0

I've got a database setup with "customer" information. I've got a PHP form to search for the strings, first name (fname), last name (lname), and phone number (phone). For some reason, I'm not even getting the helpers displayed that the functions are working? I've re-read over this code over and over and can't seem to figure out where I'm missing something.

<form name="search" method="post" action="<?=$PHP_SELF?>">
 Seach for: <input type="text" name="find" /> in 
 <Select NAME="field">
 <Option VALUE="fname">First Name</option>
 <Option VALUE="lname">Last Name</option>
 <Option VALUE="phone">Phone #</option>
 </Select>
 <input type="hidden" name="searching" value="yes" />
 <input type="submit" name="search" value="Search" />
 </form>
 <? 
 //This is only displayed if they have submitted the form 
 if ($searching =="yes") 
 { 
 echo "<h2>Results</h2><p>"; 

 //If they did not enter a search term we give them an error 
 if ($find == "") 
 { 
 echo "<p>You forgot to enter a search term"; 
 exit; 
 } 

 // We preform a bit of filtering 
 $find = strtoupper($find); 
 $find = strip_tags($find); 
 $find = trim ($find); 

 //Now we search for our search term, in the field the user specified 
 $data = mysql_query("SELECT * FROM customer WHERE upper($field) LIKE'%$find%'"); 

 //And we display the results 
 while($result = mysql_fetch_array( $data )) 
 { 
 echo $result['fname']; 
 echo " "; 
 echo $result['lname']; 
 echo "<br>"; 
 echo $result['phone']; 
 echo "<br>"; 
 echo "<br>"; 
 } 

 //This counts the number or results - and if there wasn't any it gives them a little message explaining that 
 $anymatches=mysql_num_rows($data); 
 if ($anymatches == 0) 
 { 
 echo "Sorry, but we can not find an entry to match your query<br><br>"; 
 } 

 //And we remind them what they searched for 
 echo "<b>Searched For:</b> " .$find; 
 } 
 ?>
Improve this question
3
  • Please, do yourself a favour, and stop using the mysql_* extention. It's being deprecated. Use PDO or mysqli_*, both of which support the safer way: prepared statements. Your code is wide open to injection attacks. But I have the sneaky suspicion that that's only one of many issues with this code. I could be wrong, though Commented Oct 16, 2012 at 13:30
  • Does PDO require a plugin? I'm somewhat familiar with mysqli, seems pretty solid. @ Ofir it's on the php.about.com website as a simple PHP search. Commented Oct 16, 2012 at 13:38
  • @ Elias, I tried to implement MySQLi with this same thing: pastebin.com/3drhdv8R and I'm running into more errors on line $stmt->bind_param('s', $_POST['lastname']); $stmt->execute(); $stmt->store_result(); Commented Oct 16, 2012 at 16:10

2 Answers 2

Reset to default
2

there are some errors in your script, i'll try to help you:

<? --> <?php

then your form passes parameters by method POST, so you have to check searching like this:

if ($_POST['searching'] =="yes")

and you have the same error here:

if ($_POST['find'] == "")

and here:

 $find = strtoupper($_POST['find']);

Bye!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Fonta...I'm sorry to say that it's early and I can't believe I missed the opening tag. Thanks for your help.
0

You should first create a query string like the one shown below and then use this string inside mysql_query Hope this works.

str = "SELECT * FROM customer WHERE upper(".$field.") LIKE'%".$find%."'";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.