need help querying a database using php

Question

Hello guys im learning php and just started today. I was on yahoo web hosting and learning DB also for the first time. I was able to post a firstName and LastName into the mysql datatbase. But now i want to be able to query the name and be able to display the names which i searched. My php file isnt working and as i am not able to find the name in the database. Please i need help with it and thanks Below is my code:

<htmL>
<body>
 <p><strong>Query database</strong></p>
<form name="form1" method="post" action="backendfile2.php">
<label><br>
  <br>
 First Name
 <input type="text" name="firstname" id="firstname">
 </label>
  <p>
<label>Last Name
 <input type="text" name="lastname" id="lastname">
  </label>
  </p>
 <p>&nbsp;</p>
 <input type="submit" value="Submit">  
 </form>
  <p>&nbsp;</p>
  </body>
  </html>

php file:

   <?php
   $con=mysqli_connect("mysql","username","password","207_lab");
 // Check connection
   if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
   }
    $firstname = mysqli_real_escape_string($con,$_POST['firstname']);
    $lastname = mysqli_real_escape_string($con,$_POST['lastname']);
     $result = mysqli_query($con,"SELECT FirstName, LastName FROM User WHERE 
      FirstName = $firstname, LastName = $lastname");

       echo "Name searched = ";
       while($row = mysqli_fetch_array($result)) {
       echo $row['FirstName'] . " " . $row['LastName'];
    echo "<br>";
        }
         ?>

`"SELECT FirstName, LastName FROM User WHERE FirstName = '$firstname' AND LastName = '$lastname'"` — Anthony, Oct 19 '14 at 01:26
Please, [do not use `mysql_*` functions](http://stackoverflow.com/q/12859942/1757964)! They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. — APerson, Oct 19 '14 at 01:26
Aside from the quotes already mentioned. Where are you setting your `$firstname` and `$lastname` variables? Are they just not shown? — Gohn67, Oct 19 '14 at 01:27
In case you may have seen [**my answer**](http://stackoverflow.com/a/26446311/1415724) before your edit, I too made an edit. Do reload it to see additional information. @user2738145 — Funk Forty Niner, Oct 19 '14 at 01:38

score 3 · Accepted Answer · edited May 23 '17 at 10:25

As per your originally posted code/question since you've made an edit.

Use quotes around your variables since they are strings.

FirstName = '$firstname', LastName = '$lastname'

Checking for errors with

or die(mysqli_error($con)) to mysqli_query() which would have triggered it.

You also need to assign it from POST.

$firstname = mysqli_real_escape_string($con,$_POST['firstname']);
$lastname = mysqli_real_escape_string($con,$_POST['lastname']);

plus

WHERE 
  FirstName = $firstname, LastName = $lastname"

to, using AND and not a comma

WHERE 
  FirstName = '$firstname' AND LastName = '$lastname'"

Commas are when you use UPDATE table SET column_x = 'var_1', column_y = 'var_2'

Subsequently, you can replace the AND by OR depending on the query's criteria.

Add error reporting to the top of your file(s) which would have given you an Undefined index... warning for both variables.

error_reporting(E_ALL);
ini_set('display_errors', 1);

Sidenote: Error reporting should only be done in staging, and never production.

and your present method is open to SQL injection. Use prepared statements, or PDO with prepared statements.

@Fred-ii- thanks. Also if a name i searched wasn't in the database how do i got about that. And i want to display an error saying name doesn't exist in database — user2738145, Oct 19 '14 at 01:41
@user2738145 You're welcome. You would need to use [`mysqli_num_rows()`](http://php.net/manual/en/mysqli-result.num-rows.php) for that, which is one way of doing it. You may have to post another question for it, but am sure you will find many examples on Stack. I will post a quick example in a comment here, give me a minute. — Funk Forty Niner, Oct 19 '14 at 01:49
@user2738145 Here you go `$numrows=mysqli_num_rows($query); if($numrows > 0){ die("Record exists already."); }` — Funk Forty Niner, Oct 19 '14 at 01:52

score 1 · Answer 2 · answered Oct 19 '14 at 01:30

1

Check your SQL syntax also - looks like it should be:

WHERE FirstName = '$firstname' AND LastName = '$lastname'

answered Oct 19 '14 at 01:30

mickvav

310
2
6

need help querying a database using php

2 Answers2