You have made two mistakes that I used to make when I first started.
The first one is that, when you are accessing an array using a string as a key, you have to use quotes:
$POST[name] is not what you want
$POST['name'] is what you want
$_POST["name"] is also ok
Your second problem is that you are putting $_POST['name'] into a string INSIDE the quotes. It should be OUTSIDE quotes because it is pointing to an element inside an array.
This is OK:
$variable1 = "test";
$variable2 = "my first variable is equal to $test";
This is NOT ok:
$variable['one'] = "test";
$variable2 = "my first variable is equal to $variable['one']";
So, your corrected code looks like this:
<?php
$username="XXX";
$password="XXX";
$database="XXX";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM contacts WHERE first='" . $_POST['name'] . "'");
while($row = mysql_fetch_array($result))
{
echo $row['first'] . " " . $row['last'] . "<br />";
}
?>
Also, this is VERY important! When you use a $_POST value directly in your MySQL query, you are opening yourself up to someone hacking your site! You should use the following code instead of yours!
<?php
$username="XXX";
$password="XXX";
$database="XXX";
$search_string = $_POST['name'];
// remove all non-alphanumeric characters from search string
$search_string = preg_replace("/[^a-zA-Z0-9s]/", "", $search_string);
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM contacts WHERE first='" . $search_string . "'");
while($row = mysql_fetch_array($result))
{
echo $row['first'] . " " . $row['last'] . "<br />";
}
?>
