Jump to content

Help with my form and database


XAceX
 Share

Recommended Posts

Ok im making a form using a table from a phpMyAdmin database. It's a glossary of lab terms. What I need to do is1. Create a form that will do a search for the acronym and for the term. I have the Acronym search working but can't figure out how to do term. I need to make the search so that I can search for either term and get both results or search acronym and get both results.2. Make it so that when I search for either term or acronym is displays "You Searched for:(Acronym and Term)" and the one acronym and term you searched for. And when I click submit and didnt enter anything in the search it only Displays the whole table. No "You searched for". Heres my code so far. Can anyone help?

<html><body><?php$Link = mysql_connect('192.168.1.91','fgl','welcome');if (!$Link){    die('Could not connect: ' . mysql_error());}$Gloss = $_GET["Gloss"];if ($Gloss==1){	$Query = "SELECT Acronym,Term FROM web.Glossary Order By Acronym Asc";	}if ($Gloss==2){	$Query = "SELECT Acronym,Term FROM web.Glossary Order By Acronym Desc";	}if ($Gloss==3){	$Query = "SELECT Acronym,Term FROM web.Glossary Order By Term Asc";	}if ($Gloss==4){	$Query = "SELECT Acronym,Term FROM web.Glossary Order By Term Desc";	}$Acronym = $_GET["Acronym"];echo "<form method=\"get\" action=\"connect.php\">Search Acronym:<input type=\"text\" name=\"Acronym\"/><input type=\"Submit\"/></form>";$Query = "SELECT Acronym,Term FROM web.Glossary WHERE Acronym='$Acronym'";if ($result!=$Acronym){	echo "You Searched For: $Acronym";}else{	echo "$Gloss";    echo "<br>";}$result = mysql_query($Query);if (!$result) {    die('Could not query:' . mysql_error());}$num_rows = mysql_num_rows($result);$i=0;echo "<h2>Glossary</h2>";echo "Abbreviations and Acronyms";echo "<br>";echo "<table>";echo "<tr><th>";if ($Gloss==1){	echo "<a href=\"http://192.168.1.36/fgl/support/connect.php?Gloss=1\">Acronym</a>";}else{	echo "<a href=\"http://192.168.1.36/fgl/support/connect.php?Gloss=2\">Acronym</a>";}echo "</th>";echo "<th>";if ($Gloss==3){	echo "<a href=\"http://192.168.1.36/fgl/support/connect.php?Gloss=3\">Term</a>";}else{	echo "<a href=\"http://192.168.1.36/fgl/support/connect.php?Gloss=4\">Term</a>";}echo "</th></tr>";echo "<br>";while($i<$num_rows){	echo "<tr><td width=20%>";	echo mysql_result($result,$i,"Acronym");	echo "</td>";	echo "<td>";	echo mysql_result($result,$i,"Term");	echo "</td></tr>";	$i++;}echo "</table>";mysql_close($Link);?></body></html>

Link to comment
Share on other sites

To start with, this part has some problems:

$Query = "SELECT Acronym,Term FROM web.Glossary WHERE Acronym='$Acronym'";if ($result!=$Acronym){	echo "You Searched For: $Acronym";}else{	echo "$Gloss";	echo "<br>";}$result = mysql_query($Query);

First, just a note about security. Whenever you use a value from $_GET, $_POST, or $_COOKIE in a SQL statement, you need to escape it. If you don't, people can type SQL code into your form and have it get executed by the database, they could delete your database or log in as admin or various other things depending on the context. You can sanitize the input two ways. If the value should be a number, then you use either intval or floatval (if you need an integer or a float) to convert the value to a number. Even if they enter SQL code, using intval will convert the value to 0. The database query might fail, but it won't screw up anything. That would be like this:$id = intval($_GET['id']);$total = floatval($_POST['total']);If the value is text, then you need to use the mysql_real_escape_string function. Essentially, the function will escape quotes which will cause any extra SQL code in the text to not get executed, it will be used as a value instead. You can use that function the same way:$sql = "SELECT * FROM users WHERE username='" . mysql_real_escape_string($_POST['username']) . "'";So, you should sanitize the $Acronym variable, because it's coming from $_GET.So about the code again. After you create your SQL statement you have this if statement:if ($result!=$Acronym){But at this point $result is undefined, it doesn't exist yet. I'm not sure what you're testing for with this, but $result will be a database result resource object, and you are comparing with a string variable, so the comparison won't work. The SQL result set object will never be equal to a string variable. So you may be looking for something like this:

$Query = "SELECT Acronym,Term FROM web.Glossary WHERE Acronym='$Acronym'";if (!$result = mysql_query($Query))  die("MySQL error: " . mysql_error());if (mysql_num_rows($result) == 0)  echo "No results found";else{  $row = mysql_fetch_assoc($result);  echo "Match found: {$row['Term']} ({$row['Acronym']})";}

You can probably modify that to suit your needs.If you want to search the database for either an acronym or a term matching what they enter, you can do that too. I'm not sure specifically what your question was. But you would have a form with your search field, I'll just call it "keywords". You would search for matches like this:

$Query = "SELECT Acronym,Term FROM web.Glossary WHERE Acronym LIKE '%" . mysql_real_escape_string($_POST['keywords']) . "%' OR Term LIKE '%" . mysql_real_escape_string($_POST['keywords']) . "%'";if (!$result = mysql_query($Query))  die("MySQL error: " . mysql_error());if (mysql_num_rows($result) == 0)  echo "No results found";else{  echo mysql_num_rows($result) . " matches found:<br>";  while ($row = mysql_fetch_assoc($result))  {	echo "{$row['Term']} ({$row['Acronym']})<br>";  }}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...