I have two php pages first one index.php as below
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Site Title</title>
</head>
<body align="right">
<h4 align="right">Site Title<br>Subtitle</h4>
<form action="acc_data.php" method="post">
<input type="text" name="ACCNUM"> Account Number</br>
<input type="submit" value="Search">
</form>
</body>
</html>
and acc_data.php as below
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Site Title</title>
</head>
<?php
$conn = oci_connect('admin', 'admin', 'localhost/JDT','AL32UTF8');
if (!$conn) {
$e = oci_error();
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// Prepare the statement
$sqlstr = 'SELECT CUSTOMER_ID,CUST_NAME,PHONE1 FROM customers where CUSTOMER_ID=:ACCNUM';
$stid = oci_parse($conn,$sqlstr);
$ACCNUM = $_POST['ACCNUM'];
oci_bind_by_name($stid, ':ACCNUM', $ACCNUM);
oci_execute($stid);
// Fetch the results of the query
print "<table style=width:75% align=center border=1>
<tr><th>Account Number</th>
<th>Name</th>
<th>Phone</th></tr>";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS))
{
print "<tr>";
foreach ($row as $item)
{
print "<td align=center>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : " ") . "</td>";
}
print "</tr>
";
}
print "</table>
";
oci_free_statement($stid);
oci_close($conn);
?>
</body>
</html>
the user in first page will enter its data and pass the value to another php page to be processed at server and return back the result
question 1: is there any security improvement should I do?
question 2: in case of no rows return how to stop execution and echo user a message?
