Printable View
So I created a website and added there a function to find info from username.
But currently when I open the page it shows up all the info from the database.
So what I would like to do is a field where I can enter a Username and a button "Send" or something like that, so when you insert a username, eg. Aitsihia, it searches from database _Name "Aitsihia" and displays _Info.
I hope someone understands what I mean and can help me with this.
Create a form with an input field, with the name "_Name" for the matching with `_Name` in the `users` table. (Or whatever the table/fields are called..)
The key part if this script is the "WHERE" statement inside the SQL Query. In MySQL, you can use the "WHERE" clause to tell SQL to be more specific in what it loads. For example, if we want to load data on a user where the field "_Name" is equal to "Aitsihia", we can simply say that quite literally using the clause:PHP Code:$name = mysql_real_escape_string($_POST['_Name']);
$query = mysql_query('SELECT * FROM `users` WHERE `_Name` = "'.$name.'"');
while($row = mysql_fetch_assoc($query))
{
echo 'Information on <strong>'.$row['_Name'].'</strong><hr />';
echo $row['_Info'].'<hr />';
}
'WHERE `_Name` = "Aitsihia"'
Also, if we want to load a piece of content that only users with the rank "Admin" can see, we can use a clause like this:
'WHERE `rank` = "Admin"'
It's simple, yet opens doors for a very versatile database language. Of course, there's much more SQL can do, and you'll learn more as you progress.
Visit the "Resources" post in the Coder's Paradise section for great resources to help get you through issues like these.
Additionally, goto killerphp.com for some Killer PHP Video Tutorials!
Thanks s-p-n. Even though I am having some problems with the Tables now since I'm not so used to this stuff. I mean I know HTML pretty much but MySQL is something new for me.
So heres what I did
But in which point do I have to add the _Name to?Code:<form>
Name: <input type="text" name="name"><br>
<input type="Submit" value="Find">
</form>
I tried to add it to the first input name="_Name" and I also tried to add value="_Name", but it seemed not to work.
EDIT: I found something wrong in my form but it still didn't fix it.
I just added the action to the form, but it didn't help at all.Code:<form action="code.php" method="post">
Name: <input type="text" name="name"><br>
<input type="Submit" value="Find">
</form>
EDIT2: Nevermind! I got it to work. Thanks s-p-n.
The $_POST "superglobal" array is formatted like so:Quote:
Originally Posted by Aitsihia
It's an array of the fields within the submitted form on your page. If a form has a method of "post", and you submit that form, then all the fields & values are converted to an index within the $_POST "superglobal" array.PHP Code:$_POST['name'] = "value";
So if you create a form like so,
.. And click the "submit" button, then two "$_POST indexes" are created for use in PHP.Code:<form method="post" action="">
User: <input type="text" name="user" value="s-p-n" />
<br />
<input type="submit" name="submit" value="submit" />
</form>
Those are stored in PHP for use later.PHP Code:$_POST['user'] = (string) 's-p-n';
$_POST['submit'] = (string) 'submit';
When retrieving these inputs, it's important that they be sanitized before use in the database, or for other dynamic things a malicious user can cause harm to.
So to prevent harm to a MySQL database through a MySQL query, we use the function "mysql_real_escape_string($str)" on the inputs.
$user is now a more secure version of $_POST['user']. (It may contain extra slashes(\), on apostrophes, quotes, and other things.)PHP Code:$user = mysql_real_escape_string($_POST['user']);
And of course, to query $user inside the database,
So we're creating a variable to store the query result. The "mysql_query" function takes a query statement. Like the one you see above.. (inside the apostrophes)PHP Code:$query = mysql_query('SELECT `_Info`,`user` FROM `users` WHERE `user` = "'.$user.'"');
This query will select the `info` and `user` fields from the table `users`, but only where the `user` field is equal to the $user variable. (created by user input).
Notice I broke the apostrophes to insert the $user variable from the form.
With the Query Result for a "SELECT" query, we usually want to convert it to an "Associative Array" of our columns, for each row. (That's just a funny word for an array with named values. Such as $arr['name'] = 'value';) To get that effect, we use "while($row=mysql_fetch_assoc($query_result_variable))".
Following the examples above:
The conclusion:PHP Code:<form method="post" action="">
User: <input type="text" name="user" value="s-p-n" />
<br />
<input type="submit" name="submit" value="submit" />
</form>
<?php
$user = mysql_real_escape_string($_POST['user']);
$query = mysql_query('SELECT `_Info`,`user` FROM `users` WHERE `user` = "'.$user.'"');
while($row = mysql_fetch_assoc($query))
{
echo '<p>Info on user '.$row['user'];
echo '<hr />'.$row['_Info'].'<hr /></p>';
}
?>
- You can change the name of the variables to whatever you want. Such as $name.
- You'd then want to make sure the field name (in the form) is "name", and then the $_POST variable for that field would be $_POST['name']. Make sure they all match.
- Be sure to sanitize the user input every-time. When the input is being used in a MySQL Query, sanitize it with mysql_real_escape_string().
- Fetch the data from the database using mysql_fetch_assoc().
- Take more tutorials in the "Resources" post in Coder's Paradise at RageZone. :tongue: