form code incorrect...not outputting data from db

[jjatcal]

Hi,

I have an HTML form that is to query MySQL database and output results.

The user is to choose the column name and then type in a search term. The script is to find anything similar (not exact, but similar since i am using "like" of SQL) and output.

When I run the form, I do not get any results whatsoever. It goes to the results.php page and nothing appears on the webpage.

I tried messing with the SQL and the PHP but couldn't get it to work.

Thoughts?

Here is HTML form;
<form action=&quot;results.php&quot; method=&quot;post&quot;>
Choose Search Type:
<br>
<select name=&quot;searchtype&quot;>
<option value=&quot;LastName&quot;>Last Name</option>
<option value=&quot;FirstName&quot;>First Name</option>
<option value=&quot;CurrPhone&quot;>Phone Number</option>
</select>
<br>
Enter Search Term:
<br>
<input name=&quot;searchterm&quot; type=text size=&quot;40&quot; maxlength=&quot;40&quot;>
<br>
<input type=submit value=&quot;submit&quot; name=&quot;submit&quot;>
</form>



Here is PHP script:
<?
trim($searchterm);
if (!$searchtype || !$searchterm)
{
echo &quot;You have not entered search details. Please go back and try again.&quot;;
exit;
}

$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);

@ $db = mysql_pconnect(&quot;localhost&quot;, &quot;&quot;, &quot;&quot;

if (!$db)
{
echo &quot;Error: Could not connect to database. Please try again later.&quot;;
exit;
}

mysql_select_db(&quot;hms2003&quot;
$query = &quot;select * from personal where &quot;.$searchtype.&quot; like '%&quot;.$searchterm.&quot;%'&quot;;

$result = mysql_query($query);

$num_results = mysql_num_rows($result);

echo &quot;<p>Number of entries found: &quot;.$num_results.&quot;</p>&quot;;

for ($i=0; $i <$num_results; $i++)
{
$row = mysql_fetch_array($result);
echo &quot;<p><strong>&quot;.($i+1).&quot;. Last Name: &quot;;
echo htmlspecialchars( stripslahes($row[&quot;LastName&quot;]));
echo &quot;</p>&quot;;
}
?>

Any thoughts would be greatly appreciated.

 

[hos2]

perhaps
$result = mysql_query($query,$db);

and to simplify things you can write

$query = "select * from personal where ".$searchtype." like '%".$searchterm."%'";

also as
$query = "select * from personal where $searchtype like '%$searchterm%'";

and why do you use addslashes ???
further on look if you're fieldnames are the same with the fieldnames above. it's case senstive !! so if you're fieldname is lastname instead of LastName. it won't work!

 

[jjatcal]

Hi,

Thanks for the response. I got part of the code from a book, so not sure why addslashes are there.

Can you explain to me why in the SQL to refer to a variable it is in this format: &quot;.$searchtype.&quot; Why the &quot;.&quot; after the variable.

Also what is all this: '%&quot;.$searchterm.&quot;%'

You simplified it to '%$searchterm%' which is better.

I guess I am asking when you refer to a variable in SQL statement, what is way to do it. Two ways done above.

Thanks.

 

[hos2]

with the first statement you add one string to another
$stringnew=&quot;string1&quot;.&quot;string2&quot;

then echo $stringnew gives as output string1string2

but if you have a variable you can leave the double quotes out so
$stringnew=&quot;hello&quot; .$varname


the % signs are wildcards for the mysql query
so
where Lastname like '%jansen%'

will give all the results where jansen is somewhere in lastname
if you have a query like
where Lastname like 'jansen%'
than the result will show all rows where lastname starts with jansen