"Eric Bolikowski" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > "Dimitri Marshall" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > > > "Sophie Mattoug" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > Paul Duggan wrote: > > > > > > >if I create a text box: > > > > > > > ><body> > > > > > > > ><form action="nextpage.html" method="GET" name="myform"> > > > > > > > > <input type="Text" name="surname" align="TOP" size="25"><br> > > > > > > > > <input type="Submit" value="Submit" align="MIDDLE"> > > > > > > > ></form> > > > > > > > > > > > >how do I go about extracting a surname from a mysql database? > > > > > > > > > > > > > > > >will it be something along the lines? > > > > > > > >select firstname,surname > > > >from employees > > > >where surname = textbox.surname; > > > > > > > > > > > > > > "SELECT firstname, surname FROM employees WHERE surname = > > > '{$_GET['surname']}'" > > > > You might also want to do it this way... > > > > "SELECT firstname, surname FROM employees WHERE surname = > > \"{$_GET['surname']}\"" > > > > Just in case their name is something like O'Neil, it won't interfere with > > your script. > > > > An even better way is this > > //process the surname, add slashes > $surname = addslashes($_GET['surname']); > > //make the query > $sqlquery = "SELECT firstname, surname FROM employees WHERE surname = > '$surname'"; > > This makes sure that if there is signs like " or ', they will be escaped ;-) >
Forgot one other thing that improves it even more: //process the surname, add slashes $surname = addslashes($_GET['surname']); //make the query $sqlquery = "SELECT firstname, surname FROM employees WHERE surname LIKE '%$surname%'"; You can add these percent signs( % ), in case you want to ensure that we get results where the surname in the db is somewhat the same as the search input. If for example the surname in the database is "neill", and the user using the search types "neil", then the extra %-signs will ensure that you find this entry. > > Good luck, > > Dimitri Marshall > > > > > > > > > > > > >new to this so im trying to get my head around it, basically i just > want > > to > > > >search a mysql database by someones surname. > > > > > > > >cheers! > > > > > > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php