Select record from form and update

  • Resolved hsysgrp

    (@hsysgrp)


    3 years, 5 months ago

    I presently retrieve a record by inputting the LastName of the member. 

    <form id = 1 action = "https://hsysgrp.com/wp-content/themes/twentytwelve-child/custom-page_Members_Desc.php" method="POST"> 
	<input type ="text" name = "search" placeholder= "Search for Members..."/>
	<input type = "submit" value = "search" />
</form>

if(isset($_POST['search'])) {
	$searchq = $_POST['search'];
	 echo "<br>$searchq<br>";
	$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);

	$query = mysqli_query($link,"SELECT ID,  FirstName, LastName FROM AAUW_Members WHERE FirstName LIKE  '%$searchq%' OR Lastname LIKE '%$searchq%'") OR die("Could not  search!"); 
	$count = mysqli_num_rows($query);
	if($count == 1) { 

		echo "<br>Before while...<br>";
		$row = mysqli_fetch_array($query);
		$FirstName = $row['FirstName']; 
		$LastName = $row['LastName'] ; $ID = $row['ID'];
		$output .= '<div>'.$ID.' ' .$FirstName.' '.$LastName.'</div>';
		echo "$output";

    This works fine, however I have a number of Smiths in the database, and have been unsuccessful in doing a search on FirstName and LastName.

    <form action = "https://hsysgrp.com/wp-content/themes/twentytwelve-child/twentytwelve-child/custom-page_Members_Desc.php" method="POST"> 
	<input type ="text" name = "FirstName" placeholder= "Search for First Name..."/>
	<input type ="text" name = "LastName" placeholder= "Search for Last Name..."/>
	
	<input type = "submit" value = "search" />
</form>

    How do I pass the FirstName value?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    FirstName is passed by the form when it’s submitted. Your PHP then gets it from $_POST['FirstName'] and uses it in the query in place of the first $searchq. Be sure to sanitize the value before using it in a query. The preg_replace() statement similar to that used on $searchq could accomplish this. Then do the similarly for LastName.

    Your query is using OR logic, so results will include anyone with a partially matching first name, regardless of last name. Maybe you want AND logic?

    Thread Starter hsysgrp

    (@hsysgrp)

    Thank you, your response emboldened me to try this approach again, this time I used LIKE instead of = with better results. It’s always the dumb mistakes….
    Is it necessary to prepare select statements if no input is going on, only retrieval?

    <form id = 1 action = "https://hsysgrp.com/wp-content/themes/twentytwelve-child/custom-page_Members_Desc.php" method="POST"> 
	<input type ="text" name = "searchf" placeholder= "Search for FirstName..."/>
	<input type ="text" name = "search" placeholder= "Search for Members..."/>
	<input type = "submit" value = "search" />
</form>
<?php
include 'myFuncs.php';
$link = connect();

if($link === false){    
	die("ERROR: Could not connect. " . mysqli_connect_error());
} 

if(isset($_POST['search'])) {
	$searchf = $_POST['searchf'];
	$searchq = $_POST['search'];
	
	echo "<br>$searchq<br>";
	echo "<br>$searchf<br>";
	$searchf = preg_replace("#[^0-9a-z]#i","",$searchf);
	$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);

	$query = mysqli_query($link,"SELECT ID,  FirstName, LastName FROM AAUW_Members WHERE FirstName LIKE  '%$searchf%' AND Lastname LIKE '%$searchq%'") OR die("Could not  search!"); 
	$count = mysqli_num_rows($query);
....
    Moderator bcworkz

    (@bcworkz)

    Data retrieved can still become corrupted, so still should be prepared. Only completely static, hardcoded data needn’t be prepared.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Select record from form and update’ is closed to new replies.