Getting form info into a mysql select statement

hokieghal99

Hi,

I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:

<html>
<title>Search Test</title>
<head>
</head>
<body>
<form action="search-db.php" method="POST">
<p>Enter Your Search: <input type=text name=search></p>
<input type="submit">
</form>
</body>
</html>
-----------------------------------------------------------
<html>
<body>
<?php
$db = mysql_connect(" localhost", "Anonymous" );
mysql_select_db ("computers",$d b);
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%surplus%'",$d b);
echo "<table border=1>\n";
while ($myrow = mysql_fetch_arr ay($result)) {
printf("<tr><td ><b>%s</b></td></tr>\n", $myrow[notes]);
}
echo "</table>\n";
?>
</body>
</html>

Jul 17 '05 #1

Subscribe Reply

8798

Jim Moseby

"hokieghal9 9" <ho********@hot mail.com> wrote in message
news:bn******** **@solaris.cc.v t.edu...

Hi,

I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:

<html>
<title>Search Test</title>
<head>
</head>
<body>
<form action="search-db.php" method="POST">
<p>Enter Your Search: <input type=text name=search></p>
<input type="submit">
</form>
</body>
</html>
-----------------------------------------------------------
<html>
<body>
<?php
$db = mysql_connect(" localhost", "Anonymous" );
mysql_select_db ("computers",$d b);
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%surplus%'",$d b);
echo "<table border=1>\n";
while ($myrow = mysql_fetch_arr ay($result)) {
printf("<tr><td ><b>%s</b></td></tr>\n", $myrow[notes]);
}
echo "</table>\n";
?>
</body>
</html>

Try this:

$searchstring = $_POST['search'];
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$searchstring %'",$db);

JM
New River Industries, Inc. (Right around the corner from you!)

Jul 17 '05 #2

Tom Thackrey

On 24-Oct-2003, hokieghal99 <ho********@hot mail.com> wrote:

I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:

remove the double quotes from around search.

$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST[search]%' ",$db);

Please note that this is VERY UNSAFE and leaves you open to a security
problem called an SQL Injection attack. At the very least you should code:
$search_string = addslashes($_PO ST['search']);
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$search_strin g%' ",$db);

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@wil lglen.net (it's reserved for spammers)

Jul 17 '05 #3

hokieghal99

Jim Moseby wrote:

Try this:

$searchstring = $_POST['search'];
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$searchstring %'",$db);

JM
New River Industries, Inc. (Right around the corner from you!)

Thanks, that works great! It's a small world, isn't it?

Jul 17 '05 #4

Similar topics

2585

Is my code for seeing a database wrong? Please help - getting very desperate!

by: James | last post by:

Please help - getting very desperate! Sun, 12 October 2003 05:39 I have PHPDEV 4.2.3 from Firepages.com.au as the upgrade to 4.3.0 did not work. I also had an abortive download from PHP.NET as I could not configure Apache myself. The REAL problem is that PHPmyAdmin works and sees my test database Wines.... But my PHP program does not!

PHP

5749

Perl DBI: Getting POST info into select query

by: Mavis | last post by:

Hi, I'm trying to use a simple form to select by which column I will display output from a MySQL database. I'd like to display based on ORDER BY and select Written, Average, etc. I know the data is getting to the script from the post, I just can't get it to the select statement.

Perl

1991

problem with getting info from 2 tables in PHP / MySQL

by: Neal | last post by:

I've got 2 tables. One, I manually insert data into for HTTP authentication. It has 3 fields: username, password, school. Once the user enters the corrrect u and p, the school name shows up hard coded into a form that gets submitted into another table. So, there is a 'school' field in both tables that always match. Now, I want to draw all the info from this second table to print out but am having problems. So far, I've got something like:...

PHP

2314

php form info...

by: starbuck | last post by:

Hi, have a form, with a text input "fieldname". method POST $var = $_POST $var is then used to search in mysql select * from table where jobtype like '$var%'

PHP

10254

Recordset in subform based on field in parent form

by: Lyn | last post by:

Hi, I am working on a genealogy form. The only table (so far) lists everybody in the family, one record per person. Each record has an autonum ID. The parent form (frmMainForm) displays the data in each record, which includes the ID of the father and the mother (who also have records in the table). One record per form. I have a Tab Control in the form, and in one of the tabs I have a subform (sfmSiblings) in which I wish to list...

Microsoft Access / VBA

2237

Issues with Search Form = IIF Statements

by: misschristalee | last post by:

I'm having a brain blockage day.... Scenario: Search Form with 6 text boxes Query has same six fields Each has this IIF: IIf(IsNull(!!),"",!!) with each dictating the correct text box of course. SQL dictates... If text box 1 isNull do nothing or do this OR if text

Microsoft Access / VBA

1745

Getting a DNS error, can someone help - please?

by: Teep | last post by:

Below is my code for dropdownlist that is populated from a SQL table. After a selection from the ddl, a datagrid is suppose to come up pertaining to the information selected, but I keep getting a DNS error. I developed this "simple" page but so far it is not simple! argh! <%@ Page Language="VB" Debug="true" Explicit="true" %> <%@ import Namespace="System.Data" %>

ASP.NET

1761

Getting ID from a presented table

by: Lennart Anderson | last post by:

I'm having a MySQl table wih a lot of information. I want to present some main fields in a table on one page. Each record do, of course, have a unique ID. The presnted table will have one field as a linked field. I want to be able to click this link, retreive the ID information for that record and then present detailed data for that record on the next page. How do I retreive the ID? Any hints are very much appreciated. Thanks

PHP

4285

Query By Form Using Same Sub Form and Main Form

by: tomlebold | last post by:

Having problems displaying query results from combo boxes on a sub form, which is on the same form that is used to select criteria. This has always worked form me when displaying query results on another main and sub form. The requery on the sub form and refresh comands on the main form do not work when the form is first displayed and when the selection criteria is changed. Should I be doing a refresh and then repaint of the sub form. ...

Microsoft Access / VBA

9401

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9257

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9179

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8099

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6702

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

4519

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4784

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3228

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2157

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General