0

Many thanks in advance for your time.

I am in the process of creating a CRM for my business. It will be pretty basic, but include some key features my industry specifically needs in a CRM and that does not seem to exist anywhere already, but I digress.

I am currently working on a Search function in the web app that searches for clients and returns the results in a dropdown menu right below the search form. When a client is selected in that list, the user is redirected to a page that displays all of the info related to that client.

My question is related to this search function. I currently have the search returning the results as an ECHO within the dropdown and it just looks horribly messy. The PHP ends up buried in the html form. There must be an easier and neater way to get the results to return as a list.

SIDE NOTE: the returned search results don't even have to be in a dropdown, I've just come to this solution over time, because it allowed me to pass the selected user on to the next PHP code on the next page fairly easily with the hidden form field for the ID.

Here is what I have going on so far. Can someone help me clean this up?

<!DOCTYPE html>
<html>
<head>
<title>Client Search Results</title>
<link rel="stylesheet" href="styles.css">
</head>

<body>

<div class="container">      
<form id="contact" action="" method="get">

<fieldset>
<h4>Search For Client</h4>
<input name="term" placeholder="Enter Name Here" type="text">
</fieldset>

<fieldset>
<button type="submit">Search</button>
</fieldset>

</form>
</div>

<div class='container'>    
<form id='contact' action='edit.php' method='post'>

<fieldset>
<h4>Search Results</h4>
<select size="5" style="width:100%" name='id' >

<?php
// Database Connection String
include("../../comm/comm.php");
$con = mysql_connect($DB_HOST,$DB_USER,$DB_PASS);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db($DB_NAME, $con);

//Retrieve The Searched Term and Display The Results
if (!empty($_GET['term'])) {
$term = mysql_real_escape_string($_GET['term']);     
$sql = "SELECT * FROM client WHERE firstname LIKE '%".$term."%'"; 
$r_query = mysql_query($sql); 
while ($row = mysql_fetch_array($r_query)) { 

echo "<option";
echo " value='";
echo "".$row['client_id'];
echo"'>";
echo "".$row['firstname'];
echo " ".$row['lastname'];
echo " - ".$row['city'];
echo " ,".$row['state'];
echo "</option>";

}}
?>

</select>
</fieldset>

<fieldset>
<button type='submit' name='submit'>View Selection</button>
</fieldset>

</form>
<div>

</body>
</html>
Improve this question

2 Answers 2

Reset to default
2 
...
$r_query = mysql_query($sql); 
while ($row = mysql_fetch_array($r_query)) { ?>

    <option value='<?= $row['client_id'];?>'>
         <?= $row['firstname'] . " " . $row['lastname']; ?> - 
         <?= $row['city'] . ", " . $row['state']; ?>
    </option>

<?php  }}  ?>

Or some variation of that. Point is, your PHP doesn't have to be a continuous block, you can close your PHP tag at any time, resume using regular HTML, and then open a new PHP tag and continue in your loop.

Also, in the above example, <?= is shorthand for <?php echo.

Also, in your example, you're using mysql_ functions, which have been deprecated in later versions of PHP5 and removed in PHP7. Best to study up on mysqli_ or PDO (which you can also use with MySQL databases).

Lastly, once you start using either of those, look into prepared statements, which will make your code function better/avoid SQL injections.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the quick response. I do plan on using mysqli with prepared statements. I am just trying to layout the groundwork for the whole thing first, and then go through to clean it all up.
1

Your option could just be written as follows:

echo '<option value="$row[client_id]">$row[firstname] $row[lastname] - $row[city], $row[state]</option>';

Also, note that mysql_ functions has been deprecated and used in the wrong way can be very dangerous, leaving your website vulnerable.

Use prepared statements using mysqli or PDO.

Improve this answer

1 Comment

I have just started looking into how to use PDO correctly, and it has not been super easy for me to figure out. I am teaching myself all of this as I go. I am planning on replacing all of this with prepared statements and mysqli as soon as I get the roughed in framework functioning to some degree.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.