#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    0

    Database information retrieved using form values using PHP


    Hi guys,

    Newbie to the forums here....

    i have just started out using PHP to develop websites and I am having a little problem getting formation from a database. What I am looking to do is, using a form I want to get data from a DB called events depending on variables i.e.location, time or event.

    So, if the user selects the location on the form - say America - I want to be able to display form data only with the events in America.

    So, its like .. .Form data (location) -- form listing (only events from chosen location)

    I have managed to get a form to populate the database, I can retrieve ALL the form data using a recordset, but I unable to retrieve and display the data, nor am I able to locate a tutorial for this...

    Any help would be GREATLY APPRECIATED!!!!!

    Richie

    Oh, if it helps.. I am using PHP, MySQL & my localhost is run via myPHPadmin

    Thanks again
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Location
    The Pleiades
    Posts
    300
    Rep Power
    9
    I have an incline of what your problem could be.

    Could you please provide the code where you try and retrieve the data?

    Kind regards,

    NM.
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    This is...basically the entire purpose of PHP. You use PHP to make interactive web interfaces for data sets.

    So you have a set of data, as you said. Do you know how to get a list of countries out of that existing data set?

    If you do, use that to print the HTML drop-down.

    (if you don't know HTML, you should learn it prior to learning PHP)

    Once you have the drop down in the form, with a form method of POST and a drop-down named "country," and you submit that form, $_POST['country'] will be the input the user selected.

    Using PDO (tutorial available in the forum stickies), insert $_POST['country'] into the WHERE clause your query to filter by country.

    Once you get that working, add more inputs. Make sure to only add those inputs to your query if the user has actually selected data.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by Nanomech
    I have an incline of what your problem could be.

    Could you please provide the code where you try and retrieve the data?

    Kind regards,

    NM.
    Hi - first off thanks for your reply.. Second off I am only starting off with PHP so, please be kind LOL

    I have written/sourced this code:


    <?php
    // Make a MySQL Connection
    mysql_connect("localhost", "root", "root") or die(mysql_error());
    mysql_select_db("users") or die(mysql_error());
    echo "connected.....";

    // Get a specific result from the "example" table
    $result = mysql_query("SELECT * FROM events
    WHERE location ='galway'") or die(mysql_error());

    // get the first (and hopefully only) entry from the result
    $row = mysql_fetch_array( $result );
    // Print out the contents of each row into a table
    echo $row['location']." - ".$row['EventName'];
    ?>

    This gives me the first results from the table, which are
    "connected.....galway - 1111ccc"

    I have attempted the following code, so I can tell the DB which location I want to search....

    if(Search){

    mysql_connect("localhost", "root" , "root") or die (mysql_error());
    echo "Connected to MySQL <br/> <hr/>";

    mysql_select_db("users")or die (mysql_error());
    echo "conncted to DB users <br/> <hr/>";

    $query = "SELECT * FROM events";
    $result = mysql_query($query) or die (mysql_error());

    while($row = mysql_fetch_array($result)){
    echo $row['EventName'] . "-" . $row['location'];
    echo "<br />";
    }
    }
    else
    echo "nothing";
    ?>
    <?php

    ?>
    <form action="SearchTest.php" method="get" id="Search">
    <select name="location">
    <option value="sligo">sligo</option>
    <option value="galway">galway</option>
    </select>
    <input name="submit" type="button" value="submit" />
    </form>


    I'm lost ;o((((
  8. #5
  9. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    You've categorised this as PHP4. If really are using PHP4 then stop, go to the xampp website and get the latest version. This will install a much more up to date version of PHP 5, MySQL 5 and so on. PHP4 does not come with PDO, and we'll all tell you to use it instead of mysql_* (read on for more)

    Next thing to undersdtand is that PHP and MySQL are different things, with different languages to make them do the things you want.

    PHP has functions built into it which allow you to connect to a mysql database, send a query and fetch some data back.

    MySQL is a SQL based database, to limit the returned results you use the WHERE keyword,

    eg

    PHP Code:
    $query "
        SELECT
            *
        FROM
            events
        WHERE
            county = 'Galway'
        ;
    "

    so, how do we get what the user submitted (eg Galway) into that query in a safe way that will not open you up to a malicious SQL injection?

    Well, when using the mysql_* functions you'll struggle to do this reliably - which is why we recommend PHP Data Objects (PDO). Read a the migration guide link in my signature.

    Now comes a point where you probably want to skip a learning curve just to get your project up and running and functioning how you expect when you use it as intended....if you're just starting out in php then now is the time NOT to skip that learning and get yourself up to speed with PDO.

    I'll happily help further when I see you've attempted to connect to MySQL using PDO
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    0
    Hi Guys,

    Thanks very much for the feedback and the intro to PDO's. Whilst I would be delighted to discover them fully I am simply restricted by time - but, it is something I will look into at a later date..

    If ye still feel like helping me, I would appreciate it..

    So far I have this....

    $location = $_POST['location'];
    if(LocationForm){

    mysql_connect("localhost", "root" , "root") or die (mysql_error());
    echo "Connected to MySQL <br/> <hr/>";

    mysql_select_db("users")or die (mysql_error());
    echo "conncted to DB users <br/> <hr/>";

    $query = "SELECT * FROM events Where location = '$location'";
    $result = mysql_query($query) or die (mysql_error());

    while($row = mysql_fetch_array($result)){
    echo $row['EventName'] . "-" . $row['location'];
    echo "<br />";
    }
    }
    else
    echo "nothing";

    ?>

    <form action="SearchTest.php" method="$_POST['location']" id="LocationForm">
    <select name="location">
    <option value="sligo">sligo</option>
    <option value="galway">galway</option>
    </select>
    <input name="submit" type="button" value="submit" />
    </form>

    Which returns a blank value as the form is not inputting a value. If I manually input a value for location I can get the required results.

    As, I said, I would appreciate any help here...;o))

    Thanks again
  12. #7
  13. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    so, by not following our advice you have opened a great big security hole in your server

    PHP Code:
    $location $_POST['location'];

    /*...*/

    $query "SELECT * FROM events Where location = '$location'"
    is just plain wrong

    Basically it allows for someone to put their own SQL into $_POST['location'] and your code just executes it.

    In the hour between my first reply and your reply to that you could have read the PDO article I linked to and implemented it just by copying and pasting (10-15 mins)

    On a separate note, how are you defining the constant LocationForm that you're using here

    PHP Code:
    if(LocationForm){ 
    is it supposed to be a constant? do you think that this will just work? does it mask some other logic?

    Also, your html form is screwed up. the action is either "get" or "post", not $_POST['location']
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  14. #8
  15. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    PHP Code:
    <?php

        $db 
    = new PDO('mysql:host=localhost;dbname=users;charset=utf8''root''root');
        
        if(!empty(
    $_POST['location']))
        {
            
    $location $_POST['location'];
            
            
    $sql "SELECT * FROM events WHERE location = :loc";
            
    $st $db->prepare($sql);
            
            
    $params = array(':loc' => $location);
            
    $st->execute($param);
            
            
    $results $st->fetchAll();
            foreach(
    $results as $row)
            {
                echo 
    $row['EventName'] . "-" $row['location'];
                echo 
    "<br />";
            }
        }
    ?>
    <form action="SearchTest.php" method="POST" id="LocationForm">
        <select name="location">
            <option value="sligo">sligo</option>
            <option value="galway">galway</option>
        </select>
        <input name="submit" type="button" value="submit" />
    </form>
    Notes:
    -> 'method' is normally either POST or GET
    -> $_POST['location'] is only defined after the form is submitted, hence the call to empty
    -> the ID of the form is never posted
    -> you should try to avoid using capital letters in database identifiers
    -> untested

    If you can't use PDO for some reason, just change your location assignment to:
    PHP Code:
    $location mysql_real_escape_string($_POST['location']); 
    'method' defaults to GET if it is invalid, which is probably why you are not getting a value for it in your code when you try to read it from $_POST.

    Comments on this post

    • Northie agrees : what he said
    Last edited by E-Oreo; June 6th, 2013 at 10:37 AM.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo