Hi, I am following a tutorial and am trying to pull data from a MySQL database. So far I have: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Search Form</title> </head> <body> <form action="search.php?search=yes" method=POST> Search : <input type=text name='term'> <br /> <input type=submit value="Search Database!"> <?php $term=$_POST['term']; $search=$_GET['search']; if($search==yes) { mysql_connect('localhost','root','') or die(mysql_error('Could not Conenct To database')); mysql_select_db('search'); $sql = mysql_query("SELECT * FROM searchable WHERE FName like '%$term%'"); } while ($row = mysql_fetch_array($sql)){ echo 'ID: '.$row['ID']; echo '<br/> First Name: '.$row['FName']; echo '<br/> Last Name: '.$row['LName']; echo '<br/> Phone: '.$row['Phone']; echo '<br/><br/>'; } } ?> </body> </html> PHP: What is wrong with it? When I execute it comes up with: Really anoying. I think database username and pass etc are all correct. Any syntax errors? Thanks
Thanks for the response but that was the original code. I change it to '=' and didn't change it back. Nethertheless it stil is returning the same error code.
I am new learner about PHP, therefore not sure it will solve your problem or not. I think the function mysql_fetch_array($sql) should be mysql_fetch_array($sql, MYSQL_BOTH) and another problem is that when I calculate { and } an extra } is dancing in your code.
replace $sql = mysql_query("SELECT * FROM searchable WHERE FName like '%$term%'"); with $sql = mysql_query("SELECT * FROM searchable WHERE FName like '%$term%'"); echo mysql_error();exit; and tell us what it says
Here's a problem.. while ($row = mysql_fetch_array($sql)){ What if the query fails to execute or does not find any success in the query? Then $sql has a value of FALSE. Use the following for a better idea, like Kyosys has said: $sql = mysql_query("SELECT * FROM searchable WHERE FName like '%$term%'") or die("MySQL Search Error: " . mysql_error()); Better yet, you can create your own function to call instead of mysql_error() when you are done debugging and give the user a more understandable and friendly message..
WEYYYYYYYYY it worked I used WildDisease's suggestions and put the extra code after $sql variable. Thanks To Kyosys comment, I don't need to protect against SQL injections as im only learning/experimenting and am not putting this on the internet Final code to anyone with the same problem: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>Search Form</title> </head> <body> <form action="search.php?search=yes" method=POST> Search : <input type=text name='term'> <br /> <input type=submit value="Search Database!"> </form> <?php $term=$_POST['term']; $search=$_GET['search']; if($search==yes) { mysql_connect('localhost','root','') or die(mysql_error('Could not Conenct To database')); mysql_select_db('seach'); $sql = mysql_query("SELECT * FROM searchable WHERE FName like '%$term%'") or die("MySQL Search Error: " . mysql_error()); while ($row = mysql_fetch_array($sql)){ echo 'ID: '.$row['ID']; echo '<br/> First Name: '.$row['FName']; echo '<br/> Last Name: '.$row['LName']; echo '<br/> Phone: '.$row['Phone']; echo '<br/><br/>'; } } ?> </body> </html> PHP:
That's retarded. If you don't protect yourself against SQL injections now, and make it a habit, your real applications are going to suck. No matter what that document is for, you should always protect yourself, and if it's only for the sake of remembering it next time
Make sure you do $term = mysql_real_escape_string($_POST['term']); or something to prevent SQL injection.
Oh no, he can't do that. Since the script is only used by himself, he has to leave SQL injections in place! You know, for practice!