1

Okay so I'm making php that will pull every entry from a data base that matches the name you put in a textbox. so here is a image of the database https://i.sstatic.net/LvmrM.png < screen shot of database

So if i where to put "DigitalNuke" in the textbox and hit the submit button I want only the rows that have "DigitalNuke" as the value in the second column "referrer"

<form ACTION="" METHOD=post>
<div class="input-append">
  <input class="span2" id="youruser" type="text" name="youruser" placeholder="Your Username">
  <button class="btn btn-success" type="submit">Retrive</button>
</div>
</form>
<?php
   require_once 'connect.php';
   $name = isset($_POST['youruser']);
   $conn=  mysqli_connect ($dbhost,$dbuser,$dbpass,$dbname)or die(mysqli_error());
   $query1 = "SELECT 'id', 'referrer', 'username', 'brigade', 'faction', 'activity' FROM refmems WHERE referrer='$name";
   $result = mysqli_query($conn, $query1)
      or die('Error querying the database: ');
  echo '<table class="table table-bordered">';
  echo '<caption>Your Referred Members</caption>' . '<thead><tr><th>ID</th>' . '<th>Username</th>' . '<th>Brigade</th>' . '<th>Faction</th>' . '<th>Activity</th>' . '</tr></thead>';
      while ($row = mysqli_fetch_array($result)) {
  echo "<tr class='success'><td>" . $row['id'] . "</td><td>" . $row['username'] . "</td><td>" . $row['brigade'] . "</td><td>" . $row['faction'] . "</td><td>" . $row['activity'] ."</td></tr>";     
}
?>

So as of now it doesn't do anything when I hit the submit button. Well it kind of works, except for instead of pulling the data from the table, it just puts id, username, brigade, faction, activity in each row of the generated table. https://i.sstatic.net/XF71h.png < screen shot

Any help would be appreciated, if you need anything else let me know and i'll post it.

Improve this question
0

2 Answers 2

Reset to default
1 
 $query1 = "SELECT 'id', 'referrer', 'username', 'brigade', 'faction', 'activity' FROM refmems WHERE referrer='$name";

should be:

 $query1 = "SELECT `id`, `referrer`, `username`, `brigade`, `faction`, `activity` FROM refmems WHERE referrer='$name'";

Also learn how to use prepared statements for MySQLi. Your code is open to SQL injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ya I'm still learning, I'm learning as I go along building this. It's just on a local XAMPP server right now. I plan on making it more secure once I get the framework set up.
I will when it lets me (: it says i have to wait another 3 minutes.
0

Your syntax is broken.

"SELECT id, referrer, username, brigade, faction, activity FROM refmems WHERE referrer='$name"

There is no closing single quote after $name, and the fields don't get quoted (or use backticks but it isn't necessary).

Also, you are asking for trouble. You've got user input with no validation/sanitization.

Improve this answer

1 Comment

Ya i'm just trying to get everything out before i do validation/sanitization

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.