2

I have an HTML form like:

<form  action = "get-row.php"  method = "post" >                  
<input type = "text"  name = "mess_username" />
<input type = "submit" name = "submit" />
</form>

And my "get-row.php" is like : 

$button = $_POST ['submit'];
$search = $_POST ['mess_username'];

if (!$button) {
    echo "you didn't submit a keyword";
}
else {
    if (strlen($search) <= 1) {
        echo "Search term too short";
    }
    else {
        echo "You searched for <b> $search </b> <hr size='1' >";
    }
}

I am now successfully getting the value I have searched for. My next approach is to search the $search from my Database. I am trying like:

mysql_connect("server", "user", "pass");
mysql_select_db("my_db");

My Final "ok" Code after currection :

$sql = " SELECT * FROM messbd WHERE mess_username= '$search' ";
$run = mysql_query($sql);

$foundnum = mysql_num_rows($run);

if ($foundnum == 0) {
    echo "Sorry, there are no matching result for <b> $search </b>";
}
else {
    echo "$foundnum results found !<p>";

    while ($runrows = mysql_fetch_assoc($run)) {
        $mess_username = $runrows ['mess_username'];
        $mess_email = $runrows ['mess_email'];
        $android_app = $runrows ['android_app'];

        echo " $mess_username  <br> $mess_email <br> $android_app ";
    }
}

The problem is, I am getting the message that, "There are no matching results!" So what will be the correction there?

The problem is solved now & The code is updated above. Thanks.

Improve this question
4
  • Proobably nothing but is messbd the name of your database? I would think you maybe meant messdb? Commented Nov 22, 2015 at 21:47
  • @JeremyHarris Yes! messbd is the name of my database. Thanks. Commented Nov 22, 2015 at 21:49
  • Try to check for errors with mysql_error or simply check what contains in $foundnum vriable. If all ok with your query - I guess you have to add your DB structure to question. Also use mysql_real_escape_string on your query $sql and I think manual article php.net/manual/en/set.mysqlinfo.php could be useful for you. Commented Nov 22, 2015 at 21:55
  • is $search result a string? seems like it "keyword". Commented Nov 22, 2015 at 21:56

3 Answers 3

Reset to default
3

You missed to quote your search term

$sql = 'SELECT * FROM messbd WHERE mess_username="' . mysql_real_escape_string($search) . '"';

But the mysql extension is deprecated and should be replaced by either PDO or mysqli. Here is an example with PDO and prepared statement:

$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
$dbh = new PDO('mysql:host=server;dbname=my_db', 'user', 'pass', $options);

$sql = 'SELECT * FROM messbd WHERE mess_username=?';
$sth = $pdo->prepare($sql);
$sth->execute(array($search));
// there is no sure working rowCount, so fetch all and count
$rows = $sth->fetchAll(PDO::FETCH_ASSOC)
if (!$rows) {
    echo "Sorry, there are no matching result for <b> $search </b>";
} else {
    echo count($rows) . " results found !<p>";
    foreach ($rows as $row) {
        $mess_username = $row['mess_username'];
        $mess_email    = $row['mess_email'];
        $android_app   = $row['android_app'];
        echo "$mess_username<br>$mess_email<br>$android_app";
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Good use on the PDO ;-)
1

Since your $search results will be a string, then you need to quote that variable in your query. I'm pretty sure that you're looking for a string in your database, seeing echo "you didn't submit a keyword"; and mess_username being a user's "name". 

WHERE mess_username='$search' ";

assuming an exact match. If you're looking for something that resembles your search, say you're looking for "foot" and want to find "football", then use LIKE.

Also add or die(mysql_error()) to mysql_query() just in case there may be errors, and it seems that there would be, when not quoting a string in a query's variable.

Footnotes:

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

Plus, it's best to use a conditional empty() against your input.

I.e.:

if(!empty($_POST[ 'mess_username' ])){
...
}

should someone just click without entering anything, which could throw you an error.

Improve this answer

2 Comments

Just got my answer! Thanks very much everyone and @Fred ! WHERE mess_username='$search' ";
Make sure to use % around your search param. SELECT 'David!' LIKE '%D%v%';
0

With this query mysql will search for $search input insted for the relarive value of the var. Try to use single quotes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.