Here is my code...The object of this is to take user input into an html form (on another file), and do searches against a MySQL database. Unfortunately, I have no idea what the syntax is for WHERE/LIKE clauses. Where do the slashes/single and double quotes/periods go? No book seems to agree on how it works and none of them work as is. This is driving me to madness!!!!!!😕 😕 😕 😕 😕
<html>
<head>
<title>Search Results...Powered by BRYAN and search.php!!!!!!!!!</title>
</head>
<body>
<h2>Hope that this is the person you wanted...</h2>
<?php
$hostname = "192.168.1.4";
$username = "bryan";
$password = "bryan";
$dbname = "User";
$tablename = "Person";
trim($fname);
trim($lname);
trim($ssno);
$fname = addslashes($fname);
$lname = addslashes($lname);
$ssno = addslashes($ssno);
$link = mysql_pconnect($hostname,$username,$password);
if(!$link)
{
echo "Don't worry...it's never a user error ID-10-T";
exit;
}
mysql_select_db($dbname);
$query = "select * from $tablename where $fname like '$fname%'";
echo $query;
echo "<br>";
$result =@ mysql_query($query,$link);
$num_results =@ mysql_num_rows($result);
echo "Out of ".$num_results." people,";
echo " this person should be in here somewhere...";
for($i=0; $i < $num_results;$i++)
{
$row = mysql_fetch_array($result);
echo "<table>";
echo "<tr><td><b>First Name:</td></b>";
echo "<td><b>Last Name:</b></td>";
echo "<td><b>SSN: </b></td>";
echo "<tr><td>";
echo htmlspecialchars( stripslashes($row["fname"]));
echo "</td><td> ";
echo htmlspecialchars( stripslashes($row["lname"]));
echo "</td><td>";
echo htmlspecialchars( stripslashes($row["ssno"]));
echo "</td><td></tr>";
echo "</table>";
}
?>
</body>
</html>
