List records in mysql using php

StackOverflow https://stackoverflow.com/questions/2086302

  •  21-09-2019
  •  | 
  •  

문제

This is the last thing I'm gonna do, after I can make this work, I can produce to designing which might be a lot easier. Thanks for all your help. I want to list a record from mysql using php by typing a query in the text box. Then the program will list all the records that has that element, for example address. Here is my code:

      <?php
         $con = mysql_connect("localhost","root","");
         if (!$con)
         {
            die('Could not connect: ' . mysql_error());
         }

         mysql_select_db("koro", $con);

         \\what will I put in the WHERE ADDRESS="?
         $result = mysql_query("SELECT * FROM students WHERE ADDRESS=");

         echo "<table border='1'>
               <tr><th>Firstname</th>
               <th>Lastname</th></tr>";

         while($row = mysql_fetch_array($result))
         {
            echo "<tr>";
            echo "<td>" . $row['IDNUMBER'] . "</td>";
            echo "<td>" . $row['LNAME'] . "</td>";
            echo "<td>" . $row['FNAME'] . "</td>";
            echo "<td>" . $row['MNAME'] . "</td>";
            echo "<td>" . $row['GRADEYR'] . "</td>";
            echo "<td>" . $row['ADDRESS'] . "</td>";
            echo "</tr>";
         }
         echo "</table>";

         mysql_close($con);
      ?>

The listform.html:

         <html>
         <head>
         <form action="list.php" method="post">
         address:<input type="text" name="grup" value="" /><br/>
         <input type="submit" name="List" value="" /><br/>
         </form>
         </head>
         </html>

\what will I put in the WHERE ADDRESS="?thanks

도움이 되었습니까?

해결책

You will find the value in the $_POST[] array.

$result = mysql_query("SELECT * FROM students WHERE ADDRESS = '{$_POST["grup"]}'");

This approach can be dangerous though - you'll want to also sanitize your $_POST[] data against SQL injection attacks - of which there are plenty of tutorials available.

다른 팁

$_POST['grup'] will contain the value in the field when posted.

Then do something like:

$result = mysql_query(sprintf("SELECT * FROM students WHERE ADDRESS='%s'", mysql_real_escape_string($_POST['grup'], $con)));

If you dont escape the POST value with sprintf and mysql_real_escape_string you can be targeted by SQL injection attacks.

http://en.wikipedia.org/wiki/SQL_injection

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top