Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

How can I keep the variables from a search box so I can use them later

3:55 pm on Sep 12, 2013 (gmt 0)

I have category and criteria dropdowns on a page that gets the data and populates a form. Each of the rows has an edit link that takes the user to another page where they can edit the data of the chosen member. Once the category and criteria are chosen I would like the variables to be maintained within the boxes until changed by the user. Currently they default to original after submit and the user has to go back each time and reenter the category and criteria.

<form method="POST" action="Editfiltersort.php">
<input type="hidden" name="submitted" value="true" />

<label>Search Category:

<select name="category">
<option value="FName">First Name</option>
<option value="LName">Last Name</option>
<option value="City">City</option>
<option value="State">State (Abbreviation)</option>
<option value="Chapter">Chapter Name (check DHC Website for correct spelling)</option>
<option value="ChapterNumber">Chapter Number (Check DHC Website)</option>

<label>Search Criteria: <input type="text" name="criteria" /></label>

<input type="submit" />


<td align="center">Click Edit at the end of the row to edit that member's data</td>
<table border="1">
<td>Mbr Nbr</td>
<td>First Name</td>
<td>Last Name</td>
<td>Chptr #</td>
<td>Member Notes</td>

//Connect to the database
$host="xxx"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="membership"; // Database name
$tbl_name="Member"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");
if (isset($_POST['submitted'])) {
$category = $_POST['category'];
$criteria = $_POST['criteria'];

$query = "Select * FROM Member WHERE $category = '$criteria'";
$result = mysql_query($query) or die('Could not get data');

while ($row=mysql_fetch_array($result)){

echo ("<tr><td>$row[MemberNumber]</td>");
echo ("<td>$row[FName]</td>");
echo ("<td>$row[LName]</td>");
echo ("<td>$row[Address]</td>");
echo ("<td>$row[Address2]</td>");
echo ("<td>$row[City]</td>");
echo ("<td>$row[State]</td>");
echo ("<td>$row[Zip]</td>");
echo ("<td>$row[Phone]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[Church]</td>");
echo ("<td>$row[Chapter]</td>");
echo ("<td>$row[ChapterNumber]</td>");
echo ("<td>$row[MemberNotes]</td>");
echo ("<td><a href=\"EditMember_Form.php?id=$row[MemberNumber]\">Edit</a></td></tr>");

8:00 pm on Sep 13, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

Try a session.

At the start of each script where you need to use session data, call the session_start() [uk3.php.net] function.

You can then do like:



if(isset($_POST['my_text_field'])) {
$_SESSION['some_key'] = $_POST['my_text_field'];

<form method="post" action="">
<input type="text" name="my_text_field" value="<?php echo (isset($_SESSION['some_key']))? $_SESSION['some_key'] : 'Default value' ?>">
<input type="submit" value="Submit">

To get rid of the data in a session, just call unset($_SESSION['some_key']). To get rid of the session entirely, call session_destroy().

Please bear in mind the above is an extremely simple value, don't forget to sanitize the user input with htmlentites etc before putting it into the HTML.


Also -

$criteria = $_POST['criteria'];

$query = "Select * FROM Member WHERE $category = '$criteria'";

This is very dangerous. At the very least, you should be doing this:

$criteria = mysql_real_escape_string($_POST['criteria']);

$query = "Select * FROM Member WHERE $category = '$criteria'";

If you don't, some unscrupulous individual might come along and submit, say,

';delete from Member; --

And just like that, you'd have lost a load of data.
3:31 pm on Sep 14, 2013 (gmt 0)

Thanks, Readie, for this. I have some questions, however. I should have mentioned that I am an newbie with php. Most of the code I have been using has been cobbled together from Google. I am not sure where to put the session code. I looked as if it should go after my <form> code and before the category drop down. I tried that but it would not retrieve my data and gave me this message:
PHP Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /hermes/bosoraweb124/b180/ipg.daughtershcorg/DaughtersHC/source/EditMember.php:18) in /hermes/bosoraweb124/b180/ipg.daughtershcorg/DaughtersHC/source/EditMember.php on line 20
I am sure it is not in the right place now. so here is my code now. Can you help me with where to insert your code? Thanks.
4:20 pm on Sep 14, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

session_start() should be called before any output is sent to the browser, otherwise it throws the error you see there.

So, at the absolute top of your file.
10:10 pm on Sep 15, 2013 (gmt 0)

Thanks. I have it sorting and keeping the criteria. Next I want to be able to send the criteria to the next page, but I am going to try this on my own first. If I run into problems I will post them on the forum. Thanks for your suggestions on the htmlentities and the mysql_real_escape_string. These are things that don't always come out when one is looking at someone else's code.

Featured Threads

Hot Threads This Week

Hot Threads This Month