sulkhanz Posted September 14, 2009 Share Posted September 14, 2009 Urgent help needed. i am a newbie, and starting to have a headache with this problem, i am using form to enter firstname so that all the details of that person can be pulled. where am i doing it wrong? its showing me the headings of firstname, lastname, and age but no data in it. when data is actually available in database. databasename=testdb table name = persons1 please check both of my files below. 1) Pullform.html <html> <body> <form action="get1.php" method="post"> <strong>last:</strong> <input type="text" name="Firstname" /> <input type="submit" name="submit" value="Check employee" /> </form> </body> </html> 2) get1.php <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("testdb", $con); // by just adding ORDER By, i could fetch info in alphabetical order. $sql = ("SELECT * FROM persons1 WHERE Firstname='$Firstname'"); $result = mysql_query($sql); echo "<table border='1'> <tr> <th>Firstname</th> <th>Lastname</th> <th>Age</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['Firstname'] . "</td>"; echo "<td>" . $row['Lastname'] . "</td>"; echo "<td>" . $row['Age'] . "</td>"; echo "</tr>"; } echo "</table>"; mysql_close($con); ?> Link to comment https://forums.phpfreaks.com/topic/174180-urgent-help-needed-for-select-query-using-phpmysql/ Share on other sites More sharing options...
Mark Baker Posted September 14, 2009 Share Posted September 14, 2009 You're submitting the form using the post method, so the data passed through to get1.php is in the $_POST array. The content of your <input type="text" name="Firstname" /> isn't in $Firstname (unless you have register globals on, which isn't advised because it's insecure), it's in $_POST['Firstname']. You should also be escaping data passed through from a form before using it in a SQL query. Not only does this handle certain characters such as quotation marks in the input field, but also helps prevent SQL injection, so it's a good habit to get into. Link to comment https://forums.phpfreaks.com/topic/174180-urgent-help-needed-for-select-query-using-phpmysql/#findComment-918262 Share on other sites More sharing options...
sulkhanz Posted September 14, 2009 Author Share Posted September 14, 2009 You're submitting the form using the post method, so the data passed through to get1.php is in the $_POST array. The content of your <input type="text" name="Firstname" /> isn't in $Firstname (unless you have register globals on, which isn't advised because it's insecure), it's in $_POST['Firstname']. You should also be escaping data passed through from a form before using it in a SQL query. Not only does this handle certain characters such as quotation marks in the input field, but also helps prevent SQL injection, so it's a good habit to get into. Thanks, so, should i replace $Firstname with $_POST['Firstname'] ? in my get1.php? Link to comment https://forums.phpfreaks.com/topic/174180-urgent-help-needed-for-select-query-using-phpmysql/#findComment-918292 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.