could anyone check this code

[mtvaran]

basically this is a search function

 

 

<form  method="post" action="test1.php">

<input type = "hidden" name="submitted" value ="true" />

  <label>TYPE:

  <select name="field">

    <option value = "sid">StudentID</option>

    <option value = "sname">StudentName</option>

  </select>

  </label>

  <label>WORD:

  <input type="text" name="searchword" />

  </label>

<input type="submit"  />

</form>

 

 

-------------

<?php
if (isset($_POST['submitted'])){

$con = mysql_connect("localhost","root","");

  mysql_select_db("uni", $con);
  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$query = "SELECT* FROM student WHERE $field = '$searchword'";
$result = mysqli_query($con,$query) or die ('error data'); //-----------> error line

echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysqli_fetch_array($result)){

echo "<tr><td>";
echo "$row ['sid']";
echo "</td><td>";
echo "$row ['sname']";
echo "</td></tr>";
}

echo"</table>";

}

mysql_close($con);

?>

 

 

NB: the error message "Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\wamp\www\test1.php on line 21

error data"

 

 

[KevinM1]

1. You can't mix and match MySQLi and MySQL.  Use one or the other.

2. Why use a hidden input when you can simply check $_POST if the submit input exists in the array?

3. Validate and escape incoming data.

4. Don't use die as an error handler.  At the very least, use trigger_error instead.

5. The error message itself is useless for the end user.

[mtvaran]

could you edit & post my code pls if you wud nt mind? thanx

[mtvaran]

could anyone check this code for me plsss? (i have to  search the data from database)

 

<form  method="post" action="search.php"  name="submitted" value ="true"  />
  <label>TYPE:
  <select name="field">
    <option value = "sid">StudentID</option>
    <option value = "sname">StudentName</option>
  </select>
  </label>
  <label>WORD:
  <input type="text" name="searchword" />
  </label>

  <input type="submit"  />

</form>

<?php
if (isset($_POST['submitted'])){

$con = mysql_connect("localhost","root","");

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error()); 

  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error()); 

// = mysql_query($query);
//$num_rows = mysql_num_rows($result);

//echo"num_rows results found.";
echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysql_fetch_array($result)){

echo "<tr><td>";
echo "$row ['field']";
echo "</td><td>";
echo "$row ['searchword']";
echo "</td></tr>";
}

echo"</table>";

}

mysql_close($con);

?>

[FifeBirder]

Hi There

 

I think the line

 

$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());

 

should read

 

$result = mysql_query("SELECT* FROM student WHERE $field = '" . $searchword . "'") or trigger_error('MySQL error: ' . mysql_error());

 

Notice the change - '" . $searchword . "'", you need to break out of the string and add a string if that makes sense, what you have is you are telling it to pull from database where field = "$searchword" and not field =$searchword

 

Hope that makes sense as i am a noob myself, i would get this confirmed but im almost certain thats where your problem lies.

 

Hope it helps

 

Regards

 

[mtvaran]

thanks dear for ur help. however now there is no error message & even nothing pull from database. it seems blank page :-\

[PFMaBiSmAd]

FifeBirder, those are just two different ways of forming strings in php, except that the second way (concatenation, using a lot of extra opening/closing quotes and dots) usually results in more syntax errors.

 

 

[PFMaBiSmAd]

You would need to give your form's submit field a - name='submitted' attribute if you want it to do the same thing as the hidden form field that you removed was doing.

[FifeBirder]

Sorry,

 

I did say i was a noob at PHP, i Just didnt think that would work , i thought it woul look at it as being text instead of a string the way he had it.

 

regards

[mtvaran]

could anyone please modify my code and post it back for me? im really fed up with this function. im almost "zero" in PHP

[jcbones]

Sorry,

 

I did say i was a noob at PHP, i Just didnt think that would work , i thought it woul look at it as being text instead of a string the way he had it.

 

regards

 

Just to help you out a little bit.  Strings in single quotes are parsed as literal text.  Strings in double quotes are checked for variables.

[FifeBirder]

I appreciate that JCBones, i didnt know that.

 

so basically if i use ' instead of " then i can have text or variables in it, variables are automatically coverted to text ?

 

Thanks

[jcbones]

<form  method="post" action="test1.php">
  <label>TYPE:
  <select name="field">
    <option value = "sid">StudentID</option>
    <option value = "sname">StudentName</option>
  </select>
  </label>
  <label>WORD:
  <input type="text" name="searchword" />
  </label>
<input type="submit" name="submit" value="Submit" />
</form>

 

test1.php

<?php
if (isset($_POST['submit'])){

$con = mysqli_connect("localhost","root","",'uni');  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$query = "SELECT * FROM student WHERE $field = '$searchword'";
$result = mysqli_query($con,$query) or die ('error data'); //-----------> error line
if(mysqli_num_rows($result) > 0) {
echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysqli_fetch_array($result,MYSQLI_ASSOC)){

	echo "<tr><td>";
	echo $row['sid'];
	echo "</td><td>";
	echo $row['sname'];
	echo "</td></tr>";
}

echo"</table>";

}
}
mysql_close($con);

?>

[jcbones]

I appreciate that JCBones, i didnt know that.

 

so basically if i use ' instead of " then i can have text or variables in it, variables are automatically coverted to text ?

 

Thanks

 

$variable = 'DOUBLE QUOTED STRING';
$str[] = 'This $variable will not be parsed, and will print out to the page.';
$str[] = "This $variable will be parsed, and will print out the contents of the variable to the page.";
$str[] = "This {$variable} is the same as above.";

echo implode('<br/>',$str);

 

Test it out.

[mtvaran]

no data displayed. only shows "error data" as i mentioned below...

 

$result = mysqli_query($con,$query) or die ('error data'); //-----------> error line

 

 

 

[jcbones]

So replace that line:

$result = mysqli_query($con,$query) or trigger_error($query . '<br/>MySQL error: ' . mysql_error()); //-----------> error line

[mtvaran]

no dear, still some error. i dnt knw y

 

could you please help me to sort it out?

 

NB: as you know the thing is i have table (two field StudentID & StudentName) in my data base i need to search by keywords and display the data on the web page

[PFMaBiSmAd]

If you are using mysqli, you must use mysqli_error($con) to find out why the query is failing.

[mtvaran]

<body>

<form  method="post" action="new.php"  name="submitted"   /> 
  <label>TYPE: 
  <select name="field"> 
    <option value ="sid">StudentID</option> 
    <option value ="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name ="submitted" /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 
$searchword = htmlentities(addslashes($_POST['searchword']));

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

$field= $_POST['field'];
$searchword = $_POST['searchword'];


$result = mysql_query("SELECT* FROM student WHERE $field ='$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

//$result = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 


} 

mysql_close($con); 

?>
</body>
</html>

 

Hi guys, i jst made some correction but still some error on it. could you pls check this code for me.

 

NB: my error msg.....

Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 37

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 45

[darkfreaks]

try escaping your variables in the SQL

 

$result = mysql_query("SELECT* FROM student WHERE {$field} ='{$searchword}'") or trigger_error('MySQL error: ' . mysql_error());  

[mtvaran]

still error mate......

 

 

Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 39


Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 47

 

[Anti-Moronic]

Then I'd search for "unknown column" errors in google and see what you find. It's likely you find almost every case where this error could be triggered.

 

My first thought would be to:

 

1. enter the column name as literal, no variable to see if it works

2. check the database, look for student table, and 'sid' column

3. check if 'sid' is a reserved word (which will trigger such an error in sql)

4. enter the entire query as just text

5. smash my head into the wall

 

I've been there, trust me. Hopefully somebody can help shed some light, but there are only so many things it can be with this error.

[PFMaBiSmAd]

Your form's drop down select list lets you pick either sid or sname for the $field variable that the query operates on as a column name in the WHERE clause. Obviously, sid is not a column in the table you are using.