Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts

    resolved: php search variable indefined.

    Hi first post in the PHP forum. I'm taking a class in php and we created a members search form and results page. My sql is correct as its returning values that I type in the form fields, but when I try to display the values in a table using the LIKE in sql. it says my variable "$row_rsSearch" is undefined.

    Here is my sql and variables:
    PHP Code:
    <?php require("../Connections/student.php"); ?>
    <?php
    mysql_select_db 
    ($database_student,$student);

    /*build dynamic query*/
    $sql"SELECT * FROM tblmembers WHERE 0 = 0" ;
    if(!empty(
    $_POST["LastName"]))$sql $sql " AND LastName LIKE '" $_POST["LastName"]."%'";
    if(!empty(
    $_POST["FirstName"]))$sql $sql " AND FirstName LIKE '" $_POST["FirstName"]."%'";
    if(!empty(
    $_POST["Email"]))$sql $sql " AND Email LIKE '" $_POST["Email"]."%'";
    if(isset(
    $_POST["State"]))$sql $sql " AND State LIKE '" $_POST["State"]."%'";

    /*run query*/
    $rsSearch mysql_query ($sql,$student) or die(mysql_error ());
    $rowSearch mysql_fetch_assoc ($rsSearch);
    $totalRows_rsSearch mysql_num_rows ($rsSearch);
    ?>
    And here is my display code:
    PHP Code:
    <body>
    <div id="content">
      <?php include("memberHeader.php"); ?>
      <h2>Members Search Results</h2>
      <h1><?php echo $sql ?></h1>
      <p>First name: <?php echo $_POST["FirstName"]; ?></p>
      <p>Last Name: <?php echo $_POST["LastName"]; ?></p>
      <p>Email: <?php echo $_POST["Email"]; ?></p>
      <pState: ><?php echo $_POST["State"]; ?></p>
      <table border="1" cellspacing="2" cellpadding="2">
      <tr>
        <td>Name</td>
        <td>Email</td>
        <td>State</td>
      </tr>
    <?php do{?>  
      <tr>
        <td><?php echo $row_rsSearch['LastName']; ?><?php echo $row_rsSearch['FirstName']; ?></td>
        <td><?php echo $row_rsSearch['Email']; ?></td>
        <td><?php echo $row_rsSearch['State']; ?></td>
      </tr>
      <?php } while($row_rsSearch mysql_fetch_assoc($rsSearch));?>
    </table>

    <?php include("memberFooter.php"); ?>
    </div>
    </body>
    </html>
    <?php 
    mysql_free_result
    ($rsSearch);
    ?>
    Ive looked at this for several hours, but cant figure out why the variable isnt defined. Very new to php. so any help would be greatly appreciated.
    Last edited by teedoff; 11-10-2010 at 07:14 PM.

  • #2
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Because for some reason you're using a do while instead of a while? You're using row_rsSearch before its defined? And why would you use do while instead of while when looping mysql results anyway?

  • #3
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    You create the array here ...

    $rowSearch = mysql_fetch_assoc ($rsSearch);

    So references are now like this ...

    <?php echo $rowSearch['LastName']; ?>

    Not this ...

    <?php echo $row_rsSearch['LastName']; ?>



    .

  • #4
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by mlseim View Post
    You create the array here ...

    $rowSearch = mysql_fetch_assoc ($rsSearch);

    So references are now like this ...

    <?php echo $rowSearch['LastName']; ?>

    Not this ...

    <?php echo $row_rsSearch['LastName']; ?>



    .
    ok changed those to $rowSearch which doesnt throw an error, but no data is displayed either. Only thing displayed is the comma used to separate the lastname and firstname.

    Because for some reason you're using a do while instead of a while? You're using row_rsSearch before its defined? And why would you use do while instead of while when looping mysql results anyway?
    Hmm well as I said, we're just learning php and using dreamweaver as well. With the little knowledge I have, my guess would have been that a do while loop would loop through the database abd display any record based on the user input/....while ($row_rsSearch = mysql_fetch_assoc($rsSearch));

    Again, how could that loop through without the comparison while?
    Last edited by teedoff; 11-10-2010 at 06:03 PM.

  • #5
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    You use a do while when you want to guarantee the data will be displayed at least once. A while does the test first, then loops if valid. In this case, you assign a variable in your while statement, so by doing do while, you're calling the variable before you even assign it. Look at it, did you assign $row_rsSearch before the while assignment? No, so how could you try to call data?

    And with due respect to mlsiem, I think he was wrong in his advice to change the variable names. You are needlessly assigning $rowSearch and can drop that. You can use row_rsSearch, just use a while loop instead of a do while.

  • #6
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by Keleth View Post
    You use a do while when you want to guarantee the data will be displayed at least once. A while does the test first, then loops if valid. In this case, you assign a variable in your while statement, so by doing do while, you're calling the variable before you even assign it. Look at it, did you assign $row_rsSearch before the while assignment? No, so how could you try to call data?

    And with due respect to mlsiem, I think he was wrong in his advice to change the variable names. You are needlessly assigning $rowSearch and can drop that. You can use row_rsSearch, just use a while loop instead of a do while.
    so I didnt assign a value to $rowSearch here? Which is why mlsiem suggested I use rowSearch for my echo.

    PHP Code:
    $rowSearch mysql_fetch_assoc ($rsSearch); 
    Again, sorry I'm not fully understanding this..lol As for the while, I understand the concept that the variable I have no is not defined and I'm calling it, therefore the initial error. But, without the do/while loop, wouldnt it just display one record and the stop. What if there were several records with the last name Smith? The while says as long as the variable is not empty and is like Smith, then display the records. Correct?

  • #7
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Ok... in your mysql, you define $rowSearch. Then in your code, you do a do/while using the variable $row_rsSearch. First thing is you need to pick one variable name, not both. Sure, you can rename, but given you're not using $rowSearch prior to the loop, there's no need to define it there, and should just drop it, converting your do/while to a while.

    I'm not saying drop the loop, im saying change it from a do/while to a while. If you're not aware of what a while loop is, I do, with all due respect, suggest you go learn the basics of structure and looping prior to proceeding. A while is probably the most common loop you'll use. A do/while runs the loop at least once, testing at the end of the loop, a while tests before looping, just like I said in my last post.

  • #8
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by Keleth View Post
    Ok... in your mysql, you define $rowSearch. Then in your code, you do a do/while using the variable $row_rsSearch. First thing is you need to pick one variable name, not both. Sure, you can rename, but given you're not using $rowSearch prior to the loop, there's no need to define it there, and should just drop it, converting your do/while to a while.

    I'm not saying drop the loop, im saying change it from a do/while to a while. If you're not aware of what a while loop is, I do, with all due respect, suggest you go learn the basics of structure and looping prior to proceeding. A while is probably the most common loop you'll use. A do/while runs the loop at least once, testing at the end of the loop, a while tests before looping, just like I said in my last post.
    Yes thats why I changed the $row_Search to $rsSearch, since I have the last variable define. Thats why I said I dont get an error anymore. Ok I understand what a do/while and while loops are. I'm not sure I know the syntax to use it instead of what I have now though. I will try to find out though. Thanks for your patience with someone just starting out.

  • #9
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Sorry mate, if you know the difference, the syntax change wouldn't be difficult

    PHP Code:
    <?php while($row_rsSearch mysql_fetch_assoc($rsSearch)) {?>  
      <tr>
        <td><?php echo $row_rsSearch['LastName']; ?><?php echo $row_rsSearch['FirstName']; ?></td>
        <td><?php echo $row_rsSearch['Email']; ?></td>
        <td><?php echo $row_rsSearch['State']; ?></td>
      </tr>
      <?php }?>
    It is a literal transposition.

  • #10
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts
    lol well knowing what something is and does, can be quite different that knowing how to properly code it.

    At any rate its still not working...My table displays nothing but I get no errors. So I guess thats progress. here is my new code:

    PHP Code:
    <table border="1" cellspacing="2" cellpadding="2">
      <tr>
        <td>Name</td>
        <td>Email</td>
        <td>State</td>
      </tr>
    <?php while($rowSearch mysql_fetch_assoc($rsSearch)) {?>
      <tr>
        <td><?php echo $rowSearch['LastName']; ?><?php echo $rowSearch['FirstName']; ?></td>
        <td><?php echo $rowSearch['Email']; ?></td>
        <td><?php echo $rowSearch['State']; ?></td>
      </tr>
     <?php }?>
    </table>
    Forgot to change my variables back to $row_rsSearch so went back and did that, but didnt change things. Still a blank table display.
    Last edited by teedoff; 11-10-2010 at 06:51 PM.

  • #11
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    The name of the variable is irrelevant. The reason I said stay with the current name scheme was just because it was already there. My point was there was no need to change the naming scheme, just delete the line where you pull the first row above. If only one row is being pulled, its being put into $rowSearch, so it doesn't even make it to your loop. Delete that line.

  • #12
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Seeing as you're just beginning, prime time to ram security down your throat.

    Don't use unvalidated, unsanitised, unescaped input in a database query. Even if you're using the likes of parameterised queries, validate and sanitise first. You are using raw POST input in your queries. Don't. You're leaving the code wide open to SQL exploits.

    Code:
    /*build dynamic query*/
    $sql= "SELECT * FROM tblmembers WHERE 0 = 0" ;
    if(!empty($_POST["LastName"]))$sql = $sql . " AND LastName LIKE '" . $_POST["LastName"]."%'";
    if(!empty($_POST["FirstName"]))$sql = $sql . " AND FirstName LIKE '" . $_POST["FirstName"]."%'";
    if(!empty($_POST["Email"]))$sql = $sql . " AND Email LIKE '" . $_POST["Email"]."%'";
    if(isset($_POST["State"]))$sql = $sql . " AND State LIKE '" . $_POST["State"]."%'";

    Don't echo unvalidated, unsanitised input to output. You're allowing the likes of XSS and such with the following.

    Code:
      <p>First name: <?php echo $_POST["FirstName"]; ?></p>
      <p>Last Name: <?php echo $_POST["LastName"]; ?></p>
      <p>Email: <?php echo $_POST["Email"]; ?></p>
      <pState: ><?php echo $_POST["State"]; ?></p>

  • #13
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts

    Resolved

    lol ok I have it working! Stupid oversight. I was entering data in each field which had no matching records. Thats why no data was being displayed. Sheesh!

    Get me back to Coldfusion! lol

    Thanks again for your time and help! I do appreciate it.
    Last edited by teedoff; 11-10-2010 at 07:07 PM. Reason: Resolved

  • #14
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,546
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Yah, I apologize if I was coming across overly harsh, its just some of these basics are vital, otherwise you'll be on sites like these every day, asking for simple answers, driving us and yourself crazy.

    And like Matt said, sanitizing is of upmost importance.

  • #15
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,338
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by Keleth View Post
    Yah, I apologize if I was coming across overly harsh, its just some of these basics are vital, otherwise you'll be on sites like these every day, asking for simple answers, driving us and yourself crazy.

    And like Matt said, sanitizing is of upmost importance.
    No problem. And yes I figured we'd get around to security soon enough. As a coldfusion developer, I know text inputs pose security issues. I think we will go over that in the next class. Thanks for the tips Matt!


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •