How do I search a database using a specific field search? This code also needs to be secured from SQL injection but here is the basic code for learning purposes. The database connects but doesn't show the data. Please help!
Here is the html input form.
<h2>Search</h2>
<form name="search" action="searchresults.php" method="POST">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="firstName">First Name</option>
<Option VALUE="lastName">Last Name</option>
<Option VALUE="email">email</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
Here is the basic connection and table output. some of the code may be missing.
<?php
mysql_connect("127.0.0.1", "root", "pass") or die(mysql_error()) ;
mysql_select_db("users") or die(mysql_error()) ;
// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
$email=$_POST['email'];
$find=$_POST['find'];
$field=$_POST['field'];
$data="SELECT firstName, lastName, email FROM userInfo WHERE upper($field) LIKE '% $find%'";
$result = mysql_query($data);
$count=mysql_numrows($result);
if($count > 0){
echo '<table align="center" width="800" border="0" cellpadding="4">';
echo '<tr height = 200><td>';
echo "<h1><font size='4' color='red'>Search Results</h1></font>";
echo "<table>";
echo "<table border='0' width='750' align='center'>";
echo "
<td width='30%' align='center'>First Name</td>
<td width='30%' align='center'>Last Name</td>
<td width='40%' align='center'>Email</td>";
echo "</tr>";
$row_number = 1;
while ($row = mysql_fetch_array($data)) {
$id= $row["id"];
$firstName= $row["firstName"];
$lastName= $row["lastName"];
$email= $row["email"];
for ($i=0; $i<3; $i++) {
echo"<td><font size =\"4\" color=\"black\"> $row[$i]</td>";
}
echo"</tr>";
$row_number++;
}
echo "</table>";
echo '</td></tr>';
echo '</table>';
}
?>