 dropdown lists to query mysql and then print the results in an html table.

There must be an error somewhere in the lines:
$query = mysql_query ("SELECT * FROM accomodation WHERE
Area='" . $_POST["Area"] . "'
AND Location='" . $_POST["Location"] . "'
AND Sleeps='" . $_POST["Sleeps"] . "'
AND Price='" . $_POST["Price"] . "'");
echo $sql;


while ($row = @mysql_fetch_array($query))

as it will not print out the query.

If I make it just
SELECT * FROM accomodation
Then I get the whole database to print.

Files are below:
search3b.php
<html>
<head>
<title>Search.</title>
</head>
<body>
<form method="post" action="results3b.php" target="_blank">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bordercolor="#000000">
<p align="center">
<table><tr>
<td style="font-family: arial, verdana; font-size: 8pt;">Area</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Location</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Sleeps</td>
<td style="font-family: arial, verdana; font-size: 8pt;">Price range</td>
<td>&nbsp;</td></tr><tr>
<td><select name="Area">
<option value="0" selected >View All</option>
<option value="1" >South</option>
<option value="2" >Central</option>
<option value="3" >North</option>
</select></td>
<td><select name="Location">
<option value="0" selected >Any</option>
<option value="1" >Gooseberry Flat</option>
<option value="2" >Claris</option>
</select></td>
<td><select name="Sleeps">
<option value="0">Any</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
</select></td>

<td><select name="Price">
<option value="0">Any</option>
<option value="1">100</option>
<option value="2">200</option>
</select></td></tr></table>
Search database: <input name=look type=submit value=Submit></p>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>

AND results3b.php
<html>
<head>
<title>Results</title>
</head>
<body>

<div align="center">
<table border="1" cellpadding="5" cellspacing="0" bordercolor="#000000">
<tr>

<td width="100"><b>Area</b></td>
<td width="70"><b>Location</b></td>
<td width="10"><b>Sleeps</b></td>
<td width="50"><b>Price from</b></td>

</tr>
<tr>
<td>

<?php $hostname = "host"; // Our DB server.
$username = "island"; // The username you created for this database.
$password = "islandxyz"; // The password you created for the username.
$usertable = "accomodation"; // The name of the table you made.
$dbName = "Island"; // This is the name of the database you made.

MYSQL_CONNECT($hostname, $username, $password) OR DIE("DB connection unavailable");
@mysql_select_db( "$dbName") or die( "Unable to select database");
?>
<?php
//error message (not found message)begins
$XX = "No Record Found, to search again please close this window";
//query details table begins


$query = mysql_query ("SELECT * FROM accomodation WHERE
Area='" . $_POST["Area"] . "'
AND Location='" . $_POST["Location"] . "'
AND Sleeps='" . $_POST["Sleeps"] . "'
AND Price='" . $_POST["Price"] . "'");
echo $sql;


while ($row = @mysql_fetch_array($query))
{
echo "<p>",

$variable1=$row["Area"];
$variable2=$row["Location"];
$variable3=$row["Sleeps"];
$variable4=$row["Price"];

//table layout for results

print ("<tr>");

print ("<td>$variable1</td>");
print ("<td>$variable2</td>");
print ("<td>$variable3</td>");
print ("<td>$variable4</td>");

print ("</tr>");
}

//below this is the function for no record!
if (!$variable1)
{
print ("$XX");
}
//end
?>
</table>
</center>
</div>
</body>
</html>

Any help would be appreciated, thanks
10:32 pm on Aug 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


I hope you do plan to do input sanitation ... this is an open invitation for hackers.

Ref: [xkcd.com...]

Since you seem to be learning, I think it's far more productive to forget about the old (should be obsolete) mysql interface and move to the more modern mysqli interface instead and use prepared statements to have less security troubles.

Anyway, even if the a mysql database gives minimal useful error messages, hiding them with @ is not going to help you along.