How to use PHP to pass HTML form data to a MYSQL db and return the data to the browser

Question

I'm trying to use PHP to pass HTML form data to a MYSQL db and return the data to the browser. By submitting checked permissions (M1,M2,MN1..) i want to display Names of instructors who have those permissions. Now, please tell me what is wrong with the code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head><body>
<form action="akcja.php" method="post">    
<br /><br /><br />
<table>
<tr><th><br/><input type="checkbox" id="check" name="M1" value="M1,">m1</th> 
<th><br/><center><input type="checkbox" id="check" name="M2" value="M2,">m2</center></th> 
<th><br/><center><input type="checkbox" id="check" name="MN1" value="MN1,"> mn1    </center></th> </tr></table>
<input type="submit" name="submit" value="Search Database" />
</form>
</body>
</html>



<?php
$query = mysql_query("SELECT * FROM permissions WHERE m LIKE '".$_POST['M1']."' OR m LIKE '".$_POST['M2']."' OR mn LIKE '".$_POST['MN1']."' ");  
if($query)
    while($permissions = mysql_fetch_assoc($query)){
        $query2 = mysql_query("SELECT name_surname FROM instruktorzy WHERE instruktor_id='".$permissions['instruktor_id']."'");  
        while($Mdwa = mysql_fetch_assoc($query2)){
            echo "<p style=\"font-size: 14px; font-family: Helvetica; background-color: #FFFFFF\"> ".$Mdwa['name_surname']."<br />" ; "</p>" ;
        }
    }
?>

Answer 1

This is how I see a cleaner way of orientating your code. I should note this was just quickly slapped together without any tools so don't copy and paste.

$connection = new PDO('mysql:host=localhost;dbname=db', 'awesome_user', 'love123',
array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''));

$query_obj = $connection->prepare("SELECT permissions.*, instruktorzy.name_surname 
    FROM permissions 
    LEFT JOIN instruktorzy ON instruktorzy.instruktor_id = permissions.instruktor_id  
    WHERE permissions.m IN (:m1, :m2) OR permissions.mn LIKE :mn1 LIMIT 100");
$query_obj->setFetchMode(PDO::FETCH_ASSOC);

// You will need something a little more complex here to deal with missing data, 
// I am just putting in what is required to get it working if the 
// entire $_POST is set
$query_obj->bindValue(':m1', isset($_POST['M1']) ? $_POST['M1'] : null);
$query_obj->bindValue(':m2', isset($_POST['M2']) ? $_POST['M2'] : null);
$query_obj->bindValue(':mn1', isset($_POST['MN1']) ? $_POST['MN1'] : null);

$query_obj->execute();

foreach($query_obj as $k => $row){
    echo '<p style="font-size: 14px; font-family: Helvetica; 
        background-color: #FFFFFF"> '.$row['name_surname'].'<br /></p>' ;
}

That should help you get on the right track of writing better code; hopefully.

Answer 2

The below code is a more clean way of doing things. Its been a long time since I used it in this way, but it might help you solve your problem since its probably because you use a queryloop in a queryloop. (not sure but wouldn't hurt if you do it like I did.

$permissions = Array();
$query = mysql_query("SELECT * FROM permissions WHERE m LIKE '" . $_POST['M1'] . "' OR m LIKE '" . $_POST['M2'] . "' OR mn LIKE '" . $_POST['MN1'] . "' ");
if ($query) {
  while ($row = mysql_fetch_assoc($query)) {
    array_push($permissions, $row);
  }
}
foreach ($permissions AS $key => $permission) {
  $query = mysql_query("SELECT name_surname FROM instruktorzy WHERE instruktor_id='" . $permission['instruktor_id'] . "'");
  if ($query) {
    while ($row = mysql_fetch_assoc($query2)) {
      echo "<p style=\"font-size: 14px; font-family: Helvetica; background-color: #FFFFFF\"> ".$Mdwa['name_surname']."<br />" ; "</p>" ;
    }
  }
}