Output New Query from Form

Question

I'm trying to figure out how to make a form that changes Query Example (HTML)

<form action="change.php" method="POST" name="Update">
<table>
  <tr>
    <td>
      <input type="text" value="Enter New Criteria" name="where" >
      <input type="text" value="Enter New Criteria" name="where2" >
    </td>
  </tr>
  <tr>
    <td align="center" style="font-family:Calibri">
    <input type="submit"  value="Search"/>
  </tr>
</table>

SQL Query

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE **'%CHANGE VALUE HERE%'**
          OR order_number LIKE **'%CHANGE VALUE HERE%'**

How would I go about doing that, i'm a complete rookie but I am trying. I tried a search but maybe I'm not using the correct key words.

Answer 1

Use $_POST['where'] and $_POST['where2'] in place of %CHANGE VALUE HERE%. More info: http://php.net/manual/en/reserved.variables.post.php

For example:

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '$_POST[where]'
          OR order_number LIKE '$_POST[where2]')";

When you've got it working, have a read about SQL Injection: http://php.net/manual/en/security.database.sql-injection.php

Answer 2

Try:

$where = $_POST['where'];
$where2 = $_POST['where2'];

$Query = "SELECT order_number
          FROM order_header
          WHERE (order_number LIKE '%whereParameter%'
          OR order_number LIKE '%where2Partameter%'"

$Query = str_replace("whereParameter", $where, $QueryTemplate);
$Query = str_replace("where2Parameter", $where2, $QueryTemplate);