0

Hey guys I'm pretty new at PHP, I'm not too sure what Ive done wrong and I've been working at this for a few hours and cant seem to see whats wrong with it (there's no error which makes things more fun) what it actually does, it runs fine but it does not display the data from my database and only shows up with the column headers and that's it.

I would appreciate any advice at this point. What my code does is that it grabs some information 'staffID' from a form and uses that to display data that associates with it (like a search function) I'm using a 'join' function just for practice with the database I'm using.

As I said I'm completely new to this so this so I could be completely wrong with my code

<?php $staffidstr = $_GET["staffID"];

$conn = mysql_connect("xxxxxxx", "xxxxxx", "xxxxxxx");
mysql_select_db("xxxxxxxx", $conn)
or die ('Database not found ' . mysql_error() );
$sql = "SELECT orderID, orderDate, shippingDate, staffName
FROM purchase, staff 
WHERE purchase.staffID = staff.staffID
AND staff.staffID = '%$staffidstr%'
ORDER BY staff.staffName";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
?>
<?php echo "$staffidstr"; ?>
<table border="1" summary="Purchase Details">
<tr>
<th>Order ID</th>
<th>Order Date</th>
<th>Shipping Date </th>
<th>Staff Name</th>
</tr>
<?php
while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderID"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shippingDate"]?></td>
<td><?php echo $row["staffName"]?></td>
</tr>
<?php }
mysql_close($conn); ?>
Sharikov Vladislav
  • 7,049
  • 9
  • 50
  • 87
InsignificantPuppet
  • 53
  • 1
  • 7
  • Are you sure rows are returned from your query? – John Conde May 12 '14 at 14:46
  • just add `` just above your `
     – php-dev May 12 '14 at 14:50
  • I'm getting absolutely nothing, pretty much the same issue its just not displaying my rows/data. – InsignificantPuppet May 12 '14 at 14:53
  • I'm pretty sure it's `staff.staffID = '%$staffidstr%'` That should be either `staff.staffID = '$staffidstr'` or `staff.staffID LIKE '%$staffidstr%'` The `%` character has no special meaning using the `=` operator, so your query will return not a single row. – VMai May 12 '14 at 14:57
  • DOn't tell me it is not getting anything!!! It should at least show `0` – php-dev May 12 '14 at 14:59
  • Wow, thanks VMai I just got rid of the 'percent' marks. Worked perfectly. Cheers Bud – InsignificantPuppet May 12 '14 at 15:01
  • The `%` sign is usually used in conjuction with `WHERE` and `LIKE` when searching for something, which I doubt being the case here. – Funk Forty Niner May 12 '14 at 15:02
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 12 '14 at 15:14

1 Answers1

0

I'm pretty sure it's following part of the WHERE clause

staff.staffID = '%$staffidstr%'

That should be most likely 

staff.staffID = '$staffidstr'

The % character has no special meaning using the = operator, so your query will return not a single row.

VMai
  • 10,156
  • 9
  • 25
  • 34