rotc_rachel Posted November 26, 2009 Share Posted November 26, 2009 Hello everyone, New to PHP and ran into another beginner issue. I've tried google for answers, but no luck with my specific problem. The goal I am going for is I have an database of Publications. The user is allowed to search by 'Author' which is a column name with in the database. So, on an html page I have a short form script that asks the user which Author to search for. The action= field executes to the php file where I use $_POST to store the user entered author into a variable called &author. From here I would like to SELECT * FROM publications WHERE author(column name) = &author. I then want to display the table, so I call a while loop and echo out the table. When I attempt to carry out the entire code, nothing shows. I am wondering if it is my SELECT statement that is incorrect or if my while look is not set up correctly. Below is the PHP code, I would greatly appreciate any help! <?php echo 'PHP Working'; // Connects to your Database mysql_connect("localhost", "root", "***") or die(mysql_error()); mysql_select_db("publications_db") or die(mysql_error()); $author = $_POST['author']; $data = mysql_query("SELECT * FROM publications WHERE author = '&author'") or die(mysql_error()); echo "<table border cellpadding=3>"; while($info = mysql_fetch_array( $data )) { echo "<tr>"; echo "<th>ID:</th> <td>".$info['pub_id'] . "</td> "; echo "<th>Title:</th> <td>".$info['title'] . " </td>"; echo "<th>Author:</th> <td>".$info['author'] . " </td>"; echo "<th>Year:</th> <td>".$info['yr'] . " </td>"; echo "<th>Journal:</th> <td>".$info['journal'] . " </td>"; echo "<th>Pages:</th> <td>".$info['num_pages'] . " </td></tr>"; } echo "</table>"; ?> Link to comment https://forums.phpfreaks.com/topic/183032-displaying-data-from-table-select-statementwhile-loop/ Share on other sites More sharing options...
seksislav Posted November 26, 2009 Share Posted November 26, 2009 first dont forget to $author = addslashes($_POST['author']) variables, cuz some bad people can do bad stuff. For your query try $data = mysql_query("SELECT * FROM publications WHERE LIKE '%".$author.'%") or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/183032-displaying-data-from-table-select-statementwhile-loop/#findComment-965988 Share on other sites More sharing options...
rotc_rachel Posted November 26, 2009 Author Share Posted November 26, 2009 Would you mind explaining the security risk you described? I'm interested in learning! Also, I switched out my SELECT statement, but it gives me an error on line 73 which is; echo "<th>ID:</th> <td>".$info['pub_id'] . "</td> "; Link to comment https://forums.phpfreaks.com/topic/183032-displaying-data-from-table-select-statementwhile-loop/#findComment-966021 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.