Can't get form to display mysql results

StackOverflow https://stackoverflow.com/questions/16992819

  •  31-05-2022
  •  | 
  •  

Question

I'm fairly new to MySQL and PHP and have been reading books and watching tutorials and trying examples but I'm stuck on getting this search query to work. I have a simple search form:

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 5</title>
</head>

<body>
<h2>Search</h2>
 <form name="search" method="post" action="process_search.php">
Seach for: <input type="text" name="find" />
 <input type="submit" name="submit" value="search"/>
 </form>
</body>

</html>

and here is the part of the php form that processes the search request that I'm having issues with

$db_path ="localhost"; //---Host name or path to database
$db_username ="root"; //-----------------------------MySQL database username
$db_password = "password"; //----------------------------MySQL database password
$db_name = "database"; //--------------------------------MySQL database name
$tbl_name = "stuff"; //---------------------------------MySQL database table

// Connect to server and select databse
 mysql_connect("$db_path", "$db_username", "$db_password")or die("cannot connect"); 
 mysql_select_db("$db_name")or die("cannot select DB");

//filtering input for xss and sql injection
$input = @$_GET['find'];
$input = strip_tags( $input );
$input = mysql_real_escape_string( $input );
$input = trim( $input );





$sql = mysql_query("select * from $tbl_name WHERE first_name = '". $input . "'");

while ($rows = mysql_fetch_array($sql)){

I'm following the example given but the query doesn't return any results, it will display the table headers as it should but nothing in the tables, I added mysql_error(); to my code and it reports no errors. What am I doing wrong?

Was it helpful?

Solution

You wanna change your query to...

$sql = mysql_query("select * from $tbl_name WHERE first_name LIKE '%". $input . "%'");

But you really shouldn't be using mysql_*, its deprecated, you should use PDO to connect to the database

EDIT...

Your form has a method of "post" so you should have this instead...

$input = $_POST['find'];

I believe that will solve your problem! :)

EDIT 2...

Ok you need to find out why your form isnt posting the variable... So just have this on the page...

 <form name="search" method="post" action="process_search.php">
  Seach for: <input type="text" name="find" />
  <input type="submit" name="submit" value="search"/>
 </form>

and on your php page have nothing but...

<?php var_dump($_REQUEST);?>

Tell me what you get.... I would chat with you but you don't have enough rep points to chat, so hence multiple edits.

OTHER TIPS

Use this - I believe this works. If you still have no results, you may have another problem.

$db_path ="localhost"; //---Host name or path to database
$db_username ="root";  //-----------------------------MySQL database username
$db_password = "password"; //----------------------------MySQL database password
$db_name = "database"; //--------------------------------MySQL database name

// Connect to server and select databse
 mysql_connect("$db_path", "$db_username", "$db_password") or die("cannot connect"); 
 mysql_select_db("$db_name")or die("cannot select DB");

//filtering input for xss and sql injection
$input = mysql_real_escape_string(strip_tags(trim($_REQUEST['find'])));

$sql = mysql_query("SELECT * FROM stuff WHERE first_name='$input'");

while ($rows = mysql_fetch_array($sql)){
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top