-2

Basically I want create a reset along with search button in my search engine, but I'm stuck at writing that part, here is my code so far:

<html>

<body>
<form action="" method="post">
<input type="text" name="filter">
<input type="submit" value="GO">
</form>
<?php
if(isset($_POST['filter'])){
    $sql = "SELECT id, first_name, last_name, sex FROM employee where first_name like '%".$_POST['filter']."%'";
} else {
    $sql = "SELECT id, first_name, last_name, sex FROM employee";
}
?>
</body>
</html>

<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";


// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}


$result = $conn->query($sql);

if ($result->num_rows > 0) { // output data of each row
    echo '<table>';
    while($row = $result->fetch_assoc()) {
        echo "<tr><td>" . $row["id"]. "</td><td>" . $row["first_name"]. "</td><td>" . $row["last_name"]. "</td><td>" . $row["sex"] . "</tr>";
    }
    echo '</table>';
} else {
    echo "0 results";
}
$conn->close();

Where do I create the reset button in? really stuck at that part, please consider help

Flexo
  • 87,323
  • 22
  • 191
  • 272
Jin W
  • 1
  • 5
  • 2
    `` ? if so, that's basic HTML forms 101. – Funk Forty Niner Dec 11 '15 at 18:49
  • 2
    Don't do `'%".$_POST['filter']."%'"` That opens you to SQL injections separate user input from your SQL. Use parameterized queries. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php Thread on SQL injection topic; http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – chris85 Dec 11 '15 at 18:51
  • @chris85 can you please write an answer, I promise I will accept it – Jin W Dec 11 '15 at 18:52
  • I basically just want create another button reset along with my buton go, and reset will simply I guess refresh the input again? I don't know if my idea is right? – Jin W Dec 11 '15 at 18:52
  • just use a header to the same page with a conditional statement/function for the reset button, just coded differently. *easy as pie* – Funk Forty Niner Dec 11 '15 at 18:54
  • 1
    your html is broken. you're outputting your search results **AFTER** you've already ended the html document.; – Marc B Dec 11 '15 at 18:55
  • seems like the OP took a liking to you there Chris @chris85 *"The floor is yours"* ;-) – Funk Forty Niner Dec 11 '15 at 18:55
  • You've a point there @MarcB i didn't venture that far down there. Which boils down to basic HTML 101 for that too – Funk Forty Niner Dec 11 '15 at 18:56
  • huh what do you mean the search engine works in fine in my firefox – Jin W Dec 11 '15 at 18:58
  • @marc B how should I change that – Jin W Dec 11 '15 at 18:58
  • @Fred-ii- Hah yea, think they misread your first comment as mine. – chris85 Dec 11 '15 at 18:58
  • @chris85 given their extra comment, that would call for a totally different answer on my part. I'd have to code a function or conditional statement for it (and add escaping and fixing the HTML.. .etc). You're more than welcome to go for it; you have my blessing ;-) I'll sit this one out. – Funk Forty Niner Dec 11 '15 at 18:59
  • @Chris85 hey can you please help, I'm really lost right? do I just create another reset button like search, if so how do I delete all the input? can you please write an answer? – Jin W Dec 11 '15 at 18:59
  • *"huh what do you mean the search engine works in fine in my firefox"* - Oh sure, it will work. But view your HTML source, you'll see some codes highlighted in red as warnings/notices ;-) it's best to have proper markup. – Funk Forty Niner Dec 11 '15 at 19:04
  • Okay, I've ventured in and posted an answer @JinW. – chris85 Dec 11 '15 at 19:15
  • *"@ chris85 can you please write an answer, I **promise** I will accept it – Jin W 2 hours ago"* - whatever happened to that "promise"? I don't see a green tick next to Chris' answer. – Funk Forty Niner Dec 11 '15 at 20:58
  • I noticed you did 2 edits and completely changed your original question with the additions. That isn't how things roll around here. I performed a rollback to your original question. @chris85 Chris answered your original question and that itself should be considered as solved and accepting Chris' answer. If you have another question, then do just that; post a new question http://stackoverflow.com/questions/ask – Funk Forty Niner Dec 11 '15 at 21:33
  • @Fred -ii- thats what did but chris told me to delete it! can you just please write an answer? I will accept it I promise – Jin W Dec 11 '15 at 21:39
  • @Fred-ii- since I can't post any new questions, can you plesae post a new answer? – Jin W Dec 11 '15 at 21:41
  • Chris told you to delete *"Delete some of your previous comments"* and *"You should delete the irrelevant comments here"* - I don't see where he told you to delete your question. – Funk Forty Niner Dec 11 '15 at 21:42
  • Please don't edit all the information out of your question. That's not how we do things here. – Undo Dec 12 '15 at 00:51

1 Answers1

3

Okay, how about this approach? This closes up your SQL injection, gives you proper mark up, and has a reset button.

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$output = '';
// Create connection
$mysqli = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($mysqli->connect_error) {
    die("Connection failed: " . $mysqli->connect_error);
}
if(isset($_POST['filter'])){
    $sql = "SELECT id, first_name, last_name, sex FROM employee where first_name like ?";
    $param = '%' . $_POST['filter']. '%';
} else {
    $sql = "SELECT id, first_name, last_name, sex FROM employee";
}
$stmt = $mysqli->prepare($sql);
if(!empty($param)) {
    $stmt->bind_param("s", $param);
}
$stmt->execute();
if ($stmt->num_rows > 0) {
    $output .= '<table>';
    while($row = $stmt->fetch_assoc()) {
        $output .= "<tr><td>" . $row["id"]. "</td><td>" . $row["first_name"]. "</td><td>" . $row["last_name"]. "</td><td>" . $row["sex"] . "</tr>";
    }
    $output .= '</table>';
} else {
    //not really no results could also be an error
    $output .= "<p>0 results</p>";
}
$mysqli->close();
?>
<html>
<body>
<form action="" method="post">
    <input type="text" name="filter" />
    <input type="submit" value="GO" />
    <input type="reset" value="Reset" />
</form>
<?php
if(!empty($output)) {
    echo $output;
}
?>
</body>
</html>

You also currently aren't populating the searched value back into the form.

chris85
  • 23,846
  • 7
  • 34
  • 51
  • I wasn't sure if you were going to submit or not. Total rewrite I see, that's why ;-) – Funk Forty Niner Dec 11 '15 at 19:16
  • ) Parse error: syntax error, unexpected ')' in C:\wamp\www\testmysql.php on line 21 – Jin W Dec 11 '15 at 19:23
  • @chris85 now I get thiss error – Jin W Dec 11 '15 at 19:23
  • @chris85 hey chris I fixed it but not it seems my search engine is not working – Jin W Dec 11 '15 at 19:27
  • @christ85 no matter what I type it just says 0 result, and reset doesn't work either – Jin W Dec 11 '15 at 19:35
  • `Reset` just clears the current form. I'll added debugging lines to answer one sec. – chris85 Dec 11 '15 at 19:38
  • @chris85, also I'm changing my answer too, so take a look if you can, I used my old version with reset button added – Jin W Dec 11 '15 at 19:43
  • What about just running the provided code? Should give diagnostic information that will identify the issue. SQL injection prevention is something you should always implement in your code. – chris85 Dec 11 '15 at 19:45
  • @chris85 okay right now it says filter is setboundno results...error?Errormessage: – Jin W Dec 11 '15 at 19:47
  • @chris85 no matter what I type no results shows, just reset and search button – Jin W Dec 11 '15 at 19:47
  • Running it without parameter also returns nothing? – chris85 Dec 11 '15 at 20:03
  • Nice promise on OP's part. Too bad this turned out to be a "can of worms". – Funk Forty Niner Dec 11 '15 at 20:59
  • I'm a top worm detective now. – chris85 Dec 11 '15 at 21:00
  • @chris85 well, you gave a good and worthy answer. It's up to the OP to figure out the rest. I thought your answer answered their original question http://stackoverflow.com/q/34232081/. I closed their other one as a dupe to theirs here. – Funk Forty Niner Dec 11 '15 at 21:01
  • @Fred-ii- I guess I just get confused on how to change to post to pre or is my logic wrong? – Jin W Dec 11 '15 at 21:02
  • @chris85 chris for the answer you wrote the search seems not working, no matter what I type it doesn't show anything, neither does reset – Jin W Dec 11 '15 at 21:03
  • `POST` doesn't mean `after` it is a transfer method. `The HTTP/1.0 specification[11] defined the GET, POST and HEAD methods and the HTTP/1.1 specification` -https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol. As asked an hour ago does it return anything when no parameter is sent? You should delete the irrelevant comments here. – chris85 Dec 11 '15 at 21:04