having query problems

ricrhys

im trying to make it so that people can input an amount into a field and then hit submit and it will then show them the data they required
here is the site im making
http://users.aber.ac.uk/rre7/sonicandtails/logged.php

and here is the code, im v new to php so im not sure whats going on, can some one please help, im going mad trying things out
cheers ric

<p> Thank You For Logging In <?php echo $POST["name"];?> Here Are The Titles Available<br /><br />
More Search options&nbsp<select><form action="results.php" method="post" more="morethan" less="lessthan"><select>
<option>More Than</option>
<option>Less Than</option>
<option></option>
</select><form method="post" action="results.php"><input type="text" name="price" /><input type="submit" /></form>
<?php
$conn = pg_connect("host=database.dcs.aber.ac.uk
port=5432 dbname=teaching
user=csguest password=r**");
$conn = pg_connect("host=database.dcs.aber.ac.uk
port=5432 dbname=teaching user=csguest password=rohishe");
$POST["lessthan"];
if ($POST["lessthan"]){
echo $res = pg_query ($conn, "select from TopGames where price < $POST[price]");
}
else {echo $res = pg_query ($conn, "select * from TopGames where price > $_POST[price]");
}
echo "<table border='1'>";
while ($a = pg_fetch_row($res)) {
echo "<tr>";
for ($j = 0; $j < pg_num_fields($res); $j++) {
echo "<td>" . $a[$j] . "</td>";
}
echo "</tr>";}
echo "</table>\n";?>

illzz

From looking at the code you posted, I can see quite a number of basic HTML and PHP errors.

I will look into marking it up and post my suggestions when I'm done.

illzz

DISCLAIMER: This code is untested.

I went through your code and tried to clean it up. For all the places I made modifications (other than formatting), I tried to place comments explaining what I did and why I did it. Although I feel that there is more that can be done, this should help you out a bit.

This would be for the initial filter page.

<!-- I would think SESSION would be a better place to store the user name rather than POST -->
<p> Thank You For Logging In [<?php echo $_POST["name"];?>] Here Are The Titles Available
<br /><br />
More Search options&nbsp
<!-- Opening [select] outside of the form, without a matching closing select -->
<!--<select>-->
<!-- [more] and [less] aren't valid HTML options here -->
<!--<form action="results.php" method="post" more="morethan" less="lessthan">-->
  <form action="results.php" method="post">
<!-- The select object needs a name to be referenced by -->
<!--<select>-->
    <select name="priceFilter">
<!-- The options need values -->
<!--**<option>More Than</option>-->
<!--**<option>Less Than</option>-->
      <option value="morethan">More Than</option>
      <option value="lessthan">Less Than</option>
<!-- Is there any reason for this blank [option]? -->
<!--**<option></option>-->
    </select>
<!-- You already started your form earlier, no need for it here. -->
<!--<form method="post" action="results.php">-->
<!-- You may want to put in a few more attributes here, such as size and maxlength -->
    <input type="text" name="price" />
    <input type="submit" />
  </form>
</p>

This is for results.php

<?php
  $conn = pg_connect("host=database.dcs.aber.ac.uk port=5432 dbname=teaching user=csguest password=r*****");
// There is no reason for this
#  $_POST["lessthan"];
// This if statment needs to be adjusted
#  if ($_POST["lessthan"])
#  {
#    echo $res = pg_query ($conn, "select * from TopGames where price < $_POST[price]");
#  }
#  else
#  {
#    echo $res = pg_query ($conn, "select * from TopGames where price > $_POST[price]");
#  }
//
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// You need to sanatize the User Input!!!
// I'm not doing it here because it is out of the scope of the problem
// You probably want to also check that they are valid values (numeric, non-negative, etc...) 
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//
  $lsCleanedPriceFilter = $_POST['priceFilter'];
  $lfCleanedPrice = floatval($_POST['price']);
// I'll just do a switch instead of an if.  I feel it is cleaner and is more scalable in this instance
  switch ($lsCleanedPriceFilter)
  {
// It is a bad practice to use [select * from ...], but since I don't know the table structure, I'll leave it as is
    case "lessthan":
       $res = pg_query ($conn, "select * from TopGames where price <= " . $lfCleanedPrice . ";");
       break;
    case "morethan":
       $res = pg_query ($conn, "select * from TopGames where price >= " . $lfCleanedPrice . ";");
       break;
    default:
       $res = pg_query ($conn, "select * from TopGames;");
       break;
  }
  echo "<table border='1'>";
// Using a bit more descriptive variable name
#  while ($a = pg_fetch_row($res))
// It may be helpful to display the column headers, although I'm not doing it here
  while ($laRow = pg_fetch_row($res))
  {
    echo "<tr>";
// Why not just use [foreach] instead of asking the database for the number of fields each time?
#    for ($j = 0; $j < pg_num_fields($res); $j++)
#    {
#      echo "<td>" . $a[$j] . "</td>";
#    }
    foreach ($laRow as $lsColumn)
    {
      echo "<td>" . $lsColumn . "</td>";
    }
    echo "</tr>";
  }
  echo "</table>\n";
?>

illzz

DISCLAIMER: This code is untested.

Here is the same code cleaned up, without my comments

This would be for the initial filter page.

<p> Thank You For Logging In [<?php echo $_POST["name"];?>] Here Are The Titles Available
<br /><br />
More Search options&nbsp
<form action="results.php" method="post">
  <select name="priceFilter">
    <option value="morethan">More Than</option>
    <option value="lessthan">Less Than</option>
  </select>
  <input type="text" name="price" />
  <input type="submit" />
</form>
</p>

This is for results.php

<?php
  $conn = pg_connect("host=database.dcs.aber.ac.uk port=5432 dbname=teaching user=csguest password=r*****");
  $lsCleanedPriceFilter = $_POST['priceFilter'];
  $lfCleanedPrice = floatval($_POST['price']);
  switch ($lsCleanedPriceFilter)
  {
    case "lessthan":
       $res = pg_query ($conn, "select * from TopGames where price <= " . $lfCleanedPrice . ";");
       break;
    case "morethan":
       $res = pg_query ($conn, "select * from TopGames where price >= " . $lfCleanedPrice . ";");
       break;
    default:
       $res = pg_query ($conn, "select * from TopGames;");
       break;
  }
  echo "<table border='1'>";
  while ($laRow = pg_fetch_row($res))
  {
    echo "<tr>";
    foreach ($laRow as $lsColumn)
    {
      echo "<td>" . $lsColumn . "</td>";
    }
    echo "</tr>";
  }
  echo "</table>\n";
?>

ricrhys

cheers for taking the time to help, like i said im a bit green to all this, it now gives me
Parse error: syntax error, unexpected '{' in /berw/ugrad1/base/r/rre7/public_html/sonicandtails/results.php on line 62

   <?php 
$conn = pg_connect("host=database.dcs.aber.ac.uk port=5432 dbname=teaching user=csguest password=rohishe");
$lsCleanedPriceFilter = $_POST['priceFilter'];
$lfCleanedPrice = floatval($_POST['price']);
switch ($lsCleanedPriceFilter)
	{case "lessthan": $res = pg_query ($conn, "select * from TopGames where price <= " . $lfCleanedPrice . ";");
	break;
	case "morethan": $res = pg_query ($conn, "select * from TopGames where price >= " . $lfCleanedPrice . ";");
	break;
	default:
	$res = pg_query ($conn, "select * from TopGames;");
	break;
	}
	echo "<table border='1'>"; 
**while ($laRow = pg_fetch_row($res))
	{   ///this is the line its complaining about
	echo "<tr>";
	foreach ($laRow as $lsColumn)
	{
	echo "<td>" . $lsColumn . "</td>";
	}
	echo "</tr>";
	}echo "</table>\n";?>


<br /></p>

also could you explain the for each loop a bit for me
cheers ric

ricrhys

phew got it cheers, for the help there
ric

illzz

What was the part causing the error?

As for the foreach loop, pg_fetch_row returns the next row of results as an array. Since all you are doing is placing each value in a <td> tag, a foreach loop is faster than a for loop because it doesn't need to evaluate the test expression. It just loops through every element in the array until the end.

Now if the loop was a bit more complex, you would have to re-evaluate this, and the foreach may not be the best choice, but in this case, I feel it is.

Do you have any more questions?

For more info on foreach, you can take a look at the manual.

ricrhys

hey
well it took me ages, and a 3rd year who knows his stuff too, he was staring at it scratching his head saying there was nothing wrong with it, turns out a random character way way over on the right out on its own in a mass of white that was there randomly, cheers again and for the loop expanation, its all new to me so all the help is greatly apreciated
cheers
ric

messels

dude, i'd watch what you post about port numbers. password should be just removed.

even better simple way of keeping that separate is just an include "database.inc.php" or similar that handles all your sensitive stuff.