Why doesn't my PHP code return any results?

Question

When running this PHP code it works, but doesn't return any results - can anyone tell me why please? I have tried checking the code, but as it runs it's not that obvious. So I think it has a problem with the echoing SQL statement.

  <!doctype html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <html>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <title>Bed & Breakfast</title>
    <style type = "text/css">
        </style>
        </head>
        <body>
        <form style = "text-align:center; margin-top:200px;"method="POST" action ="">
            <span> Hotel Venue<span><input style ="margin-left:20px;" type="number" Name ="HotelVenueRef"/><br/><br/><br/>
            <input style = "margin-left:100px;" type='submit' value='HotelVenueRef' Name ="HotelVenueRef"/>
        </form>

        <?php
            if (isset($_POST['HotelVenueRef']))
            {
            require_once 'connecttodatabase.php'; 



        $sql=" select * from`B&B` where Hotel_Venue_ref =" .$_POST['HotelVenueRef'];

        $result = mysql_query($sql);

        while ($row = mysql_fetch_assoc($result))
        {


        echo'
        <td align="center">'.$row['Delegate_Student_uid'] .' </td>';

        echo'
        <td align="center">'.$row['Name'] .' </td>';

        echo'
        <td align="center">'.$row['Event_uid'] .' </td>';

        echo'
        <td align="center">'.$row['Hotel_Venue_ref'] .' </td>';


        }
}
?>
</body>
</head>

I know about the injection vulnerability, that's not a problem at the moment. Just need to get it working for now.

Answer 1

$sql=" select * from `B&B` where Hotel_Venue_ref =  '" . mysql_escape_string($_POST['HotelVenueRef']) . "'");
    $result = mysql_query($sql);        
$result = mysql_query($sql);
if (!$result) {
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
}
if (mysql_num_rows($result) == 0) {
    echo "No rows found, nothing to print so am exiting";
    exit;
}

Add this code before while statement

Answer 2

I have a feeling that your issue is a result of the fact that you have 2 input elements with the same name (HotelVenueRef).

Here's your form, I've cleaned up the formatting and taken out some style attributes because they're irrelevant to the problem and it's cleaner without them. I've also lower-cased all attribute names (because consistency is key!!)

<form "method="POST" action ="">
    <span>Hotel Venue<span>
    <input type="number" name="HotelVenueRef"/>
    <br/>
    <br/>
    <br/>
    <input type="submit" value="HotelVenueRef" name="HotelVenueRef"/>
</form>

The issue is that you have both an <input type="number"/> and an <input type="submit"/> that have the same name.

When a form submits to PHP, the $_POST array is populated with key-value pairs, where the key is based off the name attribute of the html input element, and the value is the value of that input.

Let's say you set the number input to have a value of 5, and then submit the form.

PHP will now auto-generate the $_POST array. Behind the scenes, it does something like

$_POST['HotelVenueRef'] = 5;

Based off of the value in the number input. Then it goes and does something like

$_POST['HotelVenueRef'] = 'HotelVenueRef';

This is the part you haven't noticed! The submit button also submits to PHP as part of the form, and its value now overwrites the value you're interested in.

The reason you're not getting any results is that your query resolves to look like:

SELECT * FROM `B&B` WHERE `Hotel_Venue_ref`='HotelVenueRef'

With the value of the submit button, instead of the value of the number input.

You can solve your problem by removing the "name" attribute on the submit button, which will prevent its value from submitting to PHP along with the rest of the form. You also have the option of renaming your submit button.