API tools faq
paste
Advertisement
gitlez

YA: Simple Form Processing AJDBNSOj3

gitlez
May 7th, 2013
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.88 KB | None | 0 0
raw download clone embed print report
  1. <!-- task8.html -->
  2. <!DOCTYPE html>
  3. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  4.     <head>
  5.         <title>Prac 3 Task 8</title>
  6.     </head>
  7.     <body>
  8.         <h1>Customer Order Information</h1>
  9.         <form id="userinfo" action="task8.php" method="post"><!-- Method switched to post, cleaner.-->
  10.             <p>Search For A Customer</p>
  11.             <p>
  12.                 Customer ID <input type="text" name="customer" />
  13.             </p>
  14.             <p>
  15.                 <input type="submit" value="submit"/>
  16.                 <input type="reset" value="reset"/>
  17.             </p>
  18.         </form>
  19.     </body>
  20. </html>
  21.  
  22. and my php:
  23. <!DOCTYPE html>
  24. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  25.     <head>
  26.         <title>Tack 8.php</title>
  27.     </head>
  28.     <body>
  29. <?php
  30.  
  31. if( isset($_POST['customer'])){
  32.  
  33.     // You should at least be using MySQLi Funtions instead of MySQL, as MySQL functions are deprecated.
  34.     $conn = mysql_connect("localhost", "username", "password") or die( 'Cannot Connect to MySQL<br/>' . mysql_error());
  35.     mysql_select_db("warehouse###", $conn) or die ('Database not found ' . mysql_error( $conn ) );
  36.  
  37.     $customer = mysql_real_escape_string( $_POST['customer'] ); // MySQL injection protection
  38.    
  39.     $query = "SELECT customerID FROM customer WHERE customerID='{$customer}' LIMIT 1";
  40.     // No need to return all the data, if you are simply looking if it exists,
  41.     // one column will do. If you later want to also display the info, change
  42.     // the return column to appropriate column names or '*'
  43.  
  44.     $res = mysql_query($query) or die ("ERROR: sql = \"".$query."\"<br>" . mysql_error($conn) );
  45.     if($res && mysql_num_rows($res) === 1){ // If the results are valid (although the die with the query makes this check already) and the number of returned rows is 1, then you have success.
  46.         echo "Success";
  47.     } else {
  48.         echo "Fail";
  49.     }
  50. }else{
  51.     echo '<h2 style="color: #A00;">Error</h2>';
  52.     echo '<p>This page requires form input from here.</p>';
  53. }
  54. ?>
  55. </body>
  56. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!