1

I am newbie to php.I have coded auto-complete text box using php,and i have a submit button.i have not given form action.

This is the HTML form code that i used for autocomplete textbox.this autocomplete textbox selects the value

<form  method="post" autocomplete="off">
    <p>
        <b>Theater Name</b> <label>:</label>
        <input type="text" name="theater" id="theater" />
    </p>
    <input type="submit" value="Submit" />
</form>

I have another php function that retrieves the values based on where clause.in the where statement i want to use selected value from form.

for ex: select address from theaters where theater_name ="form value"

How to use the form value in php function?can any one help me?

 <?php
$con = mysql_connect("localhost","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("theaterdb", $con);

$result = mysql_query("SELECT * FROM theter
WHERE theater_name="<!-- This could be value that we get after clicking submit button-->);

while($row = mysql_fetch_array($result))
  {
  echo $row['thearer_name'];
  echo "<br />";
  }
?>

Thanks in advance......

Improve this question
1
  • Not directly related, but given the fact that you're new to PHP, you'd do well not to use the functions that have begun the deprecation process, like mysql_*. Instead, use mysqli_ or PDO. Both of which allow you to deal with possible injection a lot better Commented Sep 17, 2012 at 8:17

4 Answers 4

Reset to default
2

You could get the value from $_POST by $_POST['theater'].

And note, you should not use this value directly in the sql, you need to escape it to prevent sql injection.

$theater = mysql_escape_string($_POST['theater']);
$result = mysql_query("SELECT * FROM theter WHERE theater_name='$theater'";

Last, you could take a look at PDO, which is suggested over the old mysql_* functions.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

First, change your submit button code to the following:

<input name="submit" type="submit" value="Submit" />

Now, this is the code you should use for the query:

<?php
if (isset($_POST['submit'])) {
    $con = mysql_connect("localhost","root");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("theaterdb", $con);

    $result = mysql_query("SELECT * FROM theater
    WHERE theater_name='" . mysql_real_escape_string($_POST['theater']) . "'");

    while($row = mysql_fetch_array($result))
    {
        echo $row['theater_name'];
        echo "<br />";
    }        
}

First, I check that the user submitted the form. Then, I escape the data he has submitted and inserting it into your query.

* NOTE: All of what I've wrote is based on the assumption that the code is executed after the form is submitted.

* ANOTHER NOTE: You should read about using PDO rather than MYSQL functions.

Improve this answer

Comments

1

First and foremost, try using mysqli instead of mysql (mysqli_query, mysqli_connect). There are numerous security / speed advantages to using it and it has pretty much the exact same functionality.

While the above answers mention using $_POST['theater'] (the name of your input), be SURE to escape your post before putting it into your query.

$con = mysqli_connect("localhost","root", "YOUR PASSWORD HERE", "YOUR DATABASE HERE");
if (!$con)
  {
  die('Could not connect: ' . mysqli_error());
  }

 // No need for this, please see the updated mysqli_connect as the 4th parameter selects your DB
 //mysqli_select_db("theaterdb", $con);

// Please notice the last parameter of the mysqli_real_escape_string is your Input's POST
$query = "SELECT * FROM theater WHERE theater_name=".mysqli_real_escape_string($con, $_POST['theater']);

$result = mysqli_query($con, $query);

while($row = mysqli_fetch_array($result))
  {
  echo $row['thearer_name'];
  echo "<br />";
  }
Improve this answer

Comments

0 
$_POST["your_variable_name"] // for POST
$_GET["your_variable_name"] // for GET

For in-depth information please go to: http://www.php.net/manual/en/language.variables.external.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.