0

I have tried to search for solutions but can't find one. On my php page I am trying to search records on two conditions, if user enters something in search box then show according to that and if he doesn't searches anything then display records from table.

I am getting all records but unable to get records when i search for them using their name.

 <?php
 if(isset($_POST['search']))
 {
 $name=$_POST['src'];
 $qry1=mysqli_query($connection,"select * from test_history where 
 username='$name'");
 }
 else
 {
 $qry1=mysqli_query($connection,"select * from test_history");
 $counter=0;
 while($ftc=mysqli_fetch_array($qry1))
 echo
 '<tr>

 <td align="center"> '.++$counter.' </td> 
 <td> '.$ftc['username'].' </td>    
 <td> '.$ftc['enrollment'].' </td> 
 <td> '.$ftc['test_cat'].' </td> 
 <td> '.$ftc['test_name'].' </td> 
 <td> '.$ftc['score'].'% </td> 
 <td> '.$ftc['test_date'].' </td> </tr>';

 }
  if(isset($_POST['submit']))
  {
    $dlt=mysqli_query($connection,"delete from test_history");
  }
 ?>
Sarfaraz Ansari
  • 119
  • 1
  • 8
  • What *does* happen? How specifically is this failing? Note: Your code is wide open to SQL injection (so we don't know what SQL query you're actually running) and you're not checking for errors with `mysqli_error($connection)` (so you don't know if/how the query is failing). – David Apr 09 '17 at 14:42
  • Its didn't outputs any result just empty tables. Error code is written in another file, its not listed. Sorry I am new to php so learning day by day. Could you tell me whats the best way to prevent sql injection ! BTW my issue is resolved. – Sarfaraz Ansari Apr 09 '17 at 14:54
  • Not sure what you mean by "error code is written in another file". You should take a look at the `mysqli_error` function to actually check for errors in your code. As for SQL injection, this is a good place to start: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – David Apr 09 '17 at 14:57

1 Answers1

2

Probably because the table that shows the result is inside "else" block. Try to get it outside.

     <?php
     if(isset($_POST['search']))
     {
     $name=$_POST['src'];
     $qry1=mysqli_query($connection,"select * from test_history where 
     username='$name'");
     }
     else
     {
     $qry1=mysqli_query($connection,"select * from test_history");
     $counter=0;
     }

// ... //

     while($ftc=mysqli_fetch_array($qry1))
     echo
     '<tr>

     <td align="center"> '.++$counter.' </td> 
     <td> '.$ftc['username'].' </td>    
     <td> '.$ftc['enrollment'].' </td> 
     <td> '.$ftc['test_cat'].' </td> 
     <td> '.$ftc['test_name'].' </td> 
     <td> '.$ftc['score'].'% </td> 
     <td> '.$ftc['test_date'].' </td> </tr>';

// ... //

      if(isset($_POST['submit']))
      {
        $dlt=mysqli_query($connection,"delete from test_history");
      }
     ?>

What Happened After Moving The Portion of Code

Anything inside "else" block will be executed when the negation of "if" condition is met, that is, isset($_POST['search']) is "false". The portion of the code which is responsible for displaying the data was inside "else" block, which means the data will be shown only if isset($_POST['search']) returns false.

Obviously, that's not you want. You always want to show the data and you want to change the query according to $_POST['search'] value. The second requirement is implemented by if statement. Please refer to http://php.net/manual/en/control-structures.else.php

Mohammed Q. Hussain
  • 46
  • 3
  • Jazakallah (Thank you) .. I am new to php programming so didn't tried it either. Can you tell me the reason behind this ?? Was still showing that "$counter" not found, just moved that out of "else" block. (before "while"). Voila !! – Sarfaraz Ansari Apr 09 '17 at 14:56
  • One more thing,what logic should i apply if I want to fetch these records according to "from this date" to "this date". Thank You.. – Sarfaraz Ansari Apr 09 '17 at 14:58