2

I am trying to make an order status page where I will manually adjust in the phpmyadmin however I'd like people to be able to use a form to put in their order number then be given the appropriate name and status attatched to that order number.

This is index.php

<?php
$username = "username";
$password = "password";
$hostname = "localhost"; 
$dbhandle = mysql_connect($hostname, $username, $password) 
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
?>
<form method="POST" action="action.php">
<input type="text" name="term" />
<input type="submit" value="Submit" name="submit" />
</form>

This is my action.php

 <?php
$username = "evo_readle";
$password = "judo08";
$hostname = "localhost"; 
$dbhandle = mysql_connect($hostname, $username, $password) 
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
$term = mysql_real_escape_string($_REQUEST['term']);    
$query = mysql_query("SELECT * FROM orders WHERE number ='%".$term."%'");
$user = mysql_fetch_assoc($query);
echo "Hello User, your name is" .$user['name'];
?>
Thilo
  • 8,827
  • 2
  • 35
  • 56
Jacob Read
  • 43
  • 5
  • It's good practice in your `action.php` to redirect back to index.php, since it is a POST op, so your back button continues to work (otherwise browsers will output a "Are you sure you wish to resubmit this page to the server" question). You can convey `$user['name']` to the target page using either a session or a query string. – halfer Jan 18 '13 at 11:27

1 Answers1

1

If your going to use wildcards in your SQL queries, you need the keyword LIKE. So

$query = mysql_query("SELECT * FROM orders WHERE number ='%".$term."%'");

Will become:

$query = mysql_query("SELECT * FROM orders WHERE number LIKE '%".$term."%'");

Can I also recommend you begin to learn about why not to use mysql_* functions? Read this post.

Community
  • 1
  • 1
George
  • 36,413
  • 9
  • 66
  • 103