PHP Employee Database

Question

I am still very new to PHP and MySQL, but I am making a database while using all the information I can get out of this book. I am trying to make an employee database that you can add people, search them by name, and then delete the person you just searched. The last part is where I am having some major problems. I understand how to delete a specific employee by using sql queries, I just don't get how to pass the information from the last searched employee and then delete them. I will include the code for searching the employees and then my delete page, since the others pages I am pretty certain are correct.

PHP code

<?php
echo "<h2>Search Results:</h2><p>";
$find = $_POST['find']

mysql_connect('localhost', 'username', 'password');
mysql_select_db('employedatabase');

$find = strtoupper($find);
$find = strip_tags($find);
$find = trim($find);

$EmployeeName = mysql_query("SELECT * FROM employee_data WHERE upper($EmployeeName) LIKE '%$find%'");
while ($result = mysql_fetch_array($EmployeeName))
{
    echo $result['employee_name'];
    echo "<br>";
}
$anymatches = mysql_num_rows($EmployeeName);
if ($anymatches == 0)
{
    echo "Sorry, but we could not find that employee...<br><br>";
}
echo "<b>Searched For:</b> " . $find;
?>

HTML code

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Employee Results</title>
</head>
<body>
<h2>Employee Results</h2>
<form name="Delete" method="POST" action="delete.php">
    Delete Employee: <input type="text" name="find"/>
    <input type="submit" name="Delete" value="Delete"/>
</form>
</body>
</html>

Delete.php code

<?php
mysql_connect('localhost', 'username', 'password');
mysql_select_db('employedatabase');

$find = $_POST['find'];

$strSQL = "DELETE * FROM employee_data WHERE employee_name = $find";
header("Location: Home.html");
?>

please use `mysqli_` functions over `mysql` ... actually, your book is likely very old and considered malpractice nowadays — bear, Feb 25 '16 at 21:11
I think a simpler approach would be to include employee id in the search results and then pass that same id to the delete page. The you use that id in the delete query. — Maximus2012, Feb 25 '16 at 21:11
Which book would tell you do to this? `WHERE employee_name=$EmployeeName` — Dave Chen, Feb 25 '16 at 21:12
You are passing more variables than you need which is adding unnecessary complexity to your code. — Maximus2012, Feb 25 '16 at 21:12
You're probably looking for something like this: http://stackoverflow.com/questions/19823651/delete-data-using-get-url-php-string (look at the answer with 5 votes) — Maximus2012, Feb 25 '16 at 21:13
That makes way more sense, so I just need to rename the actual form to something like 'del' and then pass that along with $GET to delete the query? Sorry still new at this.. this book is from 2014, I didn't think all of this is now obsolete? — Wolfenacht, Feb 25 '16 at 21:18
It is not obsolete but there are better and more secure ways to do what you are trying to do. You may not even need a form at all if you are using URL/GET to pass the request to your delete page. — Maximus2012, Feb 25 '16 at 21:24
In first php code, you cannnot write $find like how you have used, you need to use $_GET["find"] — shreshta bm, Feb 25 '16 at 21:25
Okay, I think I got it. It doesn't help that I am not very good at setting up MySQL either so testing can be a pain. I would show all my files here but I am bad at editing them and don't want to waste your guys' time. Lol — Wolfenacht, Feb 25 '16 at 21:29

score 0 · Answer 1 · answered Feb 25 '16 at 21:39

First of all, $find must be declared as $find = $_GET['find'] and on the top of it, you should use method="POST" instead of method="GET" for many reasons (i.e. : security).

Also, your sql query is not well formed. SELECT * FROM employee_data WHERE upper($EmployeeName) [...] should be SELECT * FROM employee_data WHERE upper(employee_name) [...].

You should also use mysqli instead of mysql and maybe separate concerns (DB stuff in DB classes and presenting stuff in presenting classes), but as you said.. you're new to this and you're trying to learn ;)

Also, in your delete form, you only have one info transfered (mostly) to your php page : <input type="text" name="find"/>. Your php page is waiting for a lot more : employee_name, employee_address and so on..

Hope this helps :)

Okay so (Yeah I'm still a noob) if I change the method to POST that means the $find = $_GET['find'] should instead be $find = $_POST['find'] right? — Wolfenacht, Feb 25 '16 at 21:44
Right :) GET parameters will be shown in the url and POST parameters are hidden instead. — Michaël HB, Feb 25 '16 at 21:47

PHP Employee Database

1 Answers1