Should be quick - can someone fix this code? Variable declaration for SQL query

[Stearmandriver]

Hi folks...

 

Well it's true - Dreamweaver does write crappy PHP code.  Inelegance is one thing, but this is just plain wrong!  I think it must have irked Adobe to have to support an open-source technology... strangely, DW's support for Coldfusion is much better. 

 

Anyhow, I'm trying to get a site thrown together for a relative.  I AM interested in learning PHP (and I'd love any recommendations on a good newbie book for someone with very little prior programming experience), but first things first - I gotta get this site working.

 

So... a simple search application.  User enters a form value on one page (using GET method) and gets a simple results list of product names.  Here's the problem:  DW apparently defines the variable it uses in the SQL query wrong.  It writes this:

 

$colname_rs_SEARCH = "-1";
if (isset($_GET['LAST_NAME'])) {
  $colname_rs_SEARCH = $_GET['LAST_NAME'];
}

 

I've only found one place where Adobe addresses this.  After changing the default value to %, I followed their advice which is in this format:

The isset condition seems to be reporting that the form parameter is set when in fact no value is submitted by the form. To fix the problem, change the if statement as follows:

 

$varLastName_rsTest = "%";
if ($_REQUEST["LastName"] != "") {
$varFirstName_rsTest = $_REQUEST["LastName"];
}

 

Different variable and table names, but you get the idea.  Even after changing my code to a similar format, it still doesn't work though and returns every row... so it's obviously still using the wildcard default value.

 

I hate to just ask someone to fix this code.... but could someone fix this code??  I really do want to learn it on my own, but for now I have to finish this project for the mother-in-law.  One thing at a time. 

 

If you don't want to spoon-feed me I can appreciate that.  I'd be glad for a reference to research on my own... anything!

 

Thanks much...

 

 

 

[thephoneguy]

for your learning php part a site i have found very helpful was

<a href="http://www.phpwideotutorials.com>this is very nice </a>

[Wolphie]

First things first, avoid dreamweaver at all costs. Use Notepad++(free) or phpDesigner 2008(not free).

The best place to learn PHP is here or here.

 

Since I don't use dreamweaver, i'll show you how I would do it.

 

<?php
error_reporting(E_ALL); // Turn error reporting on.

// Put database connection code here.
/* 
if($con = mysql_connect('localhost', 'username', 'password')) // Create connection to database
  mysql_select_db('db_name') // Select database.
else { 
  die('<strong>MySQL Error: </strong>' . mysql_error()); // If it fails, display an error.
}
*/

$str = (isset($_POST['search'])) ? htmlentities(htmlspecialchars(mysql_real_escape_string($_POST['search']))) : false; // Secure POST data.

if(isset($_POST['submit'])) { // Check to see if the form has been submitted. If TRUE hide the form.
  $sql = sprintf("SELECT * FROM `db_name` . `table_name` WHERE `field_name` LIKE '%s'", '%' . $str . '%'); // MySQL query string with wildcards.
  $sql = mysql_query($sql);

  if(mysql_num_rows($sql) > 0)) { // Check to see if anything was returned from the query.
    while($row = mysql_fetch_array($sql)) { // Create a loop to loop through the database.
      print $row['table_name']; // Print the table name's in a loop.
      print '<br />';
    }
  }
  else { // No results returned from query.
    print 'Search returned no results.';
    print '<p>Please try again.</p>';
  }
}
else { // If form has not been submitted (returns FALSE), show the form.
?>
<html>
  <head>
    <title>Search</title>
  </head>
  <body>
    <form action="<?php print $_SERVER['PHP_SELF']; ?>" method="POST">
      <p>
        <label for="search">Search:</label><input type="text" name="search" id="search" />
        <input type="submit" name="submit" value="Search" />
      </p>
    </form>
  </body>
</html>
<?php
}

// mysql_close($con);
?>

 

I prefer POST data rather than GET when it comes to forms.

[thephoneguy]

people often forget the reason you go with post rather than get.

simple really

$_get == data gets put into url/ only 100 characters allowed

$_post == no data in url/ no character limit

 

 

i still dont understand why get is even there. i mean post is so much better.

[Wolphie]

If get wasn't there, you wouldn't be able to have dynamic pages. Such as articles.php?article_id=45

[thephoneguy]

lol im still new to this sorry

but still $_get has no realistic database applications that i can see.

[Wolphie]

Well, $_POST, $_GET and $_REQUEST are pretty much the same thing. $_REQUEST does both $_POST and $_GET and sometimes $_COOKIE.

 

$_GET calls data from the URI.

$_POST calls data from the server. (I think)