Hi,
I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);
I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);
But it doesn't work. Below is the form in html and the php file:
<html>
<title>Search Test</title>
<head>
</head>
<body>
<form action="search-db.php" method="POST">
<p>Enter Your Search: <input type=text name=search></p>
<input type="submit">
</form>
</body>
</html>
-----------------------------------------------------------
<html>
<body>
<?php
$db = mysql_connect(" localhost", "Anonymous" );
mysql_select_db ("computers",$d b);
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%surplus%'",$d b);
echo "<table border=1>\n";
while ($myrow = mysql_fetch_arr ay($result)) {
printf("<tr><td ><b>%s</b></td></tr>\n", $myrow[notes]);
}
echo "</table>\n";
?>
</body>
</html> 3 8798
"hokieghal9 9" <ho********@hot mail.com> wrote in message
news:bn******** **@solaris.cc.v t.edu... Hi,
I'd like to get user input from an html form into a mysql select statement. Here's where I'm stumped:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%search-string%'",$db);
I need to get the user's input into the '%search-string%' section, but I do not understand how to do this. I can hard-code a specific search string and it will work, but I want the users to be able to dynamically define the search-string. So, I created a basic html form and used the post method to grab their input, but now I can't insert that input into the mysql select statement. Any ideas? I think it should be easy, I just don't know how to do it. I've tried this:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%$_POST["search"]%'",$db);
But it doesn't work. Below is the form in html and the php file:
<html> <title>Search Test</title> <head> </head> <body> <form action="search-db.php" method="POST"> <p>Enter Your Search: <input type=text name=search></p> <input type="submit"> </form> </body> </html> ----------------------------------------------------------- <html> <body> <?php $db = mysql_connect(" localhost", "Anonymous" ); mysql_select_db ("computers",$d b); $result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%surplus%'",$d b); echo "<table border=1>\n"; while ($myrow = mysql_fetch_arr ay($result)) { printf("<tr><td ><b>%s</b></td></tr>\n", $myrow[notes]); } echo "</table>\n"; ?> </body> </html>
Try this:
$searchstring = $_POST['search'];
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$searchstring %'",$db);
JM
New River Industries, Inc. (Right around the corner from you!)
On 24-Oct-2003, hokieghal99 <ho********@hot mail.com> wrote: I'd like to get user input from an html form into a mysql select statement. Here's where I'm stumped:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%search-string%'",$db);
I need to get the user's input into the '%search-string%' section, but I do not understand how to do this. I can hard-code a specific search string and it will work, but I want the users to be able to dynamically define the search-string. So, I created a basic html form and used the post method to grab their input, but now I can't insert that input into the mysql select statement. Any ideas? I think it should be easy, I just don't know how to do it. I've tried this:
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%$_POST["search"]%'",$db);
But it doesn't work. Below is the form in html and the php file:
remove the double quotes from around search.
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$_POST[search]%' ",$db);
Please note that this is VERY UNSAFE and leaves you open to a security
problem called an SQL Injection attack. At the very least you should code:
$search_string = addslashes($_PO ST['search']);
$result = mysql_query("SE LECT * FROM dept WHERE notes LIKE
'%$search_strin g%' ",$db);
--
Tom Thackrey www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@wil lglen.net (it's reserved for spammers)
Jim Moseby wrote: Try this:
$searchstring = $_POST['search']; $result = mysql_query("SE LECT * FROM dept WHERE notes LIKE '%$searchstring %'",$db);
JM New River Industries, Inc. (Right around the corner from you!)
Thanks, that works great! It's a small world, isn't it? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: James |
last post by:
Please help - getting very desperate! Sun, 12 October 2003 05:39
I have PHPDEV 4.2.3 from Firepages.com.au as the upgrade to 4.3.0 did
not work. I also had an abortive download from PHP.NET as I could not
configure Apache myself.
The REAL problem is that PHPmyAdmin works and sees my test database
Wines....
But my PHP program does not!
|
by: Mavis |
last post by:
Hi,
I'm trying to use a simple form to select by which column I will display
output from a MySQL database.
I'd like to display based on ORDER BY and select Written, Average, etc.
I know the data is getting to the script from the post, I just can't get it
to the select statement.
|
by: Neal |
last post by:
I've got 2 tables. One, I manually insert data into for HTTP
authentication. It has 3 fields: username, password, school. Once the
user enters the corrrect u and p, the school name shows up hard coded
into a form that gets submitted into another table. So, there is a
'school' field in both tables that always match. Now, I want to draw all
the info from this second table to print out but am having problems. So
far, I've got something like:...
|
by: starbuck |
last post by:
Hi,
have a form, with a text input "fieldname".
method POST
$var = $_POST
$var is then used to search in mysql
select * from table where jobtype like '$var%'
|
by: Lyn |
last post by:
Hi,
I am working on a genealogy form. The only table (so far) lists everybody
in the family, one record per person. Each record has an autonum ID.
The parent form (frmMainForm) displays the data in each record, which
includes the ID of the father and the mother (who also have records in the
table). One record per form.
I have a Tab Control in the form, and in one of the tabs I have a subform
(sfmSiblings) in which I wish to list...
| |
by: misschristalee |
last post by:
I'm having a brain blockage day....
Scenario:
Search Form with 6 text boxes
Query has same six fields
Each has this IIF: IIf(IsNull(!!),"",!!)
with each dictating the correct text box of course.
SQL dictates... If text box 1 isNull do nothing or do this OR if text
|
by: Teep |
last post by:
Below is my code for dropdownlist that is populated from a SQL table.
After a selection from the ddl, a datagrid is suppose to come up
pertaining to the information selected, but I keep getting a DNS
error. I developed this "simple" page but so far it is not simple!
argh!
<%@ Page Language="VB" Debug="true" Explicit="true" %>
<%@ import Namespace="System.Data" %>
|
by: Lennart Anderson |
last post by:
I'm having a MySQl table wih a lot of information. I want to present some
main fields in a table on one page. Each record do, of course, have a unique
ID. The presnted table will have one field as a linked field. I want to be
able to click this link, retreive the ID information for that record and
then present detailed data for that record on the next page.
How do I retreive the ID?
Any hints are very much appreciated.
Thanks
|
by: tomlebold |
last post by:
Having problems displaying query results from combo boxes on a sub
form, which is on the same form that is used to select criteria.
This has always worked form me when displaying query results on
another main and sub form.
The requery on the sub form and refresh comands on the main form do
not work when the form is first displayed and when the selection
criteria is changed.
Should I be doing a refresh and then repaint of the sub form.
...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |