HTML input into SQL query using PHP after a button click

Question

I want to get user-input by HTML form input field and then send this input into the SQL query. I have tried the method I googled but there's no value selected. The SQL query worked when I gave the value directly in the SQL query.

<body>
  <div class="testbox">
    <form action="train.php" method="POST">

      <div class="item">
        <div class="train-item">
          <p>Departure Station </p>
          <input type="text" name="depart" required />
        </div>

        <div class="train-item">
          <p>Arrival Station</p>
          <input type="text" name="arrive" required />
        </div>

      <div class="btn-block">
        <button type="submit" name="search" href="/">Search</button>
      </div>
  </div>
  </form>
  </div>

    <?php

    if(isset($_POST['search'])){ // Fetching variables of the form which travels in URL
      $depart = $_POST["depart"];
      $arrive = $_POST["arrive"];
      $sql = "SELECT ttype.TyName, train.TraNo, a.StaName dsta, c.Time dtime ,b.StaName asta , d.Time atime 
                      FROM (((((ttype RIGHT JOIN train
                      ON ttype.TyNo=train.TyNo)
                      RIGHT JOIN pass c
                      ON train.TraNo=c.TraNo)
                      RIGHT JOIN station a
                      ON a.StaNo=c.StaNo)
                      RIGHT JOIN pass d
                      ON train.TraNo=d.TraNo)
                      RIGHT JOIN station b
                      ON b.StaNo=d.StaNo)      

                      WHERE c.Time < d.Time
                      AND a.StaName='.$depart' 
                      AND b.StaName='.$arrive' ";
            $result = mysqli_query($link, $sql) or die("can't reach" . mysqli_error( ));
            $rows = mysqli_num_rows($result);    
            $cols = mysqli_num_fields( $result); 

            $train_table = "";
            $train_table .= "This query has ". $rows ." data";
        $train_table .= ",and include". $cols ."columns";
        ?>

The above code showed "This query has 0 data, and includes 6 columns.

EDIT: Thanks for helping and informing me about the SQL injection. It's for a term-project for a course at university. The result will only be shown to my classmates and professor and I am the only one who will be access to the whole system. Thanks again.

The reason I posted my own question is that I am not familiar with PHP nor HTTP language and couldn't find the exact problem with my code. In other words, I am not sure the problem is located in the HTTP part or the PHP part.

share your db structure for the tables and what output you require. Only then we can suggest you anything — Amanjot Kaur, Dec 26 '19 at 10:23
plz check my answer and let me know if your query is working now? — Amanjot Kaur, Dec 26 '19 at 10:40
Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) — Dharman, Dec 26 '19 at 14:26
@Dharman Thanks for the information. The reason I posted my own question is that I am not familiar with PHP language and couldn't find the exact problem with my code. In other words, I am not sure the problem is located in the HTTP part or the PHP part. — naomi, Dec 27 '19 at 03:32

score 0 · Answer 1 · answered Dec 26 '19 at 10:31

0

try without point in query

WHERE c.Time < d.Time
    AND a.StaName='$depart' 
    AND b.StaName='$arrive' ";

answered Dec 26 '19 at 10:31

Mike Foxtech

1,633
1
6
7

Please don't post answers only pointing out a typographical issue or a missing character. Such answers are unlikely to help future visitors since they are specific to OP's code. Instead, flag or vote to close the question as off-topic as per the [help/on-topic]. – Dharman Dec 26 '19 at 14:26

Amanjot Kaur · Accepted Answer · 2019-12-26T10:42:39.917

0

I don't know your DB structure. As you are saying query is working in MYSQL, try the following:

$sql = "SELECT ttype.TyName, train.TraNo, a.StaName dsta, c.Time dtime ,b.StaName asta , d.Time atime 
FROM (((((ttype RIGHT JOIN train
ON ttype.TyNo=train.TyNo)
RIGHT JOIN pass c
ON train.TraNo=c.TraNo)
RIGHT JOIN station a
ON a.StaNo=c.StaNo)
RIGHT JOIN pass d
ON train.TraNo=d.TraNo)
RIGHT JOIN station b
ON b.StaNo=d.StaNo)      

WHERE c.Time < d.Time
AND a.StaName = '".$depart."' 
AND b.StaName='".$arrive."'";

Issue is here:

AND a.StaName='.$depart' AND b.StaName='.$arrive' ";

You can check more detail for concatenation at: Concatenating strings having dot(period) in php

Its also not good to use above code which is prone to SQL Injection. Try Prepared statements. You can get a very basic tutorial here:

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

edited Dec 26 '19 at 10:42

answered Dec 26 '19 at 10:36

Amanjot Kaur

2,028
4
18
33

https://stackoverflow.com/questions/59483442/display-single-column-mysql-data-in-multiple-columns-in-php-html/59483509#59483509 Hi! I have provided a reference photo in this question. – naomi Dec 26 '19 at 13:27
I got it. Try the above answer and check if it works.. just change your SQL query in code as written above in my answer.. @naomi – Amanjot Kaur Dec 26 '19 at 13:31
Please don't post answers only pointing out a typographical issue or a missing character. Such answers are unlikely to help future visitors since they are specific to OP's code. Instead, flag or vote to close the question as off-topic as per the [help/on-topic]. – Dharman Dec 26 '19 at 14:27

HTML input into SQL query using PHP after a button click

2 Answers2