MySQL/PHP - Query Form

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'm quite weak at PHP, so I was hoping to get some help understanding the
below code. First off, I'm trying to create a "query form" that will allow
me to display the results on my screen. I grabbed this code from the net
hoping that I could tweak it for my needs. I'm using MySQL, PHP and IIS and
they all are running fine. As the code is, it will display the form, but it
won't display my result(s). Any suggestions?


<title> search script</title>
<meta name="author" content="Steve R, /">
<!-- / -->

<form name="form" action="search.php" method="get">
  <input type="text" name="q" />
  <input type="submit" name="Submit" value="Search" />


  // Get the search variable from URL

  $var = @$_GET['q'] ;
  $trimmed = trim($var) //trim whitespace from the stored variable

// rows to return

// check for an empty string and display a message.
if ($trimmed == "")
  echo "<p>Please enter a search...</p>";

// check for a search parameter
if (!isset($var))
  echo "<p>We dont seem to have a search parameter!</p>";

//connect to your database ** EDIT REQUIRED HERE **
mysql_connect("localhost","username","password"); //(host, username,

//specify database ** EDIT REQUIRED HERE **
mysql_select_db("database") or die("Unable to select database"); //select
which database we're using

// Build SQL Query
$query = "select * from sales_report where repfirstname = \"%$trimmed%\"; //
EDIT HERE and specify your table and field names for the SQL query


// If we have no results, offer a google search as an alternative

if ($numrows == 0)
  echo "<h4>Results</h4>";
  echo "<p>Sorry, your search: &quot;" . $trimmed . "&quot; returned zero

// google
 echo "<p><a href=\""">"
  . $trimmed . "\" target=\"_blank\" title=\"Look up
  " . $trimmed . " on Google\">Click here</a> to try the
  search on google</p>";

// next determine if s has been passed to script, if not use 0
  if (empty($s)) {

// get results
  $query .= " limit $s,$limit";
  $result = mysql_query($query) or die("Couldn't execute query");

// display what the person searched for
echo "<p>You searched for: &quot;" . $var . "&quot;</p>";

// begin to show results set
echo "Results";
$count = 1 + $s ;

// now you can display the results returned
  while ($row= mysql_fetch_array($result)) {
  $title = $row["repfirstname"];

  echo "$count.)&nbsp;$title" ;
  $count++ ;

$currPage = (($s/$limit) + 1);

//break before paging
  echo "<br />";

  // next we need to do the links to other results
  if ($s>=1) { // bypass PREV link if s is 0
  print "&nbsp;<a href=\"$PHP_SELF?s=$prevs&q=$var\">&lt;&lt;
  Prev 10</a>&nbsp&nbsp;";

// calculate number of pages needing links

// $pages now contains int of pages needed unless there is a remainder from

  if ($numrows%$limit) {
  // has remainder so add one page

// check to see if last page
  if (!((($s+$limit)/$limit)==$pages) && $pages!=1) {

  // not last page so give NEXT link

  echo "&nbsp;<a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 &gt;&gt;</a>";

$a = $s + ($limit) ;
  if ($a > $numrows) { $a = $numrows ; }
  $b = $s + 1 ;
  echo "<p>Showing results $b to $a of $numrows</p>";


<!-- / -->


Re: MySQL/PHP - Query Form

 .oO(Mike Cocker)

Quoted text here. Click to load it

Any error messages? Is error_reporting set to E_ALL?

Quoted text here. Click to load it

Replace this with something like

$trimmed = isset($_GET['q']) ? trim($_GET['q']) : '';

Quoted text here. Click to load it

I think you can remove this.

Quoted text here. Click to load it

Use single quotes in the query. Additionally a double-quote is missing
at the end of the string:

$query = "select * from sales_report where repfirstname = '%$trimmed%'";

And you shouldn't use SELECT *, but list all columns you want to
retrieve explicitly instead.

Quoted text here. Click to load it

No error checking? What if the query fails and returns FALSE instead of
a resource-ID?

Quoted text here. Click to load it

Never print out user-submitted data directly, use htmlspecialchars()
before (the code above is vulnerable to cross-site scripting attacks).

Quoted text here. Click to load it

What is $s?

If it's a variable passed by URL-parameters use $_GET['s'] instead. With
register_globals=Off by default $s will always be empty.

Quoted text here. Click to load it

Why do you use $var here instead of $trimmed?

[rest of code snipped]


Re: MySQL/PHP - Query Form

Quoted text here. Click to load it

Sorry. The message I get on my screen (in IE) is "Parse error: syntax error,
unexpected T_IF in c:\Inetpub\wwwroot\form.php on line 22."
As for why there are certain variables declared in the code, I'm not
entirely sure. I grabbed this code from the Internet from one of the "code
sharing" sites. I was just hoping that I could use it because I think if the
code works correctly, it'll do exactly what I'm aiming to do. I want to be
able to query my MySQL database from a PHP form and then display the
results. I'm going to make some of the changes that you proposed and get
back ASAP. Thanks a bunch!


Re: MySQL/PHP - Query Form

Quoted text here. Click to load it

Do yourself a favor.  Pick up a book, perhaps "PHP & MySQL Web
Development" by Welling & Thompson.  It's worth the time and money, you
will learn more than you ever could via websites.  Really.

Site Timeline