...

View Full Version : resolved: php search variable indefined.



teedoff
11-10-2010, 04:38 PM
Hi first post in the PHP forum. I'm taking a class in php and we created a members search form and results page. My sql is correct as its returning values that I type in the form fields, but when I try to display the values in a table using the LIKE in sql. it says my variable "$row_rsSearch" is undefined.

Here is my sql and variables:

<?php require("../Connections/student.php"); ?>
<?php
mysql_select_db ($database_student,$student);

/*build dynamic query*/
$sql= "SELECT * FROM tblmembers WHERE 0 = 0" ;
if(!empty($_POST["LastName"]))$sql = $sql . " AND LastName LIKE '" . $_POST["LastName"]."%'";
if(!empty($_POST["FirstName"]))$sql = $sql . " AND FirstName LIKE '" . $_POST["FirstName"]."%'";
if(!empty($_POST["Email"]))$sql = $sql . " AND Email LIKE '" . $_POST["Email"]."%'";
if(isset($_POST["State"]))$sql = $sql . " AND State LIKE '" . $_POST["State"]."%'";

/*run query*/
$rsSearch = mysql_query ($sql,$student) or die(mysql_error ());
$rowSearch = mysql_fetch_assoc ($rsSearch);
$totalRows_rsSearch = mysql_num_rows ($rsSearch);
?>

And here is my display code:

<body>
<div id="content">
<?php include("memberHeader.php"); ?>
<h2>Members Search Results</h2>
<h1><?php echo $sql ?></h1>
<p>First name: <?php echo $_POST["FirstName"]; ?></p>
<p>Last Name: <?php echo $_POST["LastName"]; ?></p>
<p>Email: <?php echo $_POST["Email"]; ?></p>
<pState: ><?php echo $_POST["State"]; ?></p>
<table border="1" cellspacing="2" cellpadding="2">
<tr>
<td>Name</td>
<td>Email</td>
<td>State</td>
</tr>
<?php do{?>
<tr>
<td><?php echo $row_rsSearch['LastName']; ?>, <?php echo $row_rsSearch['FirstName']; ?></td>
<td><?php echo $row_rsSearch['Email']; ?></td>
<td><?php echo $row_rsSearch['State']; ?></td>
</tr>
<?php } while($row_rsSearch = mysql_fetch_assoc($rsSearch));?>
</table>

<?php include("memberFooter.php"); ?>
</div>
</body>
</html>
<?php
mysql_free_result($rsSearch);
?>

Ive looked at this for several hours, but cant figure out why the variable isnt defined. Very new to php. so any help would be greatly appreciated.

Keleth
11-10-2010, 05:39 PM
Because for some reason you're using a do while instead of a while? You're using row_rsSearch before its defined? And why would you use do while instead of while when looping mysql results anyway?

mlseim
11-10-2010, 05:41 PM
You create the array here ...

$rowSearch = mysql_fetch_assoc ($rsSearch);

So references are now like this ...

<?php echo $rowSearch['LastName']; ?>

Not this ...

<?php echo $row_rsSearch['LastName']; ?>



.

teedoff
11-10-2010, 06:00 PM
You create the array here ...

$rowSearch = mysql_fetch_assoc ($rsSearch);

So references are now like this ...

<?php echo $rowSearch['LastName']; ?>

Not this ...

<?php echo $row_rsSearch['LastName']; ?>



.

ok changed those to $rowSearch which doesnt throw an error, but no data is displayed either. Only thing displayed is the comma used to separate the lastname and firstname.


Because for some reason you're using a do while instead of a while? You're using row_rsSearch before its defined? And why would you use do while instead of while when looping mysql results anyway?
Hmm well as I said, we're just learning php and using dreamweaver as well. With the little knowledge I have, my guess would have been that a do while loop would loop through the database abd display any record based on the user input/....while ($row_rsSearch = mysql_fetch_assoc($rsSearch));

Again, how could that loop through without the comparison while?

Keleth
11-10-2010, 06:10 PM
You use a do while when you want to guarantee the data will be displayed at least once. A while does the test first, then loops if valid. In this case, you assign a variable in your while statement, so by doing do while, you're calling the variable before you even assign it. Look at it, did you assign $row_rsSearch before the while assignment? No, so how could you try to call data?

And with due respect to mlsiem, I think he was wrong in his advice to change the variable names. You are needlessly assigning $rowSearch and can drop that. You can use row_rsSearch, just use a while loop instead of a do while.

teedoff
11-10-2010, 06:16 PM
You use a do while when you want to guarantee the data will be displayed at least once. A while does the test first, then loops if valid. In this case, you assign a variable in your while statement, so by doing do while, you're calling the variable before you even assign it. Look at it, did you assign $row_rsSearch before the while assignment? No, so how could you try to call data?

And with due respect to mlsiem, I think he was wrong in his advice to change the variable names. You are needlessly assigning $rowSearch and can drop that. You can use row_rsSearch, just use a while loop instead of a do while.

so I didnt assign a value to $rowSearch here? Which is why mlsiem suggested I use rowSearch for my echo.


$rowSearch = mysql_fetch_assoc ($rsSearch);

Again, sorry I'm not fully understanding this..lol As for the while, I understand the concept that the variable I have no is not defined and I'm calling it, therefore the initial error. But, without the do/while loop, wouldnt it just display one record and the stop. What if there were several records with the last name Smith? The while says as long as the variable is not empty and is like Smith, then display the records. Correct?

Keleth
11-10-2010, 06:28 PM
Ok... in your mysql, you define $rowSearch. Then in your code, you do a do/while using the variable $row_rsSearch. First thing is you need to pick one variable name, not both. Sure, you can rename, but given you're not using $rowSearch prior to the loop, there's no need to define it there, and should just drop it, converting your do/while to a while.

I'm not saying drop the loop, im saying change it from a do/while to a while. If you're not aware of what a while loop is, I do, with all due respect, suggest you go learn the basics of structure and looping prior to proceeding. A while is probably the most common loop you'll use. A do/while runs the loop at least once, testing at the end of the loop, a while tests before looping, just like I said in my last post.

teedoff
11-10-2010, 06:36 PM
Ok... in your mysql, you define $rowSearch. Then in your code, you do a do/while using the variable $row_rsSearch. First thing is you need to pick one variable name, not both. Sure, you can rename, but given you're not using $rowSearch prior to the loop, there's no need to define it there, and should just drop it, converting your do/while to a while.

I'm not saying drop the loop, im saying change it from a do/while to a while. If you're not aware of what a while loop is, I do, with all due respect, suggest you go learn the basics of structure and looping prior to proceeding. A while is probably the most common loop you'll use. A do/while runs the loop at least once, testing at the end of the loop, a while tests before looping, just like I said in my last post.

Yes thats why I changed the $row_Search to $rsSearch, since I have the last variable define. Thats why I said I dont get an error anymore. Ok I understand what a do/while and while loops are. I'm not sure I know the syntax to use it instead of what I have now though. I will try to find out though. Thanks for your patience with someone just starting out.

Keleth
11-10-2010, 06:40 PM
Sorry mate, if you know the difference, the syntax change wouldn't be difficult :p


<?php while($row_rsSearch = mysql_fetch_assoc($rsSearch)) {?>
<tr>
<td><?php echo $row_rsSearch['LastName']; ?>, <?php echo $row_rsSearch['FirstName']; ?></td>
<td><?php echo $row_rsSearch['Email']; ?></td>
<td><?php echo $row_rsSearch['State']; ?></td>
</tr>
<?php }?>

It is a literal transposition.

teedoff
11-10-2010, 06:47 PM
lol well knowing what something is and does, can be quite different that knowing how to properly code it.

At any rate its still not working...My table displays nothing but I get no errors. So I guess thats progress. here is my new code:


<table border="1" cellspacing="2" cellpadding="2">
<tr>
<td>Name</td>
<td>Email</td>
<td>State</td>
</tr>
<?php while($rowSearch = mysql_fetch_assoc($rsSearch)) {?>
<tr>
<td><?php echo $rowSearch['LastName']; ?>, <?php echo $rowSearch['FirstName']; ?></td>
<td><?php echo $rowSearch['Email']; ?></td>
<td><?php echo $rowSearch['State']; ?></td>
</tr>
<?php }?>
</table>
Forgot to change my variables back to $row_rsSearch so went back and did that, but didnt change things. Still a blank table display.

Keleth
11-10-2010, 06:55 PM
The name of the variable is irrelevant. The reason I said stay with the current name scheme was just because it was already there. My point was there was no need to change the naming scheme, just delete the line where you pull the first row above. If only one row is being pulled, its being put into $rowSearch, so it doesn't even make it to your loop. Delete that line.

MattF
11-10-2010, 06:58 PM
Seeing as you're just beginning, prime time to ram security down your throat. :)

Don't use unvalidated, unsanitised, unescaped input in a database query. Even if you're using the likes of parameterised queries, validate and sanitise first. You are using raw POST input in your queries. Don't. You're leaving the code wide open to SQL exploits.



/*build dynamic query*/
$sql= "SELECT * FROM tblmembers WHERE 0 = 0" ;
if(!empty($_POST["LastName"]))$sql = $sql . " AND LastName LIKE '" . $_POST["LastName"]."%'";
if(!empty($_POST["FirstName"]))$sql = $sql . " AND FirstName LIKE '" . $_POST["FirstName"]."%'";
if(!empty($_POST["Email"]))$sql = $sql . " AND Email LIKE '" . $_POST["Email"]."%'";
if(isset($_POST["State"]))$sql = $sql . " AND State LIKE '" . $_POST["State"]."%'";



Don't echo unvalidated, unsanitised input to output. You're allowing the likes of XSS and such with the following.



<p>First name: <?php echo $_POST["FirstName"]; ?></p>
<p>Last Name: <?php echo $_POST["LastName"]; ?></p>
<p>Email: <?php echo $_POST["Email"]; ?></p>
<pState: ><?php echo $_POST["State"]; ?></p>

teedoff
11-10-2010, 07:02 PM
lol ok I have it working! Stupid oversight. I was entering data in each field which had no matching records. Thats why no data was being displayed. Sheesh!

Get me back to Coldfusion! lol

Thanks again for your time and help! I do appreciate it.

Keleth
11-10-2010, 07:07 PM
Yah, I apologize if I was coming across overly harsh, its just some of these basics are vital, otherwise you'll be on sites like these every day, asking for simple answers, driving us and yourself crazy.

And like Matt said, sanitizing is of upmost importance.

teedoff
11-10-2010, 07:09 PM
Yah, I apologize if I was coming across overly harsh, its just some of these basics are vital, otherwise you'll be on sites like these every day, asking for simple answers, driving us and yourself crazy.

And like Matt said, sanitizing is of upmost importance.

No problem. And yes I figured we'd get around to security soon enough. As a coldfusion developer, I know text inputs pose security issues. I think we will go over that in the next class. Thanks for the tips Matt!

MattF
11-10-2010, 07:14 PM
I think we will go over that in the next class.

If your tutor mentions addslashes at all in that class, just kick him in the nuts and do us all a favour. :D

teedoff
11-10-2010, 07:28 PM
If your tutor mentions addslashes at all in that class, just kick him in the nuts and do us all a favour. :D

lol you lost me on that one, but I might just do that anyway! lol

Keleth
11-10-2010, 07:33 PM
lol you lost me on that one, but I might just do that anyway! lol

Adding slashes is an antiquated method of sanitizing, that is problematic to say the least, but is still unfortunately popular. I myself recently learned the error of my ways, and have been much happier since :)

teedoff
11-10-2010, 07:55 PM
Adding slashes is an antiquated method of sanitizing, that is problematic to say the least, but is still unfortunately popular. I myself recently learned the error of my ways, and have been much happier since :)

Yes I googled it and read just what you are saying. So what's the current acceptable method in php? I may google and read up on it.

Keleth
11-10-2010, 07:58 PM
mysql_real_escape_string is common

teedoff
11-10-2010, 08:08 PM
mysql_real_escape_string is common

Thanks! I'll do some research.

teedoff
11-10-2010, 09:36 PM
ok one more issue it seems...If I type a letter in one of the fields for say lastname, it will find one if there is one. If there's 2 it will still only find one records. If there's 3 it will find 2 records...lol Not sure why that is.

Keleth
11-10-2010, 09:46 PM
Echo an example query and show us.

teedoff
11-10-2010, 09:57 PM
Echo an example query and show us.

lol might be just as easy to try it yourself...i mean the site

http://gtcc-it.org/web182/younger/members/membersMhttp://gtcc-it.org/web182/younger/members/membersMaster.phpaster.php

Keleth
11-10-2010, 11:08 PM
While the links are ... weird, actually no, showing the query can help determine whats wrong... I can tell whats wrong by what you say :)

teedoff
11-12-2010, 10:55 PM
While the links are ... weird, actually no, showing the query can help determine whats wrong... I can tell whats wrong by what you say :)


Dont know what you mean by weird...lol its a link..nothing more.

And dont know what you mean by "you can tell whats wrong by what you say" either...lol you lost me

Anyway I got it working! thanks for your help!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum