Ivan Reuben Ramos Muit Ivan Reuben Ramos Muit - 1 month ago 6
MySQL Question

Search database in PHP

I wanted to be able to Search in the database at any table whether it is the First Name, Last Name, Middle Name, Etc... the problem is, I always get from query an empty results

This is my attempt

I use the HTML Form for the User to Search With clicking necessary datum.

<table border='0' align='right'>
<td >
<select name='SEARCH' id='SEARCH'>
<option value='ID_NO' selected='selected'>ID Number</option>
<option value='FNAME'>First Name</option>
<option value='LNAME' >Last Name</option>
<option value='MNAME'>Middle Name</option>
<option value='DATE'>Birthday</option>
<option value='SEX'>SEX</option>
<option value='AGE'>Age</option>
<option value='STATUS'>Status</option>
<option value='TEL_NO'>Landline Number</option>
<option value='ADDRESS'>Address</option>
<option value='OCCUPATION'>Occupation</option>
<option value='REFERRED_BY '>Referrals</option>
<option value='itResult'>Result</option>
<td rowspan =2><input name='SUBMIT' type='SUBMIT' id='SUBMIT' value='Search!'></td>
<td><input name='INPUT' type='text' id='INPUT'></td>

Then the datum that was entered is pass through here and check to the database

print "<center><H2>Search User</H2></center>";
$ID_CHECK = clean($_POST['chck']);
$SEARCH = clean($_POST['SEARCH']);
$INPUT = clean($_POST['INPUT']);

$result = mysql_query("SELECT * FROM user_info WHERE '$SEARCH' = '$INPUT'" ) or die('Error, query failed');
if(!mysql_num_rows($result)) {
print "<BR>There is no $INPUT in the Database <BR><A HREF ='SearchUser.php'>Go Back</A>";
else {
$row_array = mysql_fetch_array($result, MYSQL_ASSOC);

The Problem is, I always get an empty query and that
I think using this is wrong

$result = mysql_query("SELECT * FROM user_info WHERE '$SEARCH' = '$INPUT'" ) or die('Error, query failed');

is there another way? JavaScript perhaps?

My Clean Function does this.. it cleans the value of the data I think

function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
return mysql_real_escape_string($str);


Problem is that in your query you are comparing two strings. This should work:

$result = mysql_query("SELECT * FROM user_info WHERE $SEARCH = '".$INPUT."'")  or die('Error, query failed');

I removed the single quotations from $SEARCH.