Here's the updated code for my html form-php-mysql searchable contact list. Yes, the database is set up with real info, and no, that's not the actual password. <h2>People Search</h2> <form name="search" method="post" action="<?php echo $PHP_SELF;?>"> Search for: <input type="text" name="find" value="<?php echo $_POST['find'];?>"/> in <Select NAME="field"> <Option VALUE="fname"<?php echo ($_POST['field'] == 'fname')?' selected="selected"':''; ?>>First Name</option> <Option VALUE="lname"<?php echo ($_POST['field'] == 'lname')?' selected="selected"':''; ?>>Last Name</option> <Option VALUE="emali"<?php echo ($_POST['field'] == 'email')?' selected="selected"':''; ?>>Email Address</option> <Option VALUE="gradyear"<?php echo ($_POST['field'] == 'gradyear')?' selected="selected"':''; ?>>Graduation Year</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <?php mysql_connect("localhost", "root", "password") or die(mysql_error()); mysql_select_db("contact") or die('Could not connect' . mysql_error()); $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); $query = "SELECT * FROM users WHERE upper($field) LIKE '%$find%'"; echo '<p>You searched :',$query,'<br />'; $data = mysql_query($query) or die(mysql_error()); while($result = mysql_fetch_array($data)) { echo $result['fname']; echo " "; echo $result['lname']; echo " "; echo $result['phone']; echo " "; echo $result['email']; echo " "; echo $result['pclass']; echo " "; echo $result['gradyear']; echo " "; echo "<br /><br />"; } $anymatches = mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } echo "<b>Searched For:</b> " .$find; ?> Code (markup): problems: 1) $find in the query is being sent blank, even with a search term entered 2) there's a syntax error that i can't find in the LIKE statement in the query (unless that's because it's being sent as %%) 3) i feel like my variables are related all wrong, but i'm too tired to figure it out at the moment
Taking a quick look, I notice 2 things: 1) To have the form filled out after submitting, you have to put the value into the field. Here's an example. <input type="text" name="find" value="<?php echo $_POST['find'];?>"/> ... <Option VALUE="lname"<?php echo ($_POST['field'] == 'lname')?' selected="selected"':''; ?>>Last Name</option> PHP: That's obviously not the full code, but should be enough for you to do some copy-and-paste coding. 2) Your SQL query is missing a space. Compare against. $data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE '%$find%'"); PHP: I should add that you probably want to have a pro look at your code and make mods to secure the code and make it more robust.
Some progress after adding your changes: I've updated the code in the first post. I also added an echo for the query to see what was being sent, and discovered that the mysql_query was being sent as [ ... LIKE '%%' ] so, any clues on how to give $find a value? also, i'm now getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIKE '%%'' at line 1 I don't know if there's another syntax error besides the %% but it's very late and i haven't found anything thus far... hopefully you or someone else will know. Oh, also, i got rid of the if ($searching =="yes") { echo "<h2>Results</h2><p>"; if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } section because it ended the script every time, even if there was a search term entered. PS: I'm not too terribly worried about security as i will be adding a password/login once i know the script actually works, and this is for a student group and alumni, not for commercial or business purposes. the tag stripping and password should hopefully be enough, methinks.
if noone knows, i'll start searching elsewhere. sorry for the double post, but i can't seem to find the edit button anymore and i still haven't gotten much sleep
I got the script working! There's one minor detail in that it displays an error when you first go to the page (the post variables are empty, working on a solution)... taking out the mysql_error() is my temporary fix. If you're interested in the code, let me know. Thank you, TeraTask!
is it an error...or is it a warning? Warnings you can remove by appending @ to the beginning. @$_POST is an example. That will remove that.
here's the message: since it posts to itself, the script runs the first time even if nothing's been submitted. i'm sure i'll figure a solution out...
You just need to check if the variable is not empty for processing the search <?php mysql_connect("localhost", "root", "password") or die(mysql_error()); mysql_select_db("contact") or die('Could not connect' . mysql_error()); $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); $query = "SELECT * FROM users WHERE upper($field) LIKE '%$find%'"; echo '<p>You searched :',$query,'<br />'; $data = mysql_query($query) or die(mysql_error()); while($result = mysql_fetch_array($data)) { echo $result['fname']; echo " "; echo $result['lname']; echo " "; echo $result['phone']; echo " "; echo $result['email']; echo " "; echo $result['pclass']; echo " "; echo $result['gradyear']; echo " "; echo "<br /><br />"; } $anymatches = mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } echo "<b>Searched For:</b> " .$find; ?> PHP: to <?php mysql_connect("localhost", "root", "password") or die(mysql_error()); mysql_select_db("contact") or die('Could not connect' . mysql_error()); $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); if ($find != '') { $query = "SELECT * FROM users WHERE upper($field) LIKE '%$find%'"; echo '<p>You searched :',$query,'<br />'; $data = mysql_query($query) or die(mysql_error()); while($result = mysql_fetch_array($data)) { echo $result['fname']; echo " "; echo $result['lname']; echo " "; echo $result['phone']; echo " "; echo $result['email']; echo " "; echo $result['pclass']; echo " "; echo $result['gradyear']; echo " "; echo "<br /><br />"; } $anymatches = mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } echo "<b>Searched For:</b> " .$find; } ?> PHP: Do not forget my counsel about a professional programmer instead of doing things yourself. Here you are stuck on an elementary concept -- a basic conditional expression. Yet, your script has other errors which jeopardize your entire database.