Forum Moderators: coopster
<form method="POST" action="Editfiltersort.php">
<input type="hidden" name="submitted" value="true" />
<label>Search Category:
<select name="category">
<option value="FName">First Name</option>
<option value="LName">Last Name</option>
<option value="City">City</option>
<option value="State">State (Abbreviation)</option>
<option value="Chapter">Chapter Name (check DHC Website for correct spelling)</option>
<option value="ChapterNumber">Chapter Number (Check DHC Website)</option>
</select>
</label>
<label>Search Criteria: <input type="text" name="criteria" /></label>
<input type="submit" />
</form>
<table>
<tr>
<td align="center">Click Edit at the end of the row to edit that member's data</td>
</tr>
<tr>
<td>
<table border="1">
<tr>
<td>Mbr Nbr</td>
<td>First Name</td>
<td>Last Name</td>
<td>Address2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
<td>Phone</td>
<td>E-Mail</td>
<td>Church</td>
<td>Chptr #</td>
<td>Member Notes</td>
<td> </td>
<?
//Connect to the database
$host="xxx"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="membership"; // Database name
$tbl_name="Member"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");
if (isset($_POST['submitted'])) {
$category = $_POST['category'];
$criteria = $_POST['criteria'];
$query = "Select * FROM Member WHERE $category = '$criteria'";
$result = mysql_query($query) or die('Could not get data');
while ($row=mysql_fetch_array($result)){
echo ("<tr><td>$row[MemberNumber]</td>");
echo ("<td>$row[FName]</td>");
echo ("<td>$row[LName]</td>");
echo ("<td>$row[Address]</td>");
echo ("<td>$row[Address2]</td>");
echo ("<td>$row[City]</td>");
echo ("<td>$row[State]</td>");
echo ("<td>$row[Zip]</td>");
echo ("<td>$row[Phone]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[Church]</td>");
echo ("<td>$row[Chapter]</td>");
echo ("<td>$row[ChapterNumber]</td>");
echo ("<td>$row[MemberNotes]</td>");
echo ("<td><a href=\"EditMember_Form.php?id=$row[MemberNumber]\">Edit</a></td></tr>");
<?php
session_start();
if(isset($_POST['my_text_field'])) {
$_SESSION['some_key'] = $_POST['my_text_field'];
}
?>
<form method="post" action="">
<input type="text" name="my_text_field" value="<?php echo (isset($_SESSION['some_key']))? $_SESSION['some_key'] : 'Default value' ?>">
<input type="submit" value="Submit">
</form>
$criteria = $_POST['criteria'];
$query = "Select * FROM Member WHERE $category = '$criteria'";
$criteria = mysql_real_escape_string($_POST['criteria']);
$query = "Select * FROM Member WHERE $category = '$criteria'";
';delete from Member; --
