1

On one page I have a form which POSTs the data entered in the 1 field across to another page.

On this page which you are directed to after entered data in the form field is a connection to a sql database. It happily rePOSTs the form field data on the page. Then I have got the PHP for retrieving the information from the database. This works nicely when the WHERE part is fixed manually ('criteria') however I would like the WHERE criteria for this search to be the form data from the previous page.

is there a way to echo the data to it? The form data is successfully getting to the displaying page however need help with the WHERE part.

That line of code currently is...

$result = mysqli_query($con,"SELECT * FROM table WHERE field = 'formdata'");

Any help would be appreciated greatly.

doitlikejustin
  • 6,293
  • 2
  • 40
  • 68
Chris
  • 13
  • 2

2 Answers2

0

Right now, query compares field to the actual string 'formdata'. You'll want to grab the formdata, if you're POSTing, like this:

$result = mysqli_query($con, "SELECT * FROM table 
                              WHERE field = '" . $_POST['formdata'] . "'");

Although, note that you'll need to use prepared statements to make this secure. See here and here.

Community
  • 1
  • 1
ಠ_ಠ
  • 3,060
  • 28
  • 43
  • You forgot to call `mysqli_real_escape_string()` or switch to a parametrized query. – Barmar Aug 16 '13 at 19:52
  • Yeah, the code snippet I included is pretty barebones as is. I'd rather it be parameterized - I'll update to that soon. It was more a demonstration of where the `formdata` value comes from, and what to do with it, since OP stated he was new to using PHP. – ಠ_ಠ Aug 16 '13 at 19:56
0

I use PDO, but mysqli should be roughly the same

$formdata = $_POST['input'];
$stmt = $con->prepare('SELECT * FROM table WHERE field = ?');
$stmt->bind_param('s', $formdata);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}
wiscWeb
  • 213
  • 1
  • 13