Jump to content

$_GET to search database


jbwebdesign

Recommended Posts

Hello, I am trying to write a script that uses $_GET, to be able to connect to my database and pull the records WHERE the Student_name Field is LIKE the variable i have but i am not sure what I am doing wrong.....

 

I want to know how i would be able to address it by the URL, for instance: student.php?field=Student_name&s=john

 

 

here is my code:

 

<?php

$field = 'Student_name';

$s = $_GET['s'];

mysql_connect('localhost','bcheight_mbdc','frog123');

mysql_select_db('bcheight_mbdc');

$result = mysql_query("SELECT * FROM after_school_services WHERE '$field' = '$s'");

$my_rows;

while($row = mysql_fetch_array($result,MYSQL_ASSOC)){

$my_rows = $my_rows . '

' . $row['Student_name'] . '
Student Id: ' . $row['ff_id'] . '

Student Name: ' . $row['Student_name'] . '

D.O.B.: ' . $row['dob'] . '

Sex: ' . $row['Sex'] . '

Grade: ' . $row['grade'] . '

Class Room: ' . $row['class_room'] . '

Teacher: ' . $row['teacher'] . '

Parent\'s Name: ' . $row['Parent_name'] . '

Language: ' . $row['language'] . '

Home Number: ' . $row['home_num'] . '

Work Number: ' . $row['work_num'] . '

Cell number: ' . $row['cell_num'] . '

Email: ' . $row['email'] . '

Address: ' . $row['address'] . '

Apt: ' . $row['apt'] . '

City: ' . $row['city'] . '

Zip: ' . $row['zip'] . '

Emergency Name: ' . $row['emergency_name'] . '

Emergency Number: ' . $row['emergency_contact_number'] . '

';

}

echo $my_rows;

?>

Link to comment
Share on other sites

$field should not have quotes around it as it's a fieldname

$result = mysql_query("SELECT * FROM after_school_services WHERE $field = '$s';");

 

 

if you want to bring out results that have the specified name anywhere in the string you need the LIKE clause with '%' wildcard symbol:

$result = mysql_query("SELECT * FROM after_school_services WHERE $field LIKE '%$s%';");

 

If you input s=john then the above will bring out result that contain john anywhere in the string, for example:

 

Longjohn, John Doe, Steve Johnson etc

 

If you wish the specified name to be always the start of the string then you need to put the wildcard at the end of $s:

$result = mysql_query("SELECT * FROM after_school_services WHERE $field LIKE '$s%';");

Link to comment
Share on other sites

The least i could do was secure it and neaten it up for you.. hate to see code like this...

 

<?php
mysql_connect('localhost','bcheight_mbdc','frog123');
mysql_select_db('bcheight_mbdc');
$s = mysql_real_escape_string($_GET['s']);

$result = mysql_query(sprintf("SELECT * FROM after_school_services WHERE Student_name = '%%%s%%'",$s));
$Data = "";
   while($row = mysql_fetch_assoc($result)){
       $Data .= sprintf(
           '%s
Student Id: %s
Student Name: %s

D.O.B.: %s
Sex: %s
Grade: %s
Class Room: %s
Teacher: %s
Parent\'s Name: %s

Language: %s
Home Number: %s
Work Number: %s
Cell number: %s
Email: %s
Address: %s

Apt: %s
City: %s
Zip: %s
Emergency Name: %s
Emergency Number: %s

',
           $row['Student_name'],$row['ff_id'],$row['ff_id'],$row['Student_name'],$row['dob'],$row['Sex'],
           $row['grade'],$row['class_room'],$row['teacher'],$row['Parent_name'],$row['language'],
           $row['home_num'],$row['work_num'],$row['cell_num'],$row['email'],$row['address'],$row['apt'],
           $row['city'],$row['zip'],$row['emergency_name'],$row['emergency_contact_number']
       );
   }
   echo $Data;
?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...