-1

I want to get user-input by HTML form input field and then send this input into the SQL query. I have tried the method I googled but there's no value selected. The SQL query worked when I gave the value directly in the SQL query.

<body>
  <div class="testbox">
    <form action="train.php" method="POST">

      <div class="item">
        <div class="train-item">
          <p>Departure Station </p>
          <input type="text" name="depart" required />
        </div>

        <div class="train-item">
          <p>Arrival Station</p>
          <input type="text" name="arrive" required />
        </div>

      <div class="btn-block">
        <button type="submit" name="search" href="/">Search</button>
      </div>
  </div>
  </form>
  </div>

    <?php

    if(isset($_POST['search'])){ // Fetching variables of the form which travels in URL
      $depart = $_POST["depart"];
      $arrive = $_POST["arrive"];
      $sql = "SELECT ttype.TyName, train.TraNo, a.StaName dsta, c.Time dtime ,b.StaName asta , d.Time atime 
                      FROM (((((ttype RIGHT JOIN train
                      ON ttype.TyNo=train.TyNo)
                      RIGHT JOIN pass c
                      ON train.TraNo=c.TraNo)
                      RIGHT JOIN station a
                      ON a.StaNo=c.StaNo)
                      RIGHT JOIN pass d
                      ON train.TraNo=d.TraNo)
                      RIGHT JOIN station b
                      ON b.StaNo=d.StaNo)      

                      WHERE c.Time < d.Time
                      AND a.StaName='.$depart' 
                      AND b.StaName='.$arrive' ";
            $result = mysqli_query($link, $sql) or die("can't reach" . mysqli_error( ));
            $rows = mysqli_num_rows($result);    
            $cols = mysqli_num_fields( $result); 

            $train_table = "";
            $train_table .= "This query has ". $rows ." data";
        $train_table .= ",and include". $cols ."columns";
        ?>

The above code showed "This query has 0 data, and includes 6 columns.

EDIT: Thanks for helping and informing me about the SQL injection. It's for a term-project for a course at university. The result will only be shown to my classmates and professor and I am the only one who will be access to the whole system. Thanks again.

The reason I posted my own question is that I am not familiar with PHP nor HTTP language and couldn't find the exact problem with my code. In other words, I am not sure the problem is located in the HTTP part or the PHP part.

Improve this question
4
  • share your db structure for the tables and what output you require. Only then we can suggest you anything Commented Dec 26, 2019 at 10:23
  • plz check my answer and let me know if your query is working now? Commented Dec 26, 2019 at 10:40
  • Does this answer your question? How to include a PHP variable inside a MySQL statement Commented Dec 26, 2019 at 14:26
  • @Dharman Thanks for the information. The reason I posted my own question is that I am not familiar with PHP language and couldn't find the exact problem with my code. In other words, I am not sure the problem is located in the HTTP part or the PHP part. Commented Dec 27, 2019 at 3:32

2 Answers 2

Reset to default
0

I don't know your DB structure. As you are saying query is working in MYSQL, try the following:

$sql = "SELECT ttype.TyName, train.TraNo, a.StaName dsta, c.Time dtime ,b.StaName asta , d.Time atime 
FROM (((((ttype RIGHT JOIN train
ON ttype.TyNo=train.TyNo)
RIGHT JOIN pass c
ON train.TraNo=c.TraNo)
RIGHT JOIN station a
ON a.StaNo=c.StaNo)
RIGHT JOIN pass d
ON train.TraNo=d.TraNo)
RIGHT JOIN station b
ON b.StaNo=d.StaNo)      

WHERE c.Time < d.Time
AND a.StaName = '".$depart."' 
AND b.StaName='".$arrive."'";

Issue is here:

AND a.StaName='.$depart' AND b.StaName='.$arrive' ";

You can check more detail for concatenation at: Concatenating strings having dot(period) in php

Its also not good to use above code which is prone to SQL Injection. Try Prepared statements. You can get a very basic tutorial here:

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

stackoverflow.com/questions/59483442/… Hi! I have provided a reference photo in this question.
I got it. Try the above answer and check if it works.. just change your SQL query in code as written above in my answer.. @naomi
Please don't post answers only pointing out a typographical issue or a missing character. Such answers are unlikely to help future visitors since they are specific to OP's code. Instead, flag or vote to close the question as off-topic as per the help center.
0

try without point in query

WHERE c.Time < d.Time
    AND a.StaName='$depart' 
    AND b.StaName='$arrive' ";
Improve this answer

1 Comment

Please don't post answers only pointing out a typographical issue or a missing character. Such answers are unlikely to help future visitors since they are specific to OP's code. Instead, flag or vote to close the question as off-topic as per the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.