By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,564 Members | 834 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,564 IT Pros & Developers. It's quick & easy.

MySQL/PHP - Query Form

P: n/a
Hello,

I'm quite weak at PHP, so I was hoping to get some help understanding the
below code. First off, I'm trying to create a "query form" that will allow
me to display the results on my screen. I grabbed this code from the net
hoping that I could tweak it for my needs. I'm using MySQL, PHP and IIS and
they all are running fine. As the code is, it will display the form, but it
won't display my result(s). Any suggestions?

Cheers,

<html>
<head>
<title>designplace.org search script</title>
<meta name="author" content="Steve R, http://www.designplace.org/">
</head>
<!-- http://www.designplace.org/ -->
<body>

<form name="form" action="search.php" method="get">
<input type="text" name="q" />
<input type="submit" name="Submit" value="Search" />
</form>

<?php

// Get the search variable from URL

$var = @$_GET['q'] ;
$trimmed = trim($var) //trim whitespace from the stored variable

// rows to return
$limit=10;

// check for an empty string and display a message.
if ($trimmed == "")
{
echo "<p>Please enter a search...</p>";
exit;
}

// check for a search parameter
if (!isset($var))
{
echo "<p>We dont seem to have a search parameter!</p>";
exit;
}

//connect to your database ** EDIT REQUIRED HERE **
mysql_connect("localhost","username","password"); //(host, username,
password)

//specify database ** EDIT REQUIRED HERE **
mysql_select_db("database") or die("Unable to select database"); //select
which database we're using

// Build SQL Query
$query = "select * from sales_report where repfirstname = \"%$trimmed%\"; //
EDIT HERE and specify your table and field names for the SQL query

$numresults=mysql_query($query);
$numrows=mysql_num_rows($numresults);

// If we have no results, offer a google search as an alternative

if ($numrows == 0)
{
echo "<h4>Results</h4>";
echo "<p>Sorry, your search: &quot;" . $trimmed . "&quot; returned zero
results</p>";

// google
echo "<p><a href=\"http://www.google.com/search?q="
. $trimmed . "\" target=\"_blank\" title=\"Look up
" . $trimmed . " on Google\">Click here</a> to try the
search on google</p>";
}

// next determine if s has been passed to script, if not use 0
if (empty($s)) {
$s=0;
}

// get results
$query .= " limit $s,$limit";
$result = mysql_query($query) or die("Couldn't execute query");

// display what the person searched for
echo "<p>You searched for: &quot;" . $var . "&quot;</p>";

// begin to show results set
echo "Results";
$count = 1 + $s ;

// now you can display the results returned
while ($row= mysql_fetch_array($result)) {
$title = $row["repfirstname"];

echo "$count.)&nbsp;$title" ;
$count++ ;
}

$currPage = (($s/$limit) + 1);

//break before paging
echo "<br />";

// next we need to do the links to other results
if ($s>=1) { // bypass PREV link if s is 0
$prevs=($s-$limit);
print "&nbsp;<a href=\"$PHP_SELF?s=$prevs&q=$var\">&lt;&lt;
Prev 10</a>&nbsp&nbsp;";
}

// calculate number of pages needing links
$pages=intval($numrows/$limit);

// $pages now contains int of pages needed unless there is a remainder from
division

if ($numrows%$limit) {
// has remainder so add one page
$pages++;
}

// check to see if last page
if (!((($s+$limit)/$limit)==$pages) && $pages!=1) {

// not last page so give NEXT link
$news=$s+$limit;

echo "&nbsp;<a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 &gt;&gt;</a>";
}

$a = $s + ($limit) ;
if ($a > $numrows) { $a = $numrows ; }
$b = $s + 1 ;
echo "<p>Showing results $b to $a of $numrows</p>";

?>

<!-- http://www.designplace.org/ -->

</body>
</html>

Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
.oO(Mike Cocker)
I'm quite weak at PHP, so I was hoping to get some help understanding the
below code. First off, I'm trying to create a "query form" that will allow
me to display the results on my screen. I grabbed this code from the net
hoping that I could tweak it for my needs. I'm using MySQL, PHP and IIS and
they all are running fine. As the code is, it will display the form, but it
won't display my result(s). Any suggestions?
Any error messages? Is error_reporting set to E_ALL?
$var = @$_GET['q'] ;
$trimmed = trim($var) //trim whitespace from the stored variable
Replace this with something like

$trimmed = isset($_GET['q']) ? trim($_GET['q']) : '';
// check for a search parameter
if (!isset($var))
{
echo "<p>We dont seem to have a search parameter!</p>";
exit;
}
I think you can remove this.
// Build SQL Query
$query = "select * from sales_report where repfirstname = \"%$trimmed%\"; //
Use single quotes in the query. Additionally a double-quote is missing
at the end of the string:

$query = "select * from sales_report where repfirstname = '%$trimmed%'";

And you shouldn't use SELECT *, but list all columns you want to
retrieve explicitly instead.
$numresults=mysql_query($query);
$numrows=mysql_num_rows($numresults);
No error checking? What if the query fails and returns FALSE instead of
a resource-ID?
// If we have no results, offer a google search as an alternative

if ($numrows == 0)
{
echo "<h4>Results</h4>";
echo "<p>Sorry, your search: &quot;" . $trimmed . "&quot; returned zero
results</p>";
Never print out user-submitted data directly, use htmlspecialchars()
before (the code above is vulnerable to cross-site scripting attacks).
// next determine if s has been passed to script, if not use 0
if (empty($s)) {
$s=0;
}
What is $s?

If it's a variable passed by URL-parameters use $_GET['s'] instead. With
register_globals=Off by default $s will always be empty.
// display what the person searched for
echo "<p>You searched for: &quot;" . $var . "&quot;</p>";


Why do you use $var here instead of $trimmed?

[rest of code snipped]

Micha
Jul 17 '05 #2

P: n/a
> Any error messages? Is error_reporting set to E_ALL?

Sorry. The message I get on my screen (in IE) is "Parse error: syntax error,
unexpected T_IF in c:\Inetpub\wwwroot\form.php on line 22."
As for why there are certain variables declared in the code, I'm not
entirely sure. I grabbed this code from the Internet from one of the "code
sharing" sites. I was just hoping that I could use it because I think if the
code works correctly, it'll do exactly what I'm aiming to do. I want to be
able to query my MySQL database from a PHP form and then display the
results. I'm going to make some of the changes that you proposed and get
back ASAP. Thanks a bunch!

Mike
Jul 17 '05 #3

P: n/a
"Mike Cocker" <mc*****@swandust.com> wrote in
news:C8********************@golden.net:

<snip>
As for why there are certain variables declared in the code, I'm not
entirely sure. I grabbed this code from the Internet from one of the
"code sharing" sites. I was just hoping that I could use it because I
think if the code works correctly

</snip>

Do yourself a favor. Pick up a book, perhaps "PHP & MySQL Web
Development" by Welling & Thompson. It's worth the time and money, you
will learn more than you ever could via websites. Really.
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.