John John - 7 months ago 21
SQL Question

How to get html input into php sql

Im trying to get the values where a person searches a staff ID from that input from the html page it will show all processed purchases from that Staff ID

$name = $_GET["staffID"];
$sql = "SELECT orderID, orderDate, shippingDate, staffName FROM purchase
WHERE staffID = ".$name."
INNER JOIN staff ON purchase.staffID =
staff.staffID ORDER BY orderDate";
$results = mysqli_query($conn, $sql)
or die ('Problem with query' . mysqli_error());


The errors im getting are apparent when I put the WHERE statement in, So i don't know if im doing the WHERE statement correctly or not.

Without the where statement it will show me all purchases from all staff ids in the table which is right

<html>
</head>
<body>

<form id="staff" action="file.php" method="get">
<p>please fill in the following form</p>
<p>Staff ID: <input type="text" name="staffID"/>
</p>

<p><input type="submit" value="Submit">
<input type="reset" value="Reset"></p>
</form>
</body>
</html>

Answer

The problem is that you have not put delimiters around the name variable:

$sql = "SELECT orderID, orderDate, shippingDate, staffName FROM purchase
INNER JOIN staff ON purchase.staffID =
staff.staffID ORDER BY orderDate
WHERE staffID = '".$name."' ";