Not getting result as expected

I am new to PHP/sql. This should be simple, but it is not processing as I expected it to. I just want the user to be able to enter text (assetTag) and the query return the matching result. Maybe I am making this more complicated that it has to be. The ifelse statement after the form, never is true and I am getting the echo “Enter an id” all the time. Even when it’s the first time, it doesn’t seem to wait for an answer in the text box.

<?php  //query

require_once 'login.php';

$db_password, $db_database);
$db_server = new mysqli ($db_hostname,$db_username, $db_password, $db_database);
$inputAssetTag = "";

//Check connection
if (mysqli_connect_errno())
{
	echo "Unable to connect to database";
} else {
	echo "Connected" . "<br />";

	if (!isset($_GET['iputAssetTg'])){
		echo "here";
		
		?>
		<form action="AssetTagSearch3.php" method ="GET">
		Please enter an Asset ID tag:
		<br><br> <input type="text" name="inputAssetTag" value="<?php echo $inputAssetTag; ?>"> <br><br>
		<input  type ="submit" value = "Enter">
	
		</form>
<?php
		if (!empty($inputAssetTag)) {
			$inputAssetTag = $_GET['inputAssetTag'];
			echo "Perfect";
			} else {
				echo "Enter an id";

	}
}
	

}

?>

You have two typos in the posted code. The first one is a fragment of the database connection line that is probably just a copy/paste mistake when you posted the code here. The other is in the name of your $_GET input, that would prevent your code from doing what you expect, nor produce a php error, since it is inside of an isset() statement.

Your code for any page should be laid out in this general order -

  1. Initialization - define, create things your page needs.
  2. Post method form processing - process any post method form data. Not used for what you are currently doing, a search operation.
  3. Get method business logic - get/produce data needed to display the page.
  4. Html document/template - using the output from the above sections of code as its input data, produce the html document.

Next, you need to validate all input data before using it, either producing an error message for the visitor or using a default value. You would also typically trim() all input data, before validating it, so that you can detect if all white-space characters were entered. This would be part of item #3 in the above list. If the input is valid (not empty), you would then run the code needed to query for and retrieve the data that you want. If the query doesn’t match any data, you would set up an error message for the visitor telling them so.

For something like a search operation, you would NOT conditionally output the search form. You would want to allow the visitor to modify the search value and re-submit the form.

Also, don’t unconditionally output information about database errors onto a web page. This does nothing for a legitimate visitor and only helps a hacker. If you instead use exceptions for database statement errors and in most cases let php catch and handle the exception, php will use its error related settings to control what happens with the actual error information (database errors will ‘automatically’ get displayed/logged the same as php errors.) You can then remove any database error handling logic you have now, simplifying the code.

Any dynamic data values that you output onto a web page (the form field value) should have htmlentities() applied to it to help prevent cross site scripting.

You should put your entire database connection code into a separate .php file and require it when needed.

To get a form to submit to the same page, simply leave the whole action=’…’ attribute out of the form tag.

While you haven’t gotten to this point in the code, any external/unknown/dynamic value that you supply to an sql query statement should use a prepared query and you should switch to the much simpler PDO database extension.

Thank you so much for your tips…I’ve never done PHP coding so it’s been confusing to me. I know some basic sql.

I will do some updating.

Sponsor our Newsletter | Privacy Policy | Terms of Service