-4

NEW PLEASE LOOK--- so great news i got it working but its only looking at my first if statement I just need help so if its not TX then it should look at the other ELSEIF statements! Please and thxs!

OLD---I'm passing via HTML form btn to this code and I'm wanting to grab it look into my database and find the state assigned to it via that billing telephone number so if the state comes back as TX I want it to display in east.php if it comes back at KS I want it to be displayed in kc.php and of course if its CA I want it to display ca.php I've been racking at it for awhile so unless I have then put in what state the customer is from which I don't want to do cause not everyone will know what state the person is from! i've looked at a couple different things and cant find anything closest I've seen is this using php and mysql to display a specific URL in iFrame V2


include 'db_connect.php';
$mysqli = new mysqli($host, $user, $password, $database_in_use);
$btnfromform = $_GET['btn'];
$sql = "SELECT btn, state FROM legacy_escalation Where btn LIKE '".$btnfromform."'";
$result = $mysqli->query($sql);

?>

<?php 
        if ($result->num_rows > 0)
        while($row=mysqli_fetch_assoc($result)) 
        { 
            $state=$row['state'];
        ?> 
<?php
if($state='tx')
include 'east.php';
elseif ($state='KS')
include 'kc.php';
elseif ($state='CA')
include 'ca.php';

?>


<?php 
               } 
               else {
                echo "<span style='color:red; font-size:20px;'>No results found.</span>";
            }
          ?>   ```
Jonathan Bowley
  • 1
  • 3
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 07 '22 at 18:55
  • Yes I am aware thank you! Right now I just want to get it working and it will only be used by me! – Jonathan Bowley Feb 07 '22 at 18:58
  • What's the actual problem you're experiencing? You haven't actually asked a question. – Alex Howansky Feb 07 '22 at 18:59
  • Im having the user go to '''
    Search by Billing Telephone Number:
    ''' where they put in the btn and it takes them to search.php which is the orginal code I posted. My question how do I display diffrent html pages depending on those results! so if the btn is 9368227583 and it looks at the database and sees it     – Jonathan Bowley Feb 07 '22 at 19:02
  • see its TX then it needs to display east.php but if its say a diffrent btn and the state in the database is KS then it should display KC.php – Jonathan Bowley Feb 07 '22 at 19:03
  • Right, so... what's not working with the code you have? – Alex Howansky Feb 07 '22 at 19:08
  • Well because im having the user just type in the BTN im having issuies with it grabbing the state in the database assigned to that btn and having issuies grabbing the diffrent html files depending on the state! – Jonathan Bowley Feb 07 '22 at 19:09
  • 1
    Dude. Slow down! `$state='tx'` is not the same as `$state==='tx'` – waterloomatt Feb 07 '22 at 19:32
  • Yes I messed up when doing the equal when running $state==='tx' it comes back that my state is Undefined now. – Jonathan Bowley Feb 07 '22 at 19:36
  • Well great news after playing with it I got it fully working! I apperciate yall getting mad at me! Sorry i know my code and understanding is rough I think im just biting off more then I can chew! – Jonathan Bowley Feb 07 '22 at 19:38

1 Answers1

0

Quick answer, if($state='tx') should likely be if ($state === 'tx')

Longer answer. You're breaking all the rules.

  • mixing HTML and PHP,
  • badly named variables,
  • indentation issues,
  • SQL injection,
  • opening and closing PHP tags for no apparent reason,
  • mixed case values ex. tx vs. KS

Start paying attention to the style as well as the logic and you'll catch these issues easily.

waterloomatt
  • 3,662
  • 1
  • 19
  • 25