-1

Currently i have a query that searched on 'availability' using the following code; 

    $status = 'available';
$stmt = $pdo->query('SELECT * FROM orders WHERE idorder = "' . $status . '"');
$results = $stmt->fetchAll();

My question is; How can i change the variable from $status from 'available' to whatever is entered into the search box?

Mehmvq
  • 53
  • 9
  • Use an html form to pass a data to the query? – Logan Wayne Apr 18 '16 at 03:38
  • if you are going to use PDO, then be smart enough to use a prepared statement and parameter for `$status`, instead of directly inserting the value and opening yourself up to sql injection - http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Sean Apr 18 '16 at 04:24
  • Where is your search box code? is it an `` inside a `
    `? Are you using `method="GET"` or `method="POST"`?
     – Sean Apr 18 '16 at 04:25

2 Answers2

1

This is your search page:

myhtml.php

<?php

if(isset($_POST["btnsubmit"]) && !empty($_POST["btnsubmit"]))
{
  $status = $_POST["status"];
  $stmt = $pdo->query('SELECT * FROM orders WHERE idorder = "' . $status . '"');
  $results = $stmt->fetchAll();

}

?>

<form action="myhtml.php" method="POST">
 <input type="text" name="status">
 <input type="submit" value="Submit" name="btnsubmit">
</form>
Dipanwita Kundu
  • 1,637
  • 1
  • 9
  • 14
0

Index.html

<form action="file.php" method="get">
 <input type="text" name="status">
 <input type="submit" value="Submit">
</form>

File.php

<?php
    $status=$_GET['status'];
    $stmt = $pdo->query('SELECT * FROM orders WHERE idorder = "' . $status . '"');
    $results = $stmt->fetchAll();
?>
stackunderflow
  • 422
  • 2
  • 5
  • 19
  • That would be the file your form directs to. MySQL is a server-side language which means you'll have to send the 'status' input back to the server before performing the query. – stackunderflow Apr 19 '16 at 00:43