I have created a search facility for a small asset database that is currently hosted locally on my PC using PHP5.3.8, Apache 2.2.2.1 and MySQL 5.0.8.
I have two .php pages - search_computers.php and search_computers_sql.php
The problem I have is that when I search for e.g. Dell on search_computers.php the web browser opens search_computers_sql.php and displays all of the code and comments on that page from "echo "<p>You forgot to enter" onwards. I have posted the code on both pages below and attached a screenshot of what search_computers_sql.php looks like after submitting a search parameter.
This has completely baffled me! I have other forms on this database that have posted and inserted into the MySQL database fine. I've tested the SQL on search_computers_sql.php and that definitely works (I tested it on MySQL query browser).
If I was too hazard a guess I would say something isn't quite right with if (isset($_POST['search'])) on search_computers_sql.php but I can't figure it out. Could it possibly be an Apache configuration problem as well?
Any help would be much appreciated!
search_computers.php
<h2>Search for a Computer</h2>
<p>Please enter a search parameter to find a computer<u><b></b></u></p>
<br>
<form name="search" method="post" action="./search_computers_result.php">
Seach for: <input type="text" name="find" /> under
<Select NAME="field">
<Option VALUE="pc_id">PC ID</option>
<Option VALUE="manufacturer">Manufacturer</option>
<Option VALUE="ram">RAM</option>
<Option VALUE="specification">Specification</option>
<Option VALUE="network_point">Network Point</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
search_computers_sql.php
//This is only displayed if they have submitted the form
if (isset($_POST['search']))
$find = $_POST['find'];
$field = $_POST['field'];
{
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search parameter. Please click "?><a href="./search_computers_result.php">here</a></li><? echo" to try again.";
exit;
}
// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Connect to local db
$data_db = mysqli_connect('localhost','root');
$data = "SELECT c.pc_id, c. manufacturer, c.ram, c.specification, n.network_point, s.status, l.location FROM asset_db.computers c, asset_db.location l, asset_db.network_point n, asset_db.status s WHERE l.id = c.location AND n.id = c.network_point AND s.id = c.status AND upper($field) LIKE '%$find%'";
$result = mysqli_query($data_db,$data);
if (!$result)
{ echo 'There is no data to display'; exit; }
//And we remind them what they searched for
echo "<b>You Searched For:</b> " .$find;
echo "<br>";
echo "<br>";
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches = mysqli_num_rows($result);
if ($anymatches > 0)
{
echo (' </table>
<table>
<tr>
<th style="width: 75px">PC ID</th>
<th style="width: 125px">Manufacturer</th>
<th style="width: 75px">RAM</th>
<th style="width: 175px">Specification</th>
<th style="width: 85px">Network Point</th>
<th style="width: 75px">Status</th>
<th style="width: 175px">Location</th>
</tr>');
echo "Please click "?><a href="./search.php">here</a></li><? echo" to enter a new search parameter.<br><br>";
//And we display the results
while($row=mysqli_fetch_array($result,MYSQLI_BOTH))
{
$pc_id = $row['pc_id'];
$manufacturer = $row['manufacturer'];
$ram = $row['ram'];
$specification = $row['specification'];
$network_point = $row['network_point'];
$status = $row['status'];
$location = $row['location'];
echo "<tr>";
echo "<td>$pc_id</td>";
echo "<td>$manufacturer</td>";
echo "<td>$ram</td>";
echo "<td>$specification</td>";
echo "<td>$network_point</td>";
echo "<td>$status</td>";
echo "<td>$location</td>";
echo "</tr>";
}
echo ' </table>';
}// End of $anymatches
if ($anymatches == 0)
{
echo "Sorry, but we cannot find a match for your search. Please click "?><a href="./search_computers.php">here</a></li><? echo" to try again.<br><br>";
}
}//End of if (isset($_POST['search']))
[attachment deleted by admin]