search.php

Source of search.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
    <title>search.php</title>
    <style type = "text/css">
      table, th, td {
        border: 1px solid black;
      }      
    </style>
  </head>

  <body>
    <h1>My Contacts</h1>
  <?php
  
  $sql = processInput();
  printResults($sql);
  
  function processInput(){
    //extract information from previous form and build a safe query
    $srchVal = $_POST["srchVal"];
    $srchField = $_POST["srchField"];

    $conn = mysql_connect("localhost", "user", "password");
    $srchVal = mysql_real_escape_string($srchVal, $conn);
    $srchField = mysql_real_escape_string($srchField, $conn);
    
    $sql = "SELECT * FROM contact WHERE $srchField LIKE '%$srchVal%'";
    return $sql;
     
  } // end processInput
  
  function printResults($sql){
    $conn = mysql_connect("localhost", "user", "password");
    mysql_select_db("xfd");

    $result = mysql_query($sql, $conn);

    print "  <table> \n";

    //get field names first
    print "      <tr> \n";
    while ($field = mysql_fetch_field($result)){
      print "        <th>$field->name</th> \n";
    } // end while
    print "      </tr> \n";

    while ($row = mysql_fetch_assoc($result)){
      print "      <tr> \n";
      foreach ($row as $name => $value){
        print "        <td>$value</td> \n";    
      } // end foreach
      $count++;
      print "      </tr> \n";

    } // end while loop

    print "    </table> \n";
  } // end printResults  
  ?>
  </body>
</html>