The scenario is that one must search the code, and the results will appear from the MySQL DB if the code is present, otherwise display a message "Sorry, but there were no results found" is displayed. Perhaps re-enter your EVR No.: or double check your entry."
However, before the search is even made, the error message is already shown.
What am I doing wrong?
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else { // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
?>
and on the same file, in HTML where the results are to appear:
<form action="index.php" method="POST" class="search">
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<div class="form-group">
<input type="text" name="query" class="form-control" placeholder="Enter Your EVR No." required/>
<button type="submit" id="form-submit" value="Search" class="btn-submit btn btn-big dark-blue-bordered-btn">Submit</button>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<?php
if($no_results!="") // Two times Doule Quotation marks that is, and != means "not equal to". So we mean to say if $code is not equal to empty
{
echo $no_results;
}
else { echo " "; }
I have tried isset(), empty() but the error message still shows even though the search hasn't been made.
What am I missing?
Its rough, but that will do. The reason is when page is loaded, your search box is empty and is executing the query with NULL returning 0 rows.
<?php
$no_results = NULL;
$query = (isset($_POST['query']) ? $_POST['query'] : null);
if ($query) {
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
<?php
$no_results = NULL;
if (isset($_POST['query']) && strlen($_POST['query']) > 0) {
$query = (isset($_POST['query']) ? $_POST['query'] : null);
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
} else {
//no query value
}
?>
<?php
if(isset($_POST['query'])) {
$no_results = '';
$query = mysql_real_escape_string($_POST['query']);//added some security
$raw_results = mysql_query("SELECT * FROM evrdata WHERE evr_no = '$query'") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
$evr_no ='<br/>EVR No. : '.'<b>'.$results['evr_no'].'</b>';
$surname ='<br/>Surname : '.'<b>'.$results['surname'].'</b>';
$othername ='<br/>First Names : '.'<b>'.$results['othername'].'</b>';
$ps_code ='<br/>PS Code : '.'<b>'.$results['ps_code'].'</b>';
}
}
else{ // if there is no matching rows do following
$no_results = '<br/>Sorry, but there were no results found. Perhaps re-enter your EVR No.: or double check your entry.</b>';
}
}
?>
This should be the best choice... stop using mysql_* functions use PDO or MySQLi. Your code IS VULNERABLE to sql-injection
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.