getting variable value from input field and use it in SELECT-WHERE statment PHP

Question

I am stuck in this issue since long and tried to search for solution but couldn't figure it out. I have input field, where user will type Occation Name that is already exist in Event table, and then I wrote php code so the entire row will be shown for that occationname. below is my code, and I always get the first row of the table (which means it is not doing the checking or WHERE condition). I tried to assign $X value like : $X = gh (gh is occation name that exist in the table) and it works perfectly. It seems that the php is executed on page load, means before user type the input value. (but that does not make any sense as why it shows the first row then?)

NOTE: I used if(issset($_POST['s']) to get if user click on button, but it is not working as the php code is executed before clicking

 function GetI() { var x = document.getElementById("tt").value; document.getElementById("tvalue").value = x ; } 

 <input type="text" id="tt" value="" class="contactField"/> </br> <input type="submit" class="pageapp-login-button button button-small button-green button-fullscreen " style="font-size:13px" value="getValue" onclick="GetI()" /> <form method="post" name="addingform1" id="addingform1" action="testing.php" > <!-- Here in tvalue, I just show this input to make sure the variable is copying the same input that user typed --> <input type="text" id="tvalue" value="" class="contactField"/> <input type="submit" name="s" class="pageapp-login-button button button-small button-green button-fullscreen " style="font-size:13px" value="Fordata"/> <?php header("Content-type: text/html; charset=utf-8"); if(isset($_POST['s'])) $X= $_POST['tvalue']; include('database/connect-mysql.php'); mysql_query("set character_set_server='utf8'"); mysql_query("set names 'utf8'"); $sqls = "SELECT Date, Address, City, TotalGuest FROM Events WHERE OccationName = '$X'"; echo " <table id='tid'style= 'border-collapse: collapse; border-spacing: 0; width: 100%; border: 1px solid #ddd; position:absolute; top:20%; right:20%; '> <th><div style='overflow: auto; height: 30px; width: 100px;'>Date</th> <th><div style='overflow: auto; height: 30px; width: 100px;'>Address</th> <th><div style='overflow: auto; height: 30px; width: 100px;'>City</th> <th><div style='overflow: auto; height: 30px; width: 100px;'>TotalGuest</th> </tr> "; foreach ($dbcon->query($sqls) as $row){ echo "<tr >"; echo "<td>" . $row['Date'] . "</td>"; echo "<td>" . $row['Address'] . "</td>"; echo "<td>" . $row['City'] . "</td>"; echo "<td>" . $row['TotalGuest'] . "</td>"; echo "</tr>"; } ?> </form> 

Answer 1

Wow this code has a ton of problems. I would look at the /var/logs/httpd just to see what you did wrong.

HOWEVER
1st issue is your <input> fields don't have name='tvalue' or something like that. You can't use $_POST['tvalue']

2nd issue (I believe) is the foreach for the query. I am not aware that you can flip through a database with a foreach usually you do it in a while loop.

Answer 2

As Others have stated you should be using Mysqli. Regardless here's is the answer and I hope you learn from it.

<?php

$form = "
<form id=\"addingform1\" action=\"testing.php\" name=\"addingform1\" method=\"post\">
    <input id=\"tvalue\" type=\"text\" class=\"contactField\" value=\"".$xvar."\"/>
    <input type=\"submit\" name=\"s\" class=\"pageapp-login-button button button-small button-green button-fullscreen \" style=\"font-size:13px\" value=\"Fordata\"/>
</form>";

IF (isset($_POST['s'])) { // form has been submitted

    $err = ""; // form errors

    // Associate and Sanitize form variables
    $xvar = htmlspecialchars(strip_tags(trim($_POST['tvalue'])));

    // Validate form variables
    IF (empty($xvar)) { $err .="- tvalue is empty"; }

    IF (!empty($err)) {

        echo($err); // display errors

        // display the form
        echo($form);


    }ELSE{ // no errors

        // DB connection -- only include/establish when needed.
        include('database/connect-mysql.php');
        mysql_query("set character_set_server='utf8'");
        mysql_query("set names 'utf8'");

        $_xvar = mysql_real_escape_string($xvar);
        $result = "";

        // sql
        $sql = "SELECT Date, Address, City, TotalGuest FROM Events WHERE OccationName = '$_xvar'";
        $query = $dbcon->query($sql);
        IF ($query) {

            While ($row = mysql_fetch_array($query)) {

                // Loop through and build tr rows.
                $result .= "<tr><td>".$row['Date']."</td><td>".$row['Address']."</td><td>".$row['City']."</td><td>".$row['TotalGuest']."</td></tr>";

            }
            mysql_free_result($result);

        }ELSE{

            // No results from query
            $result .= "<tr><td colspan=\"4\">No results for ".$xvar."</td></tr>";

        }
        mysql_close($dbcon); // close your db connection


        // Display results
        echo("\n
<table id=\"tid\" > 
    <th><div style=\"overflow: auto; height: 30px; width: 100px;\">Date</th>
    <th><div style=\"overflow: auto; height: 30px; width: 100px;\">Address</th>
    <th><div style=\"overflow: auto; height: 30px; width: 100px;\">City</th>
    <th><div style=\"overflow: auto; height: 30px; width: 100px;\">TotalGuest</th>
</tr>
".$result."
</table>");

    }

}ELSE{
    // Form has not been submitted, thus show the form.
    echo($form);
}
?>