-3

I want to make search form and diplay table in PHP.

I created PHP code to search with HTML form and display with table from phpMyAdmin's data.

However, my search form is working but display table in PHP shows error.

<html>
<div class="container-fluid">
    <form class="form col-md-8" id="form_Show" role="form" form action="Show.php" method="POST">
        <legend>Show Customers table</legend>
        <h5>Put any characters in Customer's informaiton to search the data.</h5>
        <div class="form-group">
            <label for="Cstm_name" class="col-sm-2">Customer Information</label>
            <div class="col-sm-4">
                <input type="text" class="form-control" name="show" id="show" placeholder="e.g) A, L, J, 1 or 8">
            </div>
            <div class="row"></div>
            <div class="form-group">
                <div class="col-sm-offset-2 col-sm-10">
                    <button type="submit" class="btn btn-primary">Search</button>
                </div>
            </div>
        </div>
        <div class="col-md-offset-2 col-md-10">
            <table class="table table-condensed" id="s_result">
                <thread class="s_result">
                    <tr class="info">
                        <th>Customer ID</th>
                        <th>Customer Name</th>
                        <th>Customer address</th>
                        <th>Customer Cellphone</th>
                    </tr>
                </thread>

                <?php
                $host = "";
                $user = "";
                $password = "";
                $database = "";
                foreach ($_POST as $key => $value) {${$key}=$value;};
                mysql_connect($host, $user, $password) or die ("error");
                mysql_select_db($database) or die ("db error");

                if($_POST ['show']!='')
                {
                    $search=$_POST['show'];
                    $search = preg_replace("#[^0-9a-z]#i","",$search);
                    $qry = "SELECT * FROM Customers
                    WHERE Cstm_id LIKE '%$search%'
                    OR Cstm_name LIKE '%$search%'
                    OR Cstm_addrs LIKE '%$search%'
                    OR CCell_no LIKE '%$search%';";

                    $rst = mysql_query($qry);}
                    echo "<h4>Search results:<span> </span>$search</h4>";
                    while ($row1 = mysql_fetch_row($rst))
                    {
                        echo "<tbody>";
                        echo "<th>"$row\['Cstm_id'\]"</th>";
                        echo "<th>"$row\['Cstm_name'\]"</th>";
                        echo "<th>"$row\['Cstm_addrs'\]"</th>";
                        echo "<th>"$row\['CCell_no'\]"</th>";
                        echo "</tbody>";
                    }
                    ?>
                </table>
            </form>
        </div>
    </div>
    </html>
Francisco
  • 10,918
  • 6
  • 34
  • 45
JiHo
  • 1
  • 1
  • 2
  • What error do you get? – John Conde May 01 '17 at 16:05
  • FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde May 01 '17 at 16:05
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde May 01 '17 at 16:05
  • You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysql_error()`](http://php.net/manual/en/mysql.error.php) to get a detailed error message from the database. – John Conde May 01 '17 at 16:06
  • `"but display table in php shows error. How can I fix it?"` - Actually looking at the error would be a good first step. – David May 01 '17 at 16:07
  • Thanks for your detail advice.! I will check the error and see how it run. – JiHo May 01 '17 at 19:12

1 Answers1

-2

Try if(isset($_POST['show'])){//do stuff...}

Learnator
  • 47
  • 2
  • Code dumps do not make for good answers. You should explain how and why this solves their problem. You should read, "[How do I write a good answer?"](http://stackoverflow.com/help/how-to-answer) – John Conde May 01 '17 at 16:30
  • 2
    Do or do not. There is no try. ~ Master Yoda – John Conde May 01 '17 at 16:31