Facing issue while running PHP script

Question

I have a form in HTML which posts two values hostname and ip_address.

<form action="demo-select.php" method="post" />
    <p>HOSTNAME/IPADDRESS: <input type="text" name="HOSTNAME" name="IP_ADDRESS" /></p>
    <input type="submit" value="Submit" />
</form>

If I enter the hostname/ip_address and submit it, it will take me to demo-select.php script.

In demo-select.php script I'm able to get the output for hostname from my MySQL db. How should I get the output based on ip_address?

$value = $_POST['HOSTNAME'];
$query = "SELECT * FROM <tablename> WHERE HOSTNAME='$value'";
$result = mysql_query($query);

This script connects to a MySQL db and gets the output based on the hostname. What modifications should I make to get the output based on ip_address as well?

Table columns:

HOSTNAME
IP_ADDRESS
cpus
MEMORY

I hope your code isn't on an open network as it would be open to SQL injection. — Kris Oye, Mar 31 '17 at 22:19
**WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user data is **not** [properly escaped](http://bobby-tables.com/php.html) and there are [SQL injection bugs](http://bobby-tables.com/) and can be exploited. — tadman, Apr 01 '17 at 01:51

score 1 · Answer 1 · edited May 23 '17 at 11:55

HTML:

You can't assign two names to an HTML element. I'd suggest that you either use two fields or use a dropdown / radio button along with the form field for the user to specify whether they're entering a hostname or an ip_address:

<form action="demo-select.php" method="post" />

    <select name="address_type">
      <option value="ip"> IP Address </option>
      <option value="host"> Host Name </option>
    </select>

    <input type="text" name="host_name_or_address" />
    <input type="submit" value="Submit" />
</form>

An assumption here is that you'd want the user to enter as input only one of hostname or ip_address in a single submit. If you want both to be relayed to the PHP at once, then please get rid of the select dropdown and use two input fields instead.

PHP:

Check what's been received in address_type and determine what query to use accordingly:

$address_type = $_POST['address_type'];
$value = $_POST['host_name_or_address'];

if($address_type == "host"){
    // If looking for partial matches, use... WHERE HOSTNAME LIKE '%$value'
    $sql = "SELECT * FROM <tablename> WHERE HOSTNAME = '$value' ";
}
else{
    $sql = "SELECT * FROM <tablename> WHERE IP_ADDRESS = '$value' ";
}

Again, if you want both fields to be searched for at once, then along with the HTML edits indicated in the narration above, you'll have to receive in a PHP variable the value of the second input field too. Also then please get rid of the if-else construct here above and write a single, combined query as:

$sql = "SELECT * FROM <tablename> WHERE HOSTNAME = '$value1' AND IP_ADDRESS = '$value2' ";

Finally, please don't use mysql_*() functions in any PHP code. They're long deprecated and are very vulnerable to SQL Injection Attacks as Daniel has already suggested in his answer. Please have a look at MySQLi and PDO Prepared Statements instead. These utilities provide a cleaner way to write your queries and also a much safer mechanism to shield them against potential risks.

Facing issue while running PHP script

1 Answers1