Re: [PHP/MySQL] Find data
Create a form with an input field, with the name "_Name" for the matching with `_Name` in the `users` table. (Or whatever the table/fields are called..)
PHP Code:
$name = mysql_real_escape_string($_POST['_Name']);
$query = mysql_query('SELECT * FROM `users` WHERE `_Name` = "'.$name.'"');
while($row = mysql_fetch_assoc($query))
{
echo 'Information on <strong>'.$row['_Name'].'</strong><hr />';
echo $row['_Info'].'<hr />';
}
The key part if this script is the "WHERE" statement inside the SQL Query. In MySQL, you can use the "WHERE" clause to tell SQL to be more specific in what it loads. For example, if we want to load data on a user where the field "_Name" is equal to "Aitsihia", we can simply say that quite literally using the clause:
'WHERE `_Name` = "Aitsihia"'
Also, if we want to load a piece of content that only users with the rank "Admin" can see, we can use a clause like this:
'WHERE `rank` = "Admin"'
It's simple, yet opens doors for a very versatile database language. Of course, there's much more SQL can do, and you'll learn more as you progress.
Visit the "Resources" post in the Coder's Paradise section for great resources to help get you through issues like these.
Additionally, goto killerphp.com for some Killer PHP Video Tutorials!
Re: [PHP/MySQL] Find data
Thanks s-p-n. Even though I am having some problems with the Tables now since I'm not so used to this stuff. I mean I know HTML pretty much but MySQL is something new for me.
So heres what I did
Code:
<form>
Name: <input type="text" name="name"><br>
<input type="Submit" value="Find">
</form>
But in which point do I have to add the _Name to?
I tried to add it to the first input name="_Name" and I also tried to add value="_Name", but it seemed not to work.
EDIT: I found something wrong in my form but it still didn't fix it.
Code:
<form action="code.php" method="post">
Name: <input type="text" name="name"><br>
<input type="Submit" value="Find">
</form>
I just added the action to the form, but it didn't help at all.
EDIT2: Nevermind! I got it to work. Thanks s-p-n.
Re: [PHP/MySQL] Find data
Quote:
Originally Posted by
Aitsihia
Thanks s-p-n. Even though I am having some problems with the Tables now since I'm not so used to this stuff. I mean I know HTML pretty much but MySQL is something new for me.
So heres what I did
Code:
<form>
Name: <input type="text" name="name"><br>
<input type="Submit" value="Find">
</form>
But in which point do I have to add the _Name to?
I tried to add it to the first input name="_Name" and I also tried to add value="_Name", but it seemed not to work.
The $_POST "superglobal" array is formatted like so:
PHP Code:
$_POST['name'] = "value";
It's an array of the fields within the submitted form on your page. If a form has a method of "post", and you submit that form, then all the fields & values are converted to an index within the $_POST "superglobal" array.
So if you create a form like so,
Code:
<form method="post" action="">
User: <input type="text" name="user" value="s-p-n" />
<br />
<input type="submit" name="submit" value="submit" />
</form>
.. And click the "submit" button, then two "$_POST indexes" are created for use in PHP.
PHP Code:
$_POST['user'] = (string) 's-p-n';
$_POST['submit'] = (string) 'submit';
Those are stored in PHP for use later.
When retrieving these inputs, it's important that they be sanitized before use in the database, or for other dynamic things a malicious user can cause harm to.
So to prevent harm to a MySQL database through a MySQL query, we use the function "mysql_real_escape_string($str)" on the inputs.
PHP Code:
$user = mysql_real_escape_string($_POST['user']);
$user is now a more secure version of $_POST['user']. (It may contain extra slashes(\), on apostrophes, quotes, and other things.)
And of course, to query $user inside the database,
PHP Code:
$query = mysql_query('SELECT `_Info`,`user` FROM `users` WHERE `user` = "'.$user.'"');
So we're creating a variable to store the query result. The "mysql_query" function takes a query statement. Like the one you see above.. (inside the apostrophes)
This query will select the `info` and `user` fields from the table `users`, but only where the `user` field is equal to the $user variable. (created by user input).
Notice I broke the apostrophes to insert the $user variable from the form.
With the Query Result for a "SELECT" query, we usually want to convert it to an "Associative Array" of our columns, for each row. (That's just a funny word for an array with named values. Such as $arr['name'] = 'value';) To get that effect, we use "while($row=mysql_fetch_assoc($query_result_variable))".
Following the examples above:
PHP Code:
<form method="post" action="">
User: <input type="text" name="user" value="s-p-n" />
<br />
<input type="submit" name="submit" value="submit" />
</form>
<?php
$user = mysql_real_escape_string($_POST['user']);
$query = mysql_query('SELECT `_Info`,`user` FROM `users` WHERE `user` = "'.$user.'"');
while($row = mysql_fetch_assoc($query))
{
echo '<p>Info on user '.$row['user'];
echo '<hr />'.$row['_Info'].'<hr /></p>';
}
?>
The conclusion:
- You can change the name of the variables to whatever you want. Such as $name.
- You'd then want to make sure the field name (in the form) is "name", and then the $_POST variable for that field would be $_POST['name']. Make sure they all match.
- Be sure to sanitize the user input every-time. When the input is being used in a MySQL Query, sanitize it with mysql_real_escape_string().
- Fetch the data from the database using mysql_fetch_assoc().
- Take more tutorials in the "Resources" post in Coder's Paradise at RageZone. :tongue: