MySQL/PHP - Query Form
This is a discussion on MySQL/PHP - Query Form within the PHP Language forums, part of the PHP Programming Forums category; Hello, I'm quite weak at PHP, so I was hoping to get some help understanding the below code. First ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-21-2004
|
|||
|
|||
MySQL/PHP - Query Form
Hello,
I'm quite weak at PHP, so I was hoping to get some help understanding the below code. First off, I'm trying to create a "query form" that will allow me to display the results on my screen. I grabbed this code from the net hoping that I could tweak it for my needs. I'm using MySQL, PHP and IIS and they all are running fine. As the code is, it will display the form, but it won't display my result(s). Any suggestions? Cheers, <html> <head> <title>designplace.org search script</title> <meta name="author" content="Steve R, http://www.designplace.org/"> </head> <!-- © http://www.designplace.org/ --> <body> <form name="form" action="search.php" method="get"> <input type="text" name="q" /> <input type="submit" name="Submit" value="Search" /> </form> <?php // Get the search variable from URL $var = @$_GET['q'] ; $trimmed = trim($var) //trim whitespace from the stored variable // rows to return $limit=10; // check for an empty string and display a message. if ($trimmed == "") { echo "<p>Please enter a search...</p>"; exit; } // check for a search parameter if (!isset($var)) { echo "<p>We dont seem to have a search parameter!</p>"; exit; } //connect to your database ** EDIT REQUIRED HERE ** mysql_connect("localhost","username","password"); //(host, username, password) //specify database ** EDIT REQUIRED HERE ** mysql_select_db("database") or die("Unable to select database"); //select which database we're using // Build SQL Query $query = "select * from sales_report where repfirstname = \"%$trimmed%\"; // EDIT HERE and specify your table and field names for the SQL query $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // If we have no results, offer a google search as an alternative if ($numrows == 0) { echo "<h4>Results</h4>"; echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>"; echo "<p><a href=\"http://www.google.com/search?q=" . $trimmed . "\" target=\"_blank\" title=\"Look up " . $trimmed . " on Google\">Click here</a> to try the search on google</p>"; } // next determine if s has been passed to script, if not use 0 if (empty($s)) { $s=0; } // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldn't execute query"); // display what the person searched for echo "<p>You searched for: "" . $var . ""</p>"; // begin to show results set echo "Results"; $count = 1 + $s ; // now you can display the results returned while ($row= mysql_fetch_array($result)) { $title = $row["repfirstname"]; echo "$count.) $title" ; $count++ ; } $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> <!-- © http://www.designplace.org/ --> </body> </html> 
|
|
09-21-2004
|
|||
|
|||
|
Re: MySQL/PHP - Query Form
.oO(Mike Cocker)
>I'm quite weak at PHP, so I was hoping to get some help understanding the >below code. First off, I'm trying to create a "query form" that will allow >me to display the results on my screen. I grabbed this code from the net >hoping that I could tweak it for my needs. I'm using MySQL, PHP and IIS and >they all are running fine. As the code is, it will display the form, but it >won't display my result(s). Any suggestions? Any error messages? Is error_reporting set to E_ALL? > $var = @$_GET['q'] ; > $trimmed = trim($var) //trim whitespace from the stored variable Replace this with something like $trimmed = isset($_GET['q']) ? trim($_GET['q']) : ''; >// check for a search parameter >if (!isset($var)) > { > echo "<p>We dont seem to have a search parameter!</p>"; > exit; > } I think you can remove this. >// Build SQL Query >$query = "select * from sales_report where repfirstname = \"%$trimmed%\"; // Use single quotes in the query. Additionally a double-quote is missing at the end of the string: $query = "select * from sales_report where repfirstname = '%$trimmed%'"; And you shouldn't use SELECT *, but list all columns you want to retrieve explicitly instead. > $numresults=mysql_query($query); > $numrows=mysql_num_rows($numresults); No error checking? What if the query fails and returns FALSE instead of a resource-ID? >// If we have no results, offer a google search as an alternative > >if ($numrows == 0) > { > echo "<h4>Results</h4>"; > echo "<p>Sorry, your search: "" . $trimmed . "" returned zero >results</p>"; Never print out user-submitted data directly, use htmlspecialchars() before (the code above is vulnerable to cross-site scripting attacks). >// next determine if s has been passed to script, if not use 0 > if (empty($s)) { > $s=0; > } What is $s? If it's a variable passed by URL-parameters use $_GET['s'] instead. With register_globals=Off by default $s will always be empty. >// display what the person searched for >echo "<p>You searched for: "" . $var . ""</p>"; Why do you use $var here instead of $trimmed? [rest of code snipped] Micha
|
|
09-22-2004
|
|||
|
|||
|
Re: MySQL/PHP - Query Form
> Any error messages? Is error_reporting set to E_ALL?
Sorry. The message I get on my screen (in IE) is "Parse error: syntax error, unexpected T_IF in c:\Inetpub\wwwroot\form.php on line 22." As for why there are certain variables declared in the code, I'm not entirely sure. I grabbed this code from the Internet from one of the "code sharing" sites. I was just hoping that I could use it because I think if the code works correctly, it'll do exactly what I'm aiming to do. I want to be able to query my MySQL database from a PHP form and then display the results. I'm going to make some of the changes that you proposed and get back ASAP. Thanks a bunch! Mike
|
|
09-22-2004
|
|||
|
|||
|
Re: MySQL/PHP - Query Form
"Mike Cocker" <mcocker@swandust.com> wrote in
news:C8WdnWOuaKAs68zcRVn-tQ@golden.net: <snip> > As for why there are certain variables declared in the code, I'm not > entirely sure. I grabbed this code from the Internet from one of the > "code sharing" sites. I was just hoping that I could use it because I > think if the code works correctly </snip> Do yourself a favor. Pick up a book, perhaps "PHP & MySQL Web Development" by Welling & Thompson. It's worth the time and money, you will learn more than you ever could via websites. Really.
|
Linear Mode
