PHP Form Entry problem

[iainm2]

I have two web pages which run on a local server for our intranet. This is very simple as it is a test model. Individualy the elements all work ok. At least the results page does, it is only when I try to get the "post" value into the data that I have trouble. I am very new to PHP and Web page design so please be gentle.

When I change ....LIKE $_POST['name'] for ....LIKE 'Smith' I only get the values for for the name Smith in the database.

Using .....LIKE $_POST['name']I get the following error:-

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\program files........

I think that it is to do with getting the data from the form but do not know how to beat it having spent 3 days working on the problem.

Here is the code for bith pages.

Many thanks in advance.

Form Page
----------------------------------------
<form action="fonebook.php" method="post">
Enter Search Name: <input type="text" name="name" /><br />
<input type="submit" name="submit" value="Search!" />
</form>

Results page
----------------------------------------
<?php

$db = mysql_connect("localhost", "root", "irnbru");

mysql_select_db("address",$db);

$query = "select First, Last, Phone from fonebook where Last like $_POST['name']";

$result_id = mysql_query ($query)
or die ("Query failed");

while ($row = mysql_fetch_assoc ($result_id))

printf ("%s %s %s\n", $row["First"], $row["Last"], $row["Phone"]);

mysql_free_result ($result_id);
?>

 

[spookie]

change your query to

$query = "select First, Last, Phone from fonebook where Last like ".$_POST["name"] ;

--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.

 

[KarveR]

Probablybad practice but I tend to do my query stuff like:

$query = "select First, Last, Phone from fonebook where Last like '$_POST[name]'";

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[spookie]

oops ,
hit submit to early.. it shd be

$query = "select First, Last, Phone from fonebook where Last like '".$_POST["name"]."'" ;

--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.

 

[satyaprakashjha]

Yeah sppokie is rite, the same thing strike to me as well. In your SQL query all the text data must be refred using single quote i.e. if you want validate a field of text or char datatype then your query mucst be something like where name LIKE 'satya'

so, the query will go like this :

$query = "select First, Last, Phone from fonebook where Last like ' ".$_POST['name']." ' ";

Regards

SATYA

 

[ingresman]

would it not be better to test it exists first and is ok e.g.
$temp = $_POST["name"];
// validate it
$query = "select...like '$temp'";

 

[DRJ478]

There are two issues at hand:
1. SQL statements ought to have strings quoted.
2. PHP doesn't fare well with evaluating associative arrays by keys within double quoted context.
To solve both issues use the code satyaprakashjha offered.

 

[iainm2]

Thanks to you all - I have used satyaprakashjha's offering. Everything works as well as I had hoped.