Jump to content

Recommended Posts

basically this is a search function

 

 

<form  method="post" action="test1.php">

<input type = "hidden" name="submitted" value ="true" />

  <label>TYPE:

  <select name="field">

    <option value = "sid">StudentID</option>

    <option value = "sname">StudentName</option>

  </select>

  </label>

  <label>WORD:

  <input type="text" name="searchword" />

  </label>

<input type="submit"  />

</form>

 

 

-------------

<?php
if (isset($_POST['submitted'])){

$con = mysql_connect("localhost","root","");

  mysql_select_db("uni", $con);
  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$query = "SELECT* FROM student WHERE $field = '$searchword'";
$result = mysqli_query($con,$query) or die ('error data'); //-----------> error line

echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysqli_fetch_array($result)){

echo "<tr><td>";
echo "$row ['sid']";
echo "</td><td>";
echo "$row ['sname']";
echo "</td></tr>";
}

echo"</table>";

}

mysql_close($con);

?>

 

 

NB: the error message "Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\wamp\www\test1.php on line 21

error data"

 

 

Link to comment
https://forums.phpfreaks.com/topic/217989-could-anyone-check-this-code/
Share on other sites

1. You can't mix and match MySQLi and MySQL.  Use one or the other.

2. Why use a hidden input when you can simply check $_POST if the submit input exists in the array?

3. Validate and escape incoming data.

4. Don't use die as an error handler.  At the very least, use trigger_error instead.

5. The error message itself is useless for the end user.

could anyone check this code for me plsss? (i have to  search the data from database)

 

<form  method="post" action="search.php"  name="submitted" value ="true"  />
  <label>TYPE:
  <select name="field">
    <option value = "sid">StudentID</option>
    <option value = "sname">StudentName</option>
  </select>
  </label>
  <label>WORD:
  <input type="text" name="searchword" />
  </label>

  <input type="submit"  />

</form>

<?php
if (isset($_POST['submitted'])){

$con = mysql_connect("localhost","root","");

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error()); 

  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error()); 

// = mysql_query($query);
//$num_rows = mysql_num_rows($result);

//echo"num_rows results found.";
echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysql_fetch_array($result)){

echo "<tr><td>";
echo "$row ['field']";
echo "</td><td>";
echo "$row ['searchword']";
echo "</td></tr>";
}

echo"</table>";

}

mysql_close($con);

?>

Hi There

 

I think the line

 

$result = mysql_query("SELECT* FROM student WHERE $field = '$searchword'") or trigger_error('MySQL error: ' . mysql_error());

 

should read

 

$result = mysql_query("SELECT* FROM student WHERE $field = '" . $searchword . "'") or trigger_error('MySQL error: ' . mysql_error());

 

Notice the change - '" . $searchword . "'", you need to break out of the string and add a string if that makes sense, what you have is you are telling it to pull from database where field = "$searchword" and not field =$searchword

 

Hope that makes sense as i am a noob myself, i would get this confirmed but im almost certain thats where your problem lies.

 

Hope it helps

 

Regards

 

Sorry,

 

I did say i was a noob at PHP, i Just didnt think that would work , i thought it woul look at it as being text instead of a string the way he had it.

 

regards

 

Just to help you out a little bit.  Strings in single quotes are parsed as literal text.  Strings in double quotes are checked for variables.

<form  method="post" action="test1.php">
  <label>TYPE:
  <select name="field">
    <option value = "sid">StudentID</option>
    <option value = "sname">StudentName</option>
  </select>
  </label>
  <label>WORD:
  <input type="text" name="searchword" />
  </label>
<input type="submit" name="submit" value="Submit" />
</form>

 

test1.php

<?php
if (isset($_POST['submit'])){

$con = mysqli_connect("localhost","root","",'uni');  

$field= $_POST['field'];
$searchword = $_POST['searchword'];
$query = "SELECT * FROM student WHERE $field = '$searchword'";
$result = mysqli_query($con,$query) or die ('error data'); //-----------> error line
if(mysqli_num_rows($result) > 0) {
echo"<table>";
echo "<tr><th>StudentID</th><th>StudentName</th></tr>";
while($row = mysqli_fetch_array($result,MYSQLI_ASSOC)){

	echo "<tr><td>";
	echo $row['sid'];
	echo "</td><td>";
	echo $row['sname'];
	echo "</td></tr>";
}

echo"</table>";

}
}
mysql_close($con);

?>

I appreciate that JCBones, i didnt know that.

 

so basically if i use ' instead of " then i can have text or variables in it, variables are automatically coverted to text ?

 

Thanks

 

$variable = 'DOUBLE QUOTED STRING';
$str[] = 'This $variable will not be parsed, and will print out to the page.';
$str[] = "This $variable will be parsed, and will print out the contents of the variable to the page.";
$str[] = "This {$variable} is the same as above.";

echo implode('<br/>',$str);

 

Test it out.

<body>

<form  method="post" action="new.php"  name="submitted"   /> 
  <label>TYPE: 
  <select name="field"> 
    <option value ="sid">StudentID</option> 
    <option value ="sname">StudentName</option> 
  </select> 
  </label> 
  <label>WORD: 
  <input type="text" name="searchword" /> 
  </label> 
  
  <input type="submit" name ="submitted" /> 
  
</form> 

<?php 
if (isset($_POST['submitted'])){ 
$searchword = htmlentities(addslashes($_POST['searchword']));

$con = mysql_connect("localhost","root",""); 

mysql_select_db("uni", $con) or trigger_error('MySQL error: ' . mysql_error());  

$field= $_POST['field'];
$searchword = $_POST['searchword'];


$result = mysql_query("SELECT* FROM student WHERE $field ='$searchword'") or trigger_error('MySQL error: ' . mysql_error());  

//$result = mysql_query($query); 
//$num_rows = mysql_num_rows($result); 

//echo"num_rows results found."; 
echo"<table>"; 
echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; 
while($row = mysql_fetch_array($result)){ 

echo "<tr><td>"; 
echo "$row ['field']"; 
echo "</td><td>"; 
echo "$row ['searchword']"; 
echo "</td></tr>"; 
} 

echo"</table>"; 


} 

mysql_close($con); 

?>
</body>
</html>

 

Hi guys, i jst made some correction but still some error on it. could you pls check this code for me.

 

NB: my error msg.....

Notice: MySQL error: Unknown column 'sid' in 'where clause' in C:\wamp\www\new.php on line 37

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\new.php on line 45

Then I'd search for "unknown column" errors in google and see what you find. It's likely you find almost every case where this error could be triggered.

 

My first thought would be to:

 

1. enter the column name as literal, no variable to see if it works

2. check the database, look for student table, and 'sid' column

3. check if 'sid' is a reserved word (which will trigger such an error in sql)

4. enter the entire query as just text

5. smash my head into the wall

 

I've been there, trust me. Hopefully somebody can help shed some light, but there are only so many things it can be with this error.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.