... by 'works', I mean that thera are no errors. Unfortunately, there's no
output either. :-(

Here is the HTML that I have in 'test.php' ...

http://www.flickr.com/photo_zoom.gne...9529794&size=o

Here is the php code in the file select.php ...

http://www.flickr.com/photo_zoom.gne...9529810&size=o

When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
results. $dbname _is_ populated and there _is_ a user in there called
'tom'.

Can someone advise..? Thanks

[1] I hope this is the right forum..

On Jun 28, 9:53 am, desmond <desm...@zeouane.org> wrote:
> .. by 'works', I mean that thera are no errors. Unfortunately, there's no
> output either. :-(
>
> Here is the HTML that I have in 'test.php' ...
>
> http://www.flickr.com/photo_zoom.gne...9529794&size=o
>
> Here is the php code in the file select.php ...
>
> http://www.flickr.com/photo_zoom.gne...9529810&size=o
>
> When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
> results. $dbname _is_ populated and there _is_ a user in there called
> 'tom'.
>
> Can someone advise..? Thanks
>
> [1] I hope this is the right forum..

A couple things:

1. A screen shot of your code? C'mon, dude.
2. Check that $result isn't false.
3. Check the value of mysql_error() after you run the query.
4. Enable display_errors and turn up error_reporting in php.ini and
run the script again.

ZeldorBlat <zeldorblat@gmail.com> wrote:
> On Jun 28, 9:53 am, desmond <desm...@zeouane.org> wrote:
>> .. by 'works', I mean that thera are no errors. Unfortunately, there's no
>> output either. :-(
>>
>> Here is the HTML that I have in 'test.php' ...
>>
>> http://www.flickr.com/photo_zoom.gne...9529794&size=o
>>
>> Here is the php code in the file select.php ...
>>
>> http://www.flickr.com/photo_zoom.gne...9529810&size=o
>>
>> When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
>> results. $dbname _is_ populated and there _is_ a user in there called
>> 'tom'.
>>
>> Can someone advise..? Thanks
>>
>> [1] I hope this is the right forum..
>
> A couple things:
>
> 1. A screen shot of your code? C'mon, dude.

Yeah, I know.. but I wasn't sure if I was posting to the right place, and
so sort o' thought, 'minimise the code I post; minimise the flames..' :-\

> 2. Check that $result isn't false.

If I put echo $result just out of the 'while' loop, I get..

Resource id #3

> 3. Check the value of mysql_error() after you run the query.

Nor really sure how to do that.. adding this ..

$error=mysql_error();
echo $error;

... outside the loop, didn't do anything.

> 4. Enable display_errors and turn up error_reporting in php.ini and
> run the script again.

I already have 'E_ALL & ~E_NOTICE' turned on...

On Jun 28, 2:53 pm, desmond <desm...@zeouane.org> wrote:
> .. by 'works', I mean that thera are no errors. Unfortunately, there's no
> output either. :-(
>
> Here is the HTML that I have in 'test.php' ...
>
> http://www.flickr.com/photo_zoom.gne...9529794&size=o
>
> Here is the php code in the file select.php ...
>
> http://www.flickr.com/photo_zoom.gne...9529810&size=o
>
> When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
> results. $dbname _is_ populated and there _is_ a user in there called
> 'tom'.
>
> Can someone advise..? Thanks
>
> [1] I hope this is the right forum..

your markup is incorrect you need
name="first_name" rather than
id=....
same goes for them all

also you have {['country']} rather than {$row['country']}

also where are you getting $first_name from in the query?
do you set it to

$first_name = mysql_string_real_escape( $_GET['first_name'] );

you know the form uses GET if you dont specify otherwise.

your code is shall we say not quite all there yet, I would look at
some examples online and then adjst them to suit your needs.

On Jun 28, 6:14 pm, shimmyshack <matt.fa...@gmail.com> wrote:
> On Jun 28, 2:53 pm, desmond <desm...@zeouane.org> wrote:
>
>
>
> > .. by 'works', I mean that thera are no errors. Unfortunately, there's no
> > output either. :-(
>
> > Here is the HTML that I have in 'test.php' ...
>
> >http://www.flickr.com/photo_zoom.gne...9529794&size=o
>
> > Here is the php code in the file select.php ...
>
> >http://www.flickr.com/photo_zoom.gne...9529810&size=o
>
> > When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
> > results. $dbname _is_ populated and there _is_ a user in there called
> > 'tom'.
>
> > Can someone advise..? Thanks
>
> > [1] I hope this is the right forum..
>
> your markup is incorrect you need
> name="first_name" rather than
> id=....
> same goes for them all
>
> also you have {['country']} rather than {$row['country']}
>
> also where are you getting $first_name from in the query?
> do you set it to
>
> $first_name = mysql_string_real_escape( $_GET['first_name'] );
>
> you know the form uses GET if you dont specify otherwise.
>
> your code is shall we say not quite all there yet, I would look at
> some examples online and then adjst them to suit your needs.

sorry should have been:
mysql_real_escape_string

shimmyshack <matt.farey@gmail.com> wrote:

> On Jun 28, 2:53 pm, desmond <desm...@zeouane.org> wrote:
>> .. by 'works', I mean that thera are no errors. Unfortunately, there's no
>> output either. :-(
>>
>> Here is the HTML that I have in 'test.php' ...
>>
>> http://www.flickr.com/photo_zoom.gne...9529794&size=o
>>
>> Here is the php code in the file select.php ...
>>
>> http://www.flickr.com/photo_zoom.gne...9529810&size=o
>>
>> When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
>> results. $dbname _is_ populated and there _is_ a user in there called
>> 'tom'.
>>
>> Can someone advise..? Thanks
>>
>> [1] I hope this is the right forum..
>
> your markup is incorrect you need
> name="first_name" rather than
> id=....
> same goes for them all
>
> also you have {['country']} rather than {$row['country']}
>
> also where are you getting $first_name from in the query?
> do you set it to
>
> $first_name = mysql_string_real_escape( $_GET['first_name'] );
>
> you know the form uses GET if you dont specify otherwise.
>
> your code is shall we say not quite all there yet, I would look at
> some examples online and then adjst them to suit your needs.

OK, typos corrected, the code looks like this (no more screenshots)..

--- test.php (this is the HTML one) ---
<form action="select.php" method="post">

<h6>

<label for="first_name">First Name: </label>
<input type="text" name="first_name"><br>
<label for="second_name">Second Name: </label>
<input type="text" name="second_name"><br>
<INPUT type="submit" value="Send"> <INPUT type="reset">
</form>
---------------------------------------

And this is the php code (corrected according to your comments) ...

--- select.php ---
<?php

$dbhost='localhost';
$dbuser='toto';
$dbpass='password';
$dbname='adbname';

$conn = mysql_connect($dbhost, $dbuser, $dbpass)
or die ('Cannot connect to DB!!');

mysql_select_db($dbname);

$query="SELECT user_id, login, first_name, email, country FROM
users WHERE first_name='$first_name'";

$result = mysql_query($query);

while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {

echo "Name: {$row['first_name']} <br>" .
"Login: {$row['login']} <br>" .
"Client Number: {$row['user_id']} <br>" .
"Email: {$row['email']} <br>" .
"Country: {$row['country']} <br><br>" ;
}
?>
----------------

If anyone wants to see the table I'm trying to access ..

mysql> describe users;
+-------------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+-------------+------+-----+---------+----------------+
| user_id | int(11) | NO | PRI | NULL | auto_increment |
| login | varchar(8) | NO | | | |
| password | varchar(8) | NO | | | |
| first_name | varchar(25) | NO | | | |
| second_name | varchar(25) | NO | | | |
| email | varchar(25) | NO | | | |
| sex | varchar(1) | YES | | NULL | |
| dob | date | NO | | | |
| address1 | varchar(25) | YES | | NULL | |
| address2 | varchar(25) | YES | | NULL | |
| postcode | varchar(10) | YES | | NULL | |
| state | varchar(10) | YES | | NULL | |
| country | varchar(15) | YES | | NULL | |
| landline | varchar(10) | NO | | | |
| fax | varchar(10) | YES | | NULL | |
| mobile | varchar(10) | YES | | NULL | |
| website | varchar(25) | YES | | NULL | |
| quote | varchar(50) | YES | | NULL | |
+-------------+-------------+------+-----+---------+----------------+
18 rows in set (0.11 sec)

Now if I enter say 'john' in the first field of my form and his Submit, I
get 'Resource id #3' (to be fair, I also get this if I enter nothing before
hitting Submit), yet if I execute the query manually ..

myql> SELECT user_id, login, first_name, email, country FROM
-> users WHERE first_name='john';
+---------+---------+------------+-----------------------+-----------+
| user_id | login | first_name | email | country |
+---------+---------+------------+-----------------------+-----------+
| 2 | john | John | john12@gmail.com | Australia |
+---------+---------+------------+-----------------------+-----------+
1 row in set (0.00 sec)

So something's not right with the code, obviously..... :-(

..oO(shimmyshack)

>your markup is incorrect you need
>name="first_name" rather than
>id=....
>same goes for them all

He needs both 'name' and 'id' if he wants to use labels. The 'name'
attribute is required for proper form submission, the 'id' is required
for associating a label with the form control.

Micha

On Jun 29, 11:04 am, desmond <desm...@zeouane.org> wrote:
> shimmyshack <matt.fa...@gmail.com> wrote:
> >> And this is the php code (corrected according to your comments) ...
>
> >> --- select.php ---
> >> <?php
>
> >> $dbhost='localhost';
> >> $dbuser='toto';
> >> $dbpass='password';
> >> $dbname='adbname';
>
> >> $conn = mysql_connect($dbhost, $dbuser, $dbpass)
> >> or die ('Cannot connect to DB!!');
>
> >> mysql_select_db($dbname);
>
> >> $query="SELECT user_id, login, first_name, email, country FROM
> >> users WHERE first_name='$first_name'";
>
> >> $result = mysql_query($query);
>
> >> while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
>
> >> echo "Name: {$row['first_name']} <br>" .
> >> "Login: {$row['login']} <br>" .
> >> "Client Number: {$row['user_id']} <br>" .
> >> "Email: {$row['email']} <br>" .
> >> "Country: {$row['country']} <br><br>" ;}
>
> >> ?>
> > remember where I asked /how/ you were getting $first_name and hoped it
> > was by using
> > mysql_real_escape_string( $_GET['first_name'] );
>
> I didn't really understand what you meant..
>
> > well now you have changed the form, you need to change the GET to POST
> > and then just do it!
>
> > $first_name = mysql_real_escape_string( $_POST['first_name'] );
>
> Sorry for the obtuse questions, but ..where does this go?
>
> > if in doubt about a query thats failing, just use
> > var_dump( $qeury );
> > to see what you are passing to the DB, that would have shown up as NOT
> > what you were passing to the db in the command line.
>
> As you rightly pointed out, it's 'not quite there' yet.

unless you are using a particularly old version of php, globals should
be off, so you cant just assume that $first_name will be present in
your script

<?php

$first_name = mysql_real_escape_string( $_POST['first_name'] );
$second_name = mysql_real_escape_string( $_POST['second_name'] );


however this is not enough, you must use regular expressions to
validate those two variables as well, before you escape them. So think
of the characters (the one below is good only for a subset of names,
because it doesnt allow éíó etc...) that you might want to allow in a
name, and the lengths (I use minimum 4 and maximum 32) and use

<?php

function getValidateName( $strName )
{
if( preg_match( '/([a-zA-Z'\- ]{2,32})/', $strName, $arrMatches) )
{
return $arrMatches[0];
}
else
{
return '';
}
}

$first_name =
mysql_real_escape_string( getValidateName($_POST['first_name']) );
//you dont actually use $second_name, but I put it here anyway
$second_name =
mysql_real_escape_string( getValidateName($_POST['second_name']) );

//....rest of your code


> Sorry for the obtuse questions, but ..where does this go?
BTW I do feel like you need to start trying stuff, and reading the
manual, it worries me that you might end up with code you dont
understand that could be very insecure, because you are following
insructions rather than reading around the subject.

shimmyshack <matt.farey@gmail.com> wrote:
> On Jun 28, 6:14 pm, shimmyshack <matt.fa...@gmail.com> wrote:
>> On Jun 28, 2:53 pm, desmond <desm...@zeouane.org> wrote:
>>
>>
>>
>> > .. by 'works', I mean that thera are no errors. Unfortunately, there's no
>> > output either. :-(
>>
>> > Here is the HTML that I have in 'test.php' ...
>>
>> >http://www.flickr.com/photo_zoom.gne...9529794&size=o
>>
>> > Here is the php code in the file select.php ...
>>
>> >http://www.flickr.com/photo_zoom.gne...9529810&size=o
>>
>> > When i call up test.php' from my webbrowser, I enter say 'tom' and I get no
>> > results. $dbname _is_ populated and there _is_ a user in there called
>> > 'tom'.
>>
>> > Can someone advise..? Thanks
>>
>> > [1] I hope this is the right forum..
>>
>> your markup is incorrect you need
>> name="first_name" rather than
>> id=....
>> same goes for them all
>>
>> also you have {['country']} rather than {$row['country']}
>>
>> also where are you getting $first_name from in the query?
>> do you set it to
>>
>> $first_name = mysql_string_real_escape( $_GET['first_name'] );
>>
>> you know the form uses GET if you dont specify otherwise.
>>
>> your code is shall we say not quite all there yet, I would look at
>> some examples online and then adjst them to suit your needs.
>
> sorry should have been:
> mysql_real_escape_string

OK now you're starting to scare me, 'cos I'd imagined that I could set up
some sort of PhP catalogue by following some tutorials, doing the minimum
to get it up and running, and then 'perfect' it by learning what I needed.
But it looks like I was wrong. I need to learn the whole thing before I
can even begin to do this, don't I? OK, next question: is there such a
thing as a PhP script that I can download, to 'drop in' to my site? The DB
itself is bog-standard, users, stock etc.

"desmond" <desmond@sivan.coughlan.fr> wrote in message
news:3gjsl4-2p5.ln1@sivan.coughlan.fr...
> shimmyshack <matt.farey@gmail.com> wrote:
>> On Jun 28, 6:14 pm, shimmyshack <matt.fa...@gmail.com> wrote:
>>> On Jun 28, 2:53 pm, desmond <desm...@zeouane.org> wrote:
>>>
>>>
>>>
>>> > .. by 'works', I mean that thera are no errors. Unfortunately,
>>> > there's no
>>> > output either. :-(
>>>
>>> > Here is the HTML that I have in 'test.php' ...
>>>
>>> >http://www.flickr.com/photo_zoom.gne...9529794&size=o
>>>
>>> > Here is the php code in the file select.php ...
>>>
>>> >http://www.flickr.com/photo_zoom.gne...9529810&size=o
>>>
>>> > When i call up test.php' from my webbrowser, I enter say 'tom' and I
>>> > get no
>>> > results. $dbname _is_ populated and there _is_ a user in there called
>>> > 'tom'.
>>>
>>> > Can someone advise..? Thanks
>>>
>>> > [1] I hope this is the right forum..
>>>
>>> your markup is incorrect you need
>>> name="first_name" rather than
>>> id=....
>>> same goes for them all
>>>
>>> also you have {['country']} rather than {$row['country']}
>>>
>>> also where are you getting $first_name from in the query?
>>> do you set it to
>>>
>>> $first_name = mysql_string_real_escape( $_GET['first_name'] );
>>>
>>> you know the form uses GET if you dont specify otherwise.
>>>
>>> your code is shall we say not quite all there yet, I would look at
>>> some examples online and then adjst them to suit your needs.
>>
>> sorry should have been:
>> mysql_real_escape_string
>
> OK now you're starting to scare me, 'cos I'd imagined that I could set up
> some sort of PhP catalogue by following some tutorials, doing the minimum
> to get it up and running, and then 'perfect' it by learning what I needed.
> But it looks like I was wrong. I need to learn the whole thing before I
> can even begin to do this, don't I? OK, next question: is there such a
> thing as a PhP script that I can download, to 'drop in' to my site? The
> DB
> itself is bog-standard, users, stock etc.

Try oscommerce it's fairly simple to set up. Easy to expand with new modules
and widely used
so plenty of support forums. The best bit it's FREE.

www.oscommerce.com

Brian

Brian Telford <brian@remove.this.rushford.antispam.demon.co.uk > wrote:

>> OK now you're starting to scare me, 'cos I'd imagined that I could set up
>> some sort of PhP catalogue by following some tutorials, doing the minimum
>> to get it up and running, and then 'perfect' it by learning what I needed.
>> But it looks like I was wrong. I need to learn the whole thing before I
>> can even begin to do this, don't I? OK, next question: is there such a
>> thing as a PhP script that I can download, to 'drop in' to my site? The
>> DB
>> itself is bog-standard, users, stock etc.
>
> Try oscommerce it's fairly simple to set up. Easy to expand with new modules
> and widely used
> so plenty of support forums. The best bit it's FREE.
>
> www.oscommerce.com

Looks promising. Many, many thanks!