[RESOLVED] if ($_POST[submit] == "Search")

zenrab

Hello

I am building a simple contact management system. Basically when someone enters the phone number to search they will receive either; 1. the full recordset that belongs to that phone number, or a blank form to complete with the entered phone number already in place. I have pasted my code below. I am getting an error message for line 24, the ($post[submit[ == "Search"). Any help anyone can give would be greatly appreciated.

Many thanks

<?php
$host="localhost"; // Host name
$username="yes"; // Mysql username
$password="yes"; // Mysql password
$db_name="yes"; // Database name

error_reporting(E_ALL);

$link = mysql_connect($host,$username,$password);
if ( ! $link ) {
die( "Couldn't connect to MySQL: ".mysql_error() );
}

mysql_select_db( $db_name, $link )
	or die ( "Couldn't connect to database: ".mysql_error() );
if ($_POST[submit] == "Search")
{
  //Collect Form Data

  $string = $_POST['search'];

  //Issue SQL SELECT Statement
$query  = "SELECT * FROM contacts WHERE telephone1 = '$string'"; 
$result = mysql_query($query) or die(mysql_error());
$mysql_num = mysql_num_rows($result ); 

if ($mysql_num == 0)
    {
	print "<tr>";
	print "<td>First Name:";
	print "<td><input name='firstname' type='text'></td>";
	print "</td>";
	print "<td>Last Name:";
	print  "<td><input name='lastname' type='text'></td>";
	print "</td>";
	print "<td>Address 1:";
	print "<td><input name='address2' type='text'></td>";
	print "</td>";
	print "<td>Address 2:";
	print "<td><input name='address2' type='text'></td>";
	print "</td>";
	print "<td>Telephone 1:";
	print "<td><input name='telephone1' type='text' value='"; echo $string; print "'></td>";
	print "</td>";
	print "<td>Telephone 2:";
	print  "<td><input name='telephone2' type='text'></td>";
	print "</td>";
	print "<td>Email:";
	print  "<td><input name='email' type='text'></td>";
	print "</td>";
	print "</tr>";
	}
else
        {
        // enter your code here if your query finds a customer with the number your searching for 

     while($row = mysql_fetch_array($result))
        {
		print "<tr>";
		print  "<td>First Name:";
		echo $row['firstname'];
		print "</td>";
		print "<td>Last Name:";
		echo $row['lastname'];
		print "</td>";
		print "<td>Address 1:";
		echo $row['address1'];
		print "</td>";
		print "<td>Address 2:";
		echo $row['address2'];
		print "</td>";
		print "<td>Telephone 1:";
		echo $row['telephone1'];
		print "</td>";
		print "<td>Telephone 2:";
		echo $row['telephone2'];
		print "</td>";
		print "<td>Email:";
		echo $row['email'];
		print "</td>";
		print "</tr>";
         }
   }
}
?>

bradgrafelman

For one, it would be really beneficial to paste the exact error message for us, since there is more than one error message PHP can display.

Second, I'm betting it's not an "error" but rather a warning or notice. First, there doesn't appear to be any constant in your script with the name of submit, so I'm guessing by $POST[submit] you really meant $POST['submit']. The latter of the two has a string of "submit" for its array key, while the first suggests that there is a constant defined with the name of submit.

Also, if $_POST['submit'] doesn't exist, you'll get an "undefined index" notice since you're trying to access an item in an array that doesn't exist. As such, you should first check if the variable exists using [man]isset/man or [man]empty/man.

Finally, note that it appears as though your script is vulnerable to SQL injection attacks. User-supplied data should never be placed directly into SQL queries. Instead, it should first be sanitized with a function such as [man]mysql_real_escape_string/man.

Oh, and don't forget to get rid of all of the mysql_error() references when this script goes live (since you should never display MySQL error messages to the user).

Kudose

You're missing the quotes around the associative array subscript, but that isn't what's generating the notice, which I assume it is a notice. It is also probably about $_POST[submit] not being defined.

What is the exact error message you're getting?

edit

Beaten to the punch. 🙂

zenrab

thank you both for your really quick responses. I resolved the issue, I guess while you were posting by changing the if(!POST['submit]) to if (!isset($POST['submit']))

This seems to have done the trick, I have the results I was looking for.

However, still good nuggets in both your posts that I had not considered, and tips on including the messages to make it easier to help. thanks for all of this. Been struggling with this for days, don't know why I didn't ask for help earlier.

Thank you.

bradgrafelman

Glad you got it resolved. Don't forget to mark the thread as such!