Get Mysql table row data based on form submit values

Question

I need to fetch the rows based on form submission values.

Here is my form

<form name="choose" method "post" t" action="search.php">
    <table>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Prof</font1>
        </td>
        <td>
            <select name proffession on>
                <option value=""></option>
                <option value="doctor"><font4>Doctor</font></option>
                <option value="designer">Designer</option>
            </select>
        </td>
    </tr>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Source</font1>
        </td>
        <td>
            <select name source>
                <option value=""></option>
                <option value="x"><font4>X</font></option>
                <option value="y">Y</option>
                <option value="z">Z</option>
            </select>
        </td>
    </tr>
    <tr>
        <tr>
            <td height="3">
            </td>
        </tr>
        <td width="60">
            <font1>Location</font1>
        </td>
        <td>
            <select name location on>
                <option value=""></option>
                <option value="bangalore">Bangalore</option>
                <option value="delhi">Delhi</option>
            </select>
        </td>
    </tr>
    <tr>
        <td>
            <input name=look type=submit value=submit>
        </td>
    </tr>
</form>

If there is any empty field submission i need to fetch the rows excluding that column. Here is my search.php

 <?php
mysql_connect("localhost","root","");//database connection
mysql_select_db("alldata");
$qry = "SELECT * FROM data WHERE location LIKE '" . mysql_escape_string($_POST['location']) . "' And proffession LIKE '" . mysql_escape_string($_POST['proffession']) . "' And source LIKE '" . mysql_escape_string($_POST['source']) . "'";

$res = mysql_query($qry);
function mysql_fetch_all($res) {
   while($row=mysql_fetch_array($res)) {
       $return[] = $row;
   }
   return $return;
}
function create_table($dataArr) {
    echo "<tr>
"; for($j = 0; $j < count($dataarr); $j++) { echo "<td>".$dataArr[$j]."
</td>
"; } echo "
</tr>
"; } $all = mysql_fetch_all($res); echo "
<table class='data_table'>
"; for($i = 0; $i < count($all); $i++) { create_table($all[$i]); } echo "</table>";
?>

But this script is not able to get me a solution. Please help

Answer 1

$qry = "SELECT * FROM data WHERE location LIKE '%" . mysql_escape_string($_POST['location']) . "%' And proffession LIKE '%" . mysql_escape_string($_POST['proffession']) . "%' And source LIKE '%" . mysql_escape_string($_POST['source']) . "%'";

Answer 2

 1.Correct your function mysql_fetch_all($res). There is no query
           inside the function. 

 2. Deprecated: mysql_escape_string(): This
           function is deprecated; use mysql_real_escape_string()

 3. Correct: <select name source> to: <select name="source"> and <select name location on> to <select name="location"> and <input name=look type=submit value=submit> to <input name="look" type="submit" value="submit"> and delete t" from choose form AND <form name="choose" method="post"  action="search.php">

Answer 3

Firstly, you should not be using mysql_* functions, see the big red box here. Consider using PDO or MySQLi instead.

Second, you appear to be missing some = such as method="post" You may want to check you're actually receiving your POST values correctly with var_dump($_POST)

Thirdly to exclude non-submitted values, you could construct the query string based on these. Something like:

$qry = "SELECT * FROM data WHERE ";
if($_POST['location']) {
   $qry .= 'LIKE "%'. mysql_real_escape_string($_POST['location']) .'%"';
}
// etc...