stoni23 Posted December 12, 2009 Share Posted December 12, 2009 Hey guys, I'm a php newbie that's trying to learn php on the job, and my deadline is quickly approaching. I'm attempting to learn php through a book, which is working just fine. The only problem is it's somewhat of a slow process. Anyway, I'm trying to search using a physicians name from a database of names and return only the values that are relevant to that search. Results displayed will be all fields for that record. The table is organized as follows: Physician - Specialty - Street - City - State - Zip - Phone I've managed to have it display the entire database (which is 883 doctors long), but I'm having difficulty making it display only relevant information. I'm not getting any errors, but I can't seem to figure out what I'm doing wrong. I'm only trying to display physicians and city to see if I can make it work. Once I get the right code in I was going to expand it to include all 7 fields. Also, if somebody wants to say I'm posting too much code, then I'll shrink it down to more relevant information. I don't want to annoy anybody here lol. Also, I've double checked my database connections, they are all working properly. If anybody can assist me or point me into the right direction on how I can narrow my search results to display only relevant information I would greatly appreciate it. Thanks in advance. <?php session_start(); // Check for login // Call DB Connection include('includes/db_conn.php'); // Search Form Processor $Physician = $_POST['physician']; $sql = ""; // SQL SELECT if(isset($_POST['searchPhysician'])){ $sql = "SELECT * FROM doctors WHERE Physician LIKE '{$physician}%'"; }//end if if(isset($_GET['query']) <> ""){ $query = $_GET['query']; $sql = "SELECT Physician, Specialty, Street, City, State, Zip, Phone FROM doctors WHERE Physician = '{$query}'"; $result = mysql_query($sql); }//end if ?> <body> <h1 class="redLL">Major Topic Search</h1><br> <!-- TITLE SEARCH --> <form name="searchphysician" method="post" action="<?php $PHP_SELF; ?>"> <table width="100%" border="0" cellspacing="0" cellpadding="1"> <tr> <td width="23%" class="description"><p>Search by Name</td> <td width="63%"><input name="physician" type="text" id="physician" size="20"></td> <td width="14%"><input type="submit" name="searchPhysician" id="search" value="Search"></td> </tr> </table> </form><br /> <table border="0" class="table" width="85%" cellspacing="2" cellpadding="2"> <tr> <td class="description" width="20%"> Physician </td> <td class="description"> City </td> </tr> <?php if($sql !== ""){ $result = mysql_query($sql); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ print "<tr> <td>".$row['Physician']."</td> <td>".$row['City']."</td> </tr>"; }//end wh }else{ print "<tr><td class=\"description\">There are no results to display</td><td> </td></tr>"; }//end if }//end if ?> </table> </div> <br><br> </body> </html> Quote Link to comment Share on other sites More sharing options...
greatstar00 Posted December 12, 2009 Share Posted December 12, 2009 you dont have any security consideration should use mysql_real_escape_string and, why u have double mysql_query, if(isset($_GET['query']) <> "") evaluates to true based on your condition it looks like you search the doctors' name begins with the name they typed in what if they only remember the name in the middle? or the name at first place, and last place (only middle the middle part)? so, your query in the where condition should be where physician like 'str_replace($physician, " ", " %")' //meaning, replace all {space} with "{space}%" if u want to it to be more line google (with operator, like AND, OR) so, you should should consider this way too Quote Link to comment Share on other sites More sharing options...
.josh Posted December 12, 2009 Share Posted December 12, 2009 greatstar, giving out "better practices" is noble, but of little use to someone who is trying to make something work in the first place. OP: first thing I see wrong is you do not have $physician capitalized in your query string. php variables are case-sensitive. Quote Link to comment Share on other sites More sharing options...
stoni23 Posted December 12, 2009 Author Share Posted December 12, 2009 good noticing the non capitalization, thank you for noticing that. I've fixed that in my code, now they're Physician instead of physician. But, unfortunately that did not solve my problem. Another thing I forgot to mention, no matter what input I give the search, I get the same results (the entire database). I could search for a 900 letter long string and still yield the entire database of results. Quote Link to comment Share on other sites More sharing options...
.josh Posted December 12, 2009 Share Posted December 12, 2009 just before your while loop, echo $sql. What is being echoed? My suspicion is your 2nd condition is also evaluating true, which overwrites your $sql in your first condition. Quote Link to comment Share on other sites More sharing options...
stoni23 Posted December 12, 2009 Author Share Posted December 12, 2009 turns out that I forgot to change the physician to Physician in my search form. Thanks a ton for all your help! : ) SELECT * FROM doctors WHERE Physician LIKE 'whateverityped%' was what was echoing if i added an echo $sql; statement in the loop. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.