Help please, I'm about to pull my hair out!!!!

[jackie11]

Hi Everyone

I'm looking for some help, I am looking to display the results of a query search on a page, I want the user to be able to search for their surname on my db and the results to be displayed, I have managed to get the search to work and to create the the way I want it to display but I can get them to work to gether

The code I am using is, can anyone see where I'm going wrong?

Any help would be appricated

[code]

<html>
<head><title>Employee Index</title></head>
<body>

<h1><img src="etc/Logo_pic_2.JPG"></h1>


<?php


$search = "%" . $_POST["search"] . "%";
 

mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("employee_index") or die(mysql_error());


  $query = "SELECT * FROM employee WHERE Surname LIKE '$search'";
  $result = mysql_query ($query)or die(mysql_error());
 

    if ($result) {
    while ($row = mysql_fetch_array ($result,MYSQL_ASSOC)) {
      foreach ($row as $key => $value)
     
      $value [Employee_ID] = '$Employee_ID';
      $value [Forename] = "$Forename";
      $value [Job_title] = "$Job_title";
  $value [Office_location] = "$Office_location";
  $value [Telephone] = "$Telephone";
  $value [Email] = "$Email";
  $value [Expertise] = "$Expertise";
  $value [Hobbies] = "$Hobbies";
  $value [DOB] = "$DOB";
  $value [Picture] = "$Picture";

}
}
echo "<table cellspacing='15'>";
  echo "<tr><td colspan='20'><hr></td></tr>";
  echo "<th>ID</th><th>Picture</th><th></TD><th>Surname</th><th>Forename</th><th>Job Title</th><th>Office Location</th><th>Telephone</th>
  <th>Email</th><th>Expertise</th><th>Hobbies</th><th>DOB</th>";
  echo "<tr><td colspan='20'><hr></td></tr>";

      echo "
          <td>$Employee_ID</td>\n
          <td><a href='../Database/pics/{$row['Picture']}' border='0'>
            <img src='../Database/pics/{$row['Picture']}' border='0'
            width='90' height='100'></a><td></td>\n
          <td>$Surname</td>\n
            <td>$Forename</td>\n
            <td>$Job_title</td>\n
              <td>$Office_location</td>\n
              <td>$Telephone</td>\n
                <td>$Email</td>\n
                <td>$Expertise</td>\n
                  <td>$Hobbies</td>\n
                  <td>$DOB</td>\n
                   
          </tr>\n";
    echo "<tr><td colspan='20'><hr></td></tr>\n";

  echo "</table>\n";
 
?>

</body>
</html>

[/code]

Thanks

Jackie

[trq]

Replace this....

[code=php:0]
foreach ($row as $key => $value)
     
      $value [Employee_ID] = '$Employee_ID';
      $value [Forename] = "$Forename";
      $value [Job_title] = "$Job_title";
  $value [Office_location] = "$Office_location";
  $value [Telephone] = "$Telephone";
  $value [Email] = "$Email";
  $value [Expertise] = "$Expertise";
  $value [Hobbies] = "$Hobbies";
  $value [DOB] = "$DOB";
  $value [Picture] = "$Picture";

}
[/code]

with...

[code=php:0]
$Employee_ID = $row['Employee_ID'];
$Forename = $row['Forename'];
$Job_title = $row['Job_title'];
// etc etc etc
[/code]

You do not need the foreach, Looks like someone really needs to get the basics down.

[c4onastick]

And for security's sake, [b]do not[/b] use the root user to do queries. Especially a root user that has been set up with out a password!

BAD:
[code]mysql_connect("localhost", "root", "") or die(mysql_error());[/code]

Use the principle of least privilege. Create a new user with this statement:
[code]GRANT select, insert, update ON [your_db_here] TO [your_username_here]@localhost IDENTIFIED BY '[your_GOOD_password_here]';[/code]

Don't use a word for [your_GOOD_password] either. Something pseudo-random like: 'P5h1P3n00b'.

Since you're not filtering your input from the post, connecting with the root user would allow [b]anyone[/b] to do [b]anything[/b] to your database.

[jackie11]

Hi There


Many many thanks for your help, that works great, I really am starting from the beginning I have only been learning mysql and php for a few days so I am one of them complete novices everyone hates ha ha !!!!

Thanks again

Jackie

:) :)