BootStrap - How to load MySQL information from a search based on a ID

Sorry man this is the first time touching PHP in my entire life. As for SQL i must admit, im still a beginner.

Quote:

---

When I change: $_POST['thisid'] to 123456 (the ipi_id in the table row) it works, but I want it to read the data from the text box so they can load their own ipi_id.

---

Watch out for SQL injections.

The basics :
SQL Injection Attacks by Example

I changed ipi_info to:

Quote:

---

<?php// This could be supplied by a user, for example


if(isset($_POST['thisid'])) {
$ipi_id = $_POST['thisid'];


//if(isset($_POST['thisid'])){ $ipi_id = $_POST['thisid']; }
$query = sprintf("SELECT ipi_id, i_purchased, cost, sale_date, purchasee, sent_on, item_expected, shipped_to, tracking_no, note FROM ipi
WHERE ipi_id='%s'",mysql_real_escape_string($ipi_id));


$result = mysql_query($query);




if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
while ($row = mysql_fetch_assoc($result)) {








?>


<p>
<!-- Item information -->
<b>Item Purchased</b>:
<i><?php echo $row['i_purchased']; ?></i>
</p>
<p>
<b>Cost</b>:
<?php echo $row['cost']; ?>
</p>
<p>
<b>Sale date</b>: <?php echo $row['sale_date']; ?>
</p>
<p>
<b>Name of Purchaser</b>: <?php echo $row['purchasee']; ?>
</p>

<br />
<ul>
<!-- Shipping information -->
<p>
<b>Shipped on</b>: <?php echo $row['sent_on']; ?>
</p>
<p>
<b>Item Expected</b>: <?php echo $row['item_expected']; ?>
</p>
<p>
<b>Shipping to</b>: <i><?php echo $row['shipped_to']; ?></i>
</p>
<p>
<b>Tracking Number</b>:
<i><?php echo $row['tracking_no']; ?></i>
<b></b>
</p>
</ul>

<p><b>Note from us</b>:<br />
<?php
echo $row['note'];
?>

</p>
<?php
}

mysql_free_result($result);
}
else {
echo"fuckingfail!";
}
?>

---

I added

if(isset($_POST['thisid'])) {

before

$ipi_id = $_POST['thisid'];

and added a } after

mysql_free_result($result);


}

and made a echo;

else { echo"fuckingfail!"; }

But now each time I click on Submit, it shows fuckingfail! even if I enter in the ipi_id (123456) or not.

I've also tried changing the code around (MySQL) but it still isn't working;

Quote:

---

<?php// This could be supplied by a user, for example


if(isset($_POST['thisid'])) {
$ipi_id = $_POST['thisid'];


//if(isset($_POST['thisid'])){ $ipi_id = $_POST['thisid']; }
//$query = sprintf("SELECT ipi_id, i_purchased, cost, sale_date, purchasee, sent_on, item_expected, shipped_to, tracking_no, note FROM ipi WHERE ipi_id='" . $ipi_id . "'", mysql_real_escape_string($ipi_id));


//$result = mysql_query($query);




//if (!$result) {
// $message = 'Invalid query: ' . mysql_error() . "\n";
// $message .= 'Whole query: ' . $query;
// die($message);
//}


//while ($row = mysql_fetch_assoc($result)) {










$query = mysql_query("SELECT ipi_id, i_purchased, cost, sale_date, purchasee, sent_on, item_expected, shipped_to, tracking_no, note FROM ipi WHERE ipi_id='" . $ipi_id . "'");
while ($row = mysql_fetch_assoc($query))
{








?>


<p>
<!-- Item information -->
<b>Item Purchased</b>:
<i><?php echo $row['i_purchased']; ?></i>
</p>
<p>
<b>Cost</b>:
<?php echo $row['cost']; ?>
</p>
<p>
<b>Sale date</b>: <?php echo $row['sale_date']; ?>
</p>
<p>
<b>Name of Purchaser</b>: <?php echo $row['purchasee']; ?>
</p>

<br />
<ul>
<!-- Shipping information -->
<p>
<b>Shipped on</b>: <?php echo $row['sent_on']; ?>
</p>
<p>
<b>Item Expected</b>: <?php echo $row['item_expected']; ?>
</p>
<p>
<b>Shipping to</b>: <i><?php echo $row['shipped_to']; ?></i>
</p>
<p>
<b>Tracking Number</b>:
<i><?php echo $row['tracking_no']; ?></i>
<b></b>
</p>
</ul>

<p><b>Note from us</b>:<br />
<?php
echo $row['note'];
?>

</p>
<?php

} }

//mysql_free_result($result);
?>

---

I really need help..

Need help ASAP, thanks.

I seemed to have fixed it.

Quote:

---

Originally Posted by Jash

Sorry man this is the first time touching PHP in my entire life. As for SQL i must admit, im still a beginner.

---

oh dont take my comment too serious, it was very enjoying to see your posts, as i said, i laughed. xP

Quote:

---

Originally Posted by BukkIT

I changed ipi_info to:


I added

if(isset($_POST['thisid'])) {

...

But now each time I click on Submit, it shows fuckingfail! even if I enter in the ipi_id (123456) or not.

...

I really need help..

---

read your own post again:

Quote:

---

Originally Posted by BukkIT

The IPI Information is where I want it to load the information from the submition section, witch is the ipi_id

Code:

---

<form name="ipi_load" method="post" > <input type="text">
<a href="#" id="modal_link" method="post" type="submit" class="ui-state-default ui-corner-all"><span class="ui-icon ui-icon-newwin"></span>Open IPI</a>

</form>

---

I don't really know what to do, but hopefuly someone can help me?
All I want it to do is load the information like Cost, Sale date, Name of Purchaser, Shipped on etc... But I want it to only load from the ID they've entered in the text box (<input type="text">)

---

how can u refer an object that is unknown my dear?