Passing user-entered value to SELECT from table

I’m drawing a complete blank again. :frowning: I’ve built a simple form into which the user can enter their dog’s registration number. I need to pass that number to the SELECT - FROM - WHERE clause but that’s what is stumping me. If I ignore the form and hardcode the reg’n # into WHERE, the correct information is displayed.

For starters I’m not sure what the form action should be so have temporarily put ???. I basically just need the user to see what’s already in the database for the time being.

What I have so far does work if I hardcode one of the reg’n #s like this: … WHERE RegNo=‘HP339261/04’";

Below is the coding I have but it does nothing. What am I missing?

<form action="???" method="post">
    Enter dog's registration number: <input type="text" name="RegNoSearch" title="Registration Number" size="12" maxlength="12" />
	<input type="submit" />
</form>	
		
<?php
$servername = "";
$username = "myusername";
$password = "mypw";
$dbname = "mydbname";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
	
$SearchRegNo = RegNoSearch; // RegNoSearch = field name from above form
						
$sql = "SELECT * FROM entries WHERE RegNo='$SearchRegNo'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
	
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "<p class='left'>
			Registration Number: ". $row["RegNo"]. "<br>Sex: ". $row["Sex"]. ", Birthplace: ". $row["Birthplace"].
			"<br>Dog Name: ". $row["DogName"]. 
			"<br>Date of Birth: ". $row["DOBMonth"]. " ". $row["DOBday"]. ", ". $row["DOByear"].
			"<br>Sire: ". $row["Sire"]. 
			"<br>Dam: ". $row["Dam"]. 
			"<br>Breeder: ". $row["Breeder"]. 
			"<br>Owner: ". $row["Owner"]. 
			"<br>Owner-Handled Eligible: ". $row["OwnerHandled"]. 
			"</p>";
    }
} else {
    echo "0 results";
}
$conn->close();
?>		

Try adding these lines should show the returned $_POST values: and the error.

<?php 
// adding the next three lines should display the error
declare(strict_types=1);
error_reporting(-1);
ini_set('display_errors' ,'1');

// ...

// DEBUG 	
echo '<pre>'; // adds line feeds and makes it easier to view
print_r( $_POST);
echo '</pre>';
$SearchRegNo = RegNoSearch; // RegNoSearch = field name from above form
// ...
  1. Leave the action out completely
  2. There is no such thing as RegNoSearch. The value is in the POST Array
  3. Use Prepared Statements
  4. Stop outputting internal system errors to the user.
  5. You dont need to manually close the DB connection. Php will do it automatically.
2 Likes

Thank you John! I added them and this is the result:

Array
(
)

Notice: Use of undefined constant RegNoSearch - assumed 'RegNoSearch' in /raid/home/borzoiclub/borzoiclubofamerica/national-entry-usersearch.php on line 67
0 results 

AND - at the top of the page, above the header, it also says:


Warning: Unsupported declare 'strict_types' in /raid/home/borzoiclub/borzoiclubofamerica/national-entry-usersearch.php on line 47

Line 47 is: “declare(strict_types=1);”

I’ve done some Googling and it would appear that line 47 is for php v.7. I’m not sure if this is the same thing but a check on the server says:

  • Server version: 5.5.60-MariaDB
  • Protocol version: 10

Does that mean the PHP version I’m able to use is only 5, not 7?

Sorry! Didn’t think to try this until after I sent my previous reply.

The above errors occurred before I even typed in a registration number.

I commented out line 47 and that error went away, so I typed in a registration number but still received the same error about line 67. It DID display the reg’n #, though:

Array
(
    [RegNoSearch] => HP339261/04
)

What is missing here?

$SearchRegNo = RegNoSearch; // RegNoSearch = field name from above form

That needs to be the name of the script that is executed when the user pressed “submit”. It can be blank, which means that it will reload itself, but with the form variables populated in the $_POST array.

You execute the PHP code whether or not the form has been submitted. Your processing code should be surrounded by

if ($_SERVER['REQUEST_METHOD'] == "POST") { 

and

}

so that the code only executes if the form was submitted. And the code should be before the form, so that the form isn’t drawn again as part of the submission, unless you want it to be.

That looks like the MariaDB version, not the PHP version.
You can find that out with phpversion.
https://www.php.net/manual/en/function.phpversion.php

Any script that processes POST data from a form needs to test if it is getting a post request. Like this:-

if($_SERVER['REQUEST_METHOD'] == 'POST'){
      // Parse form data here
}

It is particularly important in a case like this where the script that displays the form is also the form action.
It needs to know what it’s supposed to be doing, showing a form to fill, or parsing data from the submitted form.
Otherwise when a user first enters the form, before anything has been filled in, the script will be looking for data that has not yet been entered.

Also take note of the points brought up by @benanamen particularly #3.

1 Like

The $_POST was missing! (I’m sure you knew that - thanks for pointing me in that direction!) As soon as I added it like this:

$SearchRegNo = $_POST["RegNoSearch"]; // RegNoSearch = field name from above form

the page now works! I also added the if ($_SERVER… line you suggested

Thanks so much droopsnoot - I’ve never tried to get a variable from a form before so didn’t even think of the $_POST variable.

Yes, I know I need to do that. I’m just having trouble getting my brain around the concept of statements but I do intend to tackle it asap.

Thanks for these suggestions benanamen - I will of course remove the error checking now that I’ve got the form working and I do intend to try to learn about prepared statements. I just need a good chunk of time to study it because I have trouble remembering things these days and need to really concentrate in order for it to sink in.

I will eventually have an action to include but in the meantime, I’ve left it blank. Now that I’ve added the $_POST variable, the page works perfectly.

Thank you so much for taking the time to send your suggestions.

Thanks SamA74 - I added that to the page and it says I’m using PHP version 5.6.40

Good to know! Thanks so much.

You will want to do something about that
https://www.php.net/supported-versions.php

red = no longer supported
orange = critical security fixes only
green = actively supported

1 Like

Oh my. Thanks so much for that graphic. I’ve downloaded it and will send it to my server guys. Hopefully they’re planning to upgrade.