473,383 Members | 1,980 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php form returns all mysql data, help!

Join Bytes to post your question to a community of 473,383 software developers and data experts.

PHP form returns all MYSQL data, help!

Hi there,

My code works fine and retrieves information from my database BUT when the search form is empty and I click submit all the information from my database appears.

How can I have it so when submit is clicked nothing happens or a message appears like "Nothing entered"


Thanks a lot!

James

Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <body>
  3. James' New Site
  4. <form action="seaside.php" method="post">
  5. <input type="text" name="search"><br>
  6. <input type="submit">
  7. </form>
  8. <hr width="100%"></hr>
  9. </body>
  10. </html>
  11. <?php
  12.   $search = "%" . $_POST["search"] . "%";
  13.  
  14.   mysql_connect ("", "", "");
  15.   mysql_select_db ("");
  16.  
  17.   $query = "SELECT name,msg FROM contact WHERE name LIKE '$search'";
  18.   $result = mysql_query ($query);
  19.   if ($result) {
  20.     while ($row = mysql_fetch_array ($result)) {
  21.       echo "<br>$row[0]</br>";
  22.       echo $row[1];
  23.     }
  24.   }
  25. ?>
Aug 15 '11 #1
2 1298
dlite922
1,584 Expert 1GB
You need an if statement.

Expand|Select|Wrap|Line Numbers
  1.  
  2. if($_POST['search']) {
  3.  
  4.    do your query here. 
  5.  
  6. }
  7.  
  8.  
  9.  
this ensures when you come to the page, your don't run the query but only when the form is submitted.

WARNING: your code is hackable!

Make sure you clean $search variable for bad content before submitting it to the db. run mysql_real_escape_string() on it. (see php manual)

if I enter

Expand|Select|Wrap|Line Numbers
  1. '; DELETE FROM contact WHERE '1' = '1
into your search box, I can delete everything from the contact table.

If you don't believe me, try it.


Dan
Aug 15 '11 #2
Hi Dan,

thanks for the help!

Where abouts in my code do I include your code? Do I have to replace a part of my code with your code?

And thanks for the heads up! Is there a simple code to include to protect it?
Or can you recommend a site that will provide me with the code to protect it?

Thanks again!

James
Aug 15 '11 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

5
Oracle to Mysql (dates) Help please
by: duikboot | last post by:
Hi all, I'm trying to export a view tables from a Oracle database to a Mysql database. I create insert statements (they look alright), but it all goes wrong when I try to execute them in Mysql,...
Python
3
Select * returns no data
by: Hendry Taylor | last post by:
I have a problem where if I issue a select * from against a database it returns no data, but if I select column from it returns the data. Why would the * not be working as a wildcard?
MySQL Database
2
website problem with mySQL data base
by: jim west via SQLMonster.com | last post by:
I have website problems with mySQL data base, I have a website and was told the only way to change my password is within my SQL data base files and that it would be over my head buy the site maker,...
Microsoft SQL Server
6
ASP.NET 2.0 - mysql.data connector complilation error
by: Mikael Syska | last post by:
Hi asp.net guru's, i have developped this site in ASP.NET 2.0 in the 2005 web delopment beta1 version from microsoft, the site works fine local, but when I move it to my IIS 6.0 with ASP.NET 2.0 I...
ASP.NET
1
SOS! Root filled, want to recover MySQL data!
by: im2kul2 | last post by:
I'd be GREATLY APRECIATED if someone could bail me out of this one! I logged into my server an hour ago just to find that the root partition is 100% filled: /dev/mapper/VolGroup00-LogVol00...
MySQL Database
2
MySql.Data.MySqlClient.MySqlConnection not defined
by: Bill | last post by:
Hi, I try to connect to Mysql using the Mysql Connector 1.0.7. with asp.net 2.O. In "mysql.aspx", i put: <%@ import namespace="System.Data"%> <%@ Import Namespace = "MySql.Data.MySqlClient"...
MySQL Database
32
Populating an html form with mysql data.
by: fjm | last post by:
Hi all, thanks for helping. I'm sure what I want to do is amongst the basic in php. I know ehat I need but I really don't where to begin. What I have is a basic html form I have made consisting of...
PHP
1
MYSQL and Crystal Reports: 'System.NullreferenceException' occurred in mysql.data.dl
by: mejames | last post by:
I am using VB.NET 2003, MYSQL database and Crystal Reports. I am able to generate 1 set of reports using the following code: Imports MySql.Data.MySqlClient Imports...
.NET Framework
1
Error: "Column 'InvariantName' is constrained to be unique. Value 'MySql.Data.MySqlClient' is already present."
by: Carmine [www.thetotalsite.it] | last post by:
Hi, I am using ASP.Net 2.0 with the MySQL Connector .Net 5.1.2.2. I added these lines to the web.config to make the connector.net able to handle the SqlConnection object (and so to bind it to a...
ASP.NET
1
How to process form and insert data into db
by: Lazairus | last post by:
Using xampp, ie Mysql , the simple question is this, i have a html form spread out of 4 different pages , and i am inserting data into my database . What are the steps required to do this? ie ...
MySQL Database
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!