CODEWITHSUNDEEP
phpmysql
Ivan Reuben Ramos Muit
Ivan Reuben Ramos Muit

Reputation: 171

Search database in PHP

I wanted to be able to Search in the database at any table whether it is the First Name, Last Name, Middle Name, Etc... the problem is, I always get from query an empty results

This is my attempt

I use the HTML Form for the User to Search With clicking necessary datum.

<table border='0' align='right'>
    <tr>
        <td >
            <select name='SEARCH' id='SEARCH'>
                <option value='ID_NO' selected='selected'>ID Number</option>
                <option value='FNAME'>First Name</option>
                <option value='LNAME' >Last Name</option>
                <option value='MNAME'>Middle Name</option>
                <option value='DATE'>Birthday</option>
                <option value='SEX'>SEX</option>
                <option value='AGE'>Age</option>
                <option value='STATUS'>Status</option>
                <option value='TEL_NO'>Landline Number</option>
                <option value='ADDRESS'>Address</option>
                <option value='OCCUPATION'>Occupation</option>
                <option value='REFERRED_BY '>Referrals</option>
                <option value='itResult'>Result</option>
            </select>
        </td>
        <td rowspan =2><input name='SUBMIT' type='SUBMIT' id='SUBMIT' value='Search!'></td>
    </tr>
    <tr>
        <td><input name='INPUT' type='text' id='INPUT'></td>
    </tr>
    </table>

Then the datum that was entered is pass through here and check to the database

<?php
    print "<center><H2>Search User</H2></center>";
    $ID_CHECK = clean($_POST['chck']);
    $SEARCH = clean($_POST['SEARCH']);
    $INPUT   = clean($_POST['INPUT']);

    $result = mysql_query("SELECT * FROM user_info WHERE '$SEARCH' = '$INPUT'" ) or die('Error, query failed');
    if(!mysql_num_rows($result)) {
        print "<BR>There is no $INPUT in the Database <BR><A HREF ='SearchUser.php'>Go Back</A>";
        exit();
    }
    else {
        $row_array = mysql_fetch_array($result, MYSQL_ASSOC);
?>

The Problem is, I always get an empty query and that I think using this is wrong

$result = mysql_query("SELECT * FROM user_info WHERE '$SEARCH' = '$INPUT'" )  or die('Error, query failed');

is there another way? JavaScript perhaps?

My Clean Function does this.. it cleans the value of the data I think

<?php
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
    return mysql_real_escape_string($str);
    }
?>

Upvotes: 1

Views: 731

Answers (3)

Puzant Bakjejian
Puzant Bakjejian

Reputation: 67

Try using concatenation:

$result = mysqli_query($con, "SELECT *  FROM userinfo WHERE concat(//add the database rows here) LIKE '%$something%' ");

Upvotes: 0

Dominoo
Dominoo

Reputation: 108

Problem is that in your query you are comparing two strings. This should work:

$result = mysql_query("SELECT * FROM user_info WHERE $SEARCH = '".$INPUT."'")  or die('Error, query failed');

I removed the single quotations from $SEARCH.

Upvotes: 3

typeoneerror
typeoneerror

Reputation: 56948

First of all, what does your clean function do? If it's quoting your content, you may be ending up with extra quotes with '$SEARCH'. Secondly, you may want to have a look at MySQL's LIKE comparison if you want to do a more thorough search.

Upvotes: 0

Related Questions