if function placement

Question

If anyone could provide me with the proper code that would be great. What I am trying to do is add an <hr /> after the information that is being echoed ONLY if more than one result is being pulled from my database. Here is the code if anyone can help me. Thanks.

<html>
<script>
function goBack()
  {
  window.history.back()
  }
</script>
<body>
<div style="width: 875px; margin-left: 30px; margin-right: auto;"><img         src="searchresults.png" alt="" title="Search Results"  alt="" /></p>
<?php


$term = $_POST['term'];

$sql = mysql_query("SELECT * FROM store_location where store_name like '%$term%' or     address like '%$term%' or city like '%$term%' or state like '%$term%' or zip like     '%$term%' or phone like '%$term%' or fax like '%$term%' or email like '%$term%' or url     like '%$term%' ");

    if( mysql_num_rows($sql) == 0) echo "<p>No TeachPro Store(s) in your area.</p>";

   while ($row = mysql_fetch_array($sql)){

echo 'Store Name: '.$row['store_name'];
echo '<br/> Address: '.$row['address'];
echo '<br/> City: '.$row['city'];
echo '<br/> State: '.$row['state'];
echo '<br/> Zip: '.$row['zip'];
echo '<br/> Phone: '.$row['phone'];
echo '<br/> Fax: '.$row['fax'];
echo '<br/> Email: <a href="mailto:'.$row['email'].'">'.$row['email'].'</a>';
echo '<br/> URL: <a href="'.$row['url'].'">'.$row['url'].'</a>';
echo '<br/><br/>';
}
?>
</div>
<input type="button" value="Back" onclick="goBack()">
</body>
</html>

woh, you really should sanitize your user input before worrying about the hr tag. Check this out: http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php — span, Dec 06 '12 at 21:41
@Dagon A coworker didn't believe me last week that a _majority_ of the PHP scripts I see on a daily basis are vulnerable. — Michael Berkowski, Dec 06 '12 at 21:44
@MichaelBerkowski that's because you have no life and hang out on SO all the time :-) — , Dec 06 '12 at 21:46

score 1 · Answer 1 · answered Dec 06 '12 at 21:40

Just wrap you while loop in an else case and output the <hr> in there. You already have the appropriate logic to output a <p> if no rows are found, and you can extend it.

if( mysql_num_rows($sql) == 0) {
  echo "<p>No TeachPro Store(s) in your area.</p>";
}
// Instead of relying on an empty fetch to output nothing, put it in an else {}
else {
  while ($row = mysql_fetch_array($sql)){
    echo 'Store Name: '.$row['store_name'];
    echo '<br/> Address: '.$row['address'];
    echo '<br/> City: '.$row['city'];
    echo '<br/> State: '.$row['state'];
    echo '<br/> Zip: '.$row['zip'];
    echo '<br/> Phone: '.$row['phone'];
    echo '<br/> Fax: '.$row['fax'];
    echo '<br/> Email: <a href="mailto:'.$row['email'].'">'.$row['email'].'</a>';
    echo '<br/> URL: <a href="'.$row['url'].'">'.$row['url'].'</a>';
    echo '<br/><br/>';
  }
  // And your <hr /> and whatever else you need...
  echo "<hr />";
}

Just a side note about HTML output - be sure to wrap these values in htmlspecialchars() for proper escaping as HTML, to avoid problems if they contain HTML special characters like < > & (and possibly to protect against XSS if this was user-input!)

// Ex:
echo 'Store Name: '.htmlspecialchars($row['store_name']);

And even more pressing is to sanitize your query inputs against SQL injection with mysql_real_escape_string().

// At a minimum:
$term = mysql_real_escape_string($_POST['term']);

In the long run, consider switching to an API which supports prepared statements, like MySQLi or PDO.

if function placement

1 Answers1