how do i make a search results details page using php

Question

I am a pharmacist working on a project where a user can get medicines information from my database. I have made the search results page but I'm unable to make a details page. Here is my search.php page:

<?php
$db_hostname = 'localhost';
$db_username = 'root';
$db_password = '';
$db_database = 'drug';

// Database Connection String
$con = mysql_connect($db_hostname,$db_username,$db_password);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db($db_database, $con);
?>

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title></title>
    </head>
    <body>
<div>

  <?php
if (!empty($_REQUEST['term'])) {

$term = mysql_real_escape_string($_REQUEST['term']);     

$sql = "SELECT * FROM drugs WHERE GenericName LIKE '%".$term."%' OR     BrandName LIKE '%".$term."%' OR Pharmacologicalclass LIKE '%".$term."%' OR     ManufacturedBy LIKE '%".$term."%'"; 
$r_query = mysql_query($sql); 

while ($row = mysql_fetch_array($r_query)){ 
echo '<a href="results.php?id='.$row['GenericName'].'">        <h4>'.$row['BrandName'].'</h4></a>'; 
echo '<br />Generic Name: ' .$row['GenericName'];  

echo '<br /> Dosage Form: '.$row['Dosage form'];  
echo '<br /> Pharmacological Class: '.$row['Pharmacologicalclass'];  
echo '<br /> Indications: '.$row['Indications']; 
echo '<br /> Manufactured By: '.$row['ManufacturedBy'];   
}  

}
?>
</div>
    </body>
</html>

On the details page I want to include GenericName, BrandName, Dosageform, Strength, indications, interactions, side effect, pregnancy category, pharmacological class, mode of action and manufactured by (all are rows in by drugs table).

Answer 1

<html>
    <head><title>results - details</title></head>
    <body>
        <?php
            /* 
                "mysql_*" - the old mysql functions are deprecated and their use is discouraged
                You would be wise to take time now to implement mysqli in conjunction with
                prepared statements to avoid sql injection attacks.

                That said, below semi-pseudo code might help you get started

            */

            if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_GET['id'] ) ){

                $sql='select * from `drugs` where `id`='.$_GET['id'];
                $res=mysql_query( $sql, $con );

                if( $res ){
                    while( $rs=mysql_fetch_object( $res ) ){
                        echo $rs->GenericName, $rs->BrandName, $rs->Dosageform, $rs->Strength; /* etc */
                    }
                } else {
                    echo 'no results';
                }
                mysql_close( $con );
            }
        ?>
    </body>
</html>

Answer 2

I was able to do it. here is my code in case one has the same problem. Search.php

// Database Connection String
$con = mysql_connect($db_hostname,$db_username,$db_password);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db($db_database, $con);
?>
 <form action="search.php" method="post">


<input type="text" class="form-control" name="term" placeholder="Search" /> 

<input type="submit" value="Submit" />  
</form> 
</div></div>
<div>

  <div class="container">
     <section class="col-xs-12 col-sm-6 col-md-12">

    <article class="search-result row">

  <?php
if (!empty($_REQUEST['term'])) {

$term = mysql_real_escape_string($_REQUEST['term']);     

$sql = "SELECT * FROM drugs WHERE GenericName LIKE '%".$term."%' OR     BrandName LIKE '%".$term."%' OR Pharmacologicalclass LIKE '%".$term."%' OR     ManufacturedBy LIKE '%".$term."%' "; 
?>

<div style="">
      Results for: <font color="blue" style="font:bold 20px 'Aleo';"><?php     echo     $term;?></font>
      </div>
      <?php $r_query = mysql_query($sql); 

while ($row = mysql_fetch_array($r_query)){

echo '<a href="results.php?id='.$row['id'].'"><h4>'.$row['BrandName']. ":".     $row['GenericName']. " ".$row['Dosageform']. " ".$row['Strength'].'</h4></a>';     //links to results.php by id since id is unique    
echo ' '.$row['Pharmacologicalclass'];  
echo '<br /> uses: '.$row['Indications'];    
}  

}
?>

here is results.php

<?php
$connect = mysqli_connect("localhost","root","mypassword","drug");
?>
<?php
if(isset($_GET['id'])){ // checks if id was posted

$id = (int)$_GET['id'];

$query_fetch = mysqli_query($connect,"SELECT * FROM drugs WHERE ID = $id");    // id that was posted by search.php

 while($show = mysqli_fetch_array($query_fetch)){ 
  echo  " ".$show['BrandName']. ": &nbsp;" . $show['GenericName']. "      &nbsp;".$show['Strength']." <br></a>";

echo '<br /> <h3> <h3>Indications:</h3>'.$show['Indications'];  // these     rows are displayed to the user
echo '<br /> <h3> Pharmacological Class:</h3> '.$show['Precautions'];  
echo '<br /> <h3> Drug interactions:</h3> '.$show['Interactions']; 
echo '<br /> <h3> Undesirable effects:</h3> '.$show['SideEffects'];
echo '<br /> <h3> Use in pregnacy:</h3> '.$show['PREGNANCYcategory'];  
echo '<br /> <h3> Pharmacological Class:</h3>     '.$show['Pharmacologicalclass'];  
echo '<br /> <h3> Mode of action:</h3> '.$show['ModeOfAction']; 
echo '<br /> <h3> Manufactured By:</h3> '.$show['ManufacturedBy'];   
}  

}
?>