2

Okay so I had been trying this for very long . But i couldn't succeed so i need your kind help .

In another file I had submitted my entries into databse with no problems .Now i created a file ppp.html file to help user update database . here is ppp.html 

<html>
  <form action="l.php" method="post">
    <input type ="text" name ="complaint">
    <input type="text" name="dte"></input>
    <input type="submit"></input>
  </form>
</html>

I diverted the file to l.php .The function of l.php will be to show data from database . i have added one condition in query where category=$complaint .it works properly but now i need two conditions where category =$complaint and also where dte=$date How to do that . Here is l.php file 

<?php
$complaint = "";
if (isset($_POST['complaint'])) {
    $complaint = $_POST['complaint'];
}

$dte = "";
if (isset($_POST['date'])) {
    $dte = $_POST['date'];
}

mysql_connect("localhost", "root", "") or die("couldnt attack ");
mysql_select_db("site")or die('i surrender');
$query = ("SELECT * FROM site2 where category='$complaint'") or die("couldnt select");
$result = mysql_query($query) or die('hghyt');
while ($complaint = mysql_fetch_array($result)) {
    echo"<td>" . '<br>' . $complaint['category'] . "</tr>";
    echo "<td>" . '<br>' . $complaint['quantity'] . "</tr>";
    echo "<td>" . '<br>' . $complaint['place'] . "</tr>";
    echo "<td>" . '<br>' . $complaint['dte'] . "</tr>";
    ECHO"<TR>" . "<A HREF='update.php?complaint=" . $complaint['category'] . "'>" . "UPDATE" . "</A>";
    echo "<br/>";
    ECHO"</table>";
}
?>
Pardeep Dhingra
  • 3,746
  • 6
  • 27
  • 52
Daksh Bhardwaj
  • 25
  • 2
  • 3
    mysql_* extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO_MySQL](http://php.net/manual/en/ref.pdo-mysql.php) extension should be used. – AddWeb Solution Pvt Ltd Jan 13 '16 at 08:20
  • 1
    An aside. I don't think the `
    ` tag is self closing, so you should close it in your HTML. Also, be consistent with your closing of the `` tags.
     – Drumbeg Jan 13 '16 at 08:28

3 Answers3

2

You add AND to the SQL statement. Like this:

("SELECT * FROM site2 where category='$complaint' AND dte='$dte'");

You should always escape or bind your variables in order to protect yourself from SQL injection. For further reading about SQL injection: What is SQL injection?

You shouldn't even be using mysql_*. Read this: Why shouldn't I use mysql_* functions in PHP?

Edit:

$query = "SELECT * FROM site2 where category='$complaint' AND dte='$dte'";
Community
  • 1
  • 1
Jacob
  • 1,817
  • 2
  • 15
  • 29
0

Just add AND to your WHERE conditions like this:

$query=("SELECT * FROM site2 WHERE category='$complaint'" AND dte='$dte'")

But you should use PDO.

HJerem
  • 532
  • 4
  • 25
0
$queryString ='';
$complaint = "";
if (isset($_POST['complaint'])) {
    $complaint = $_POST['complaint'];
    $queryString = "where category='$complaint'";
}

$dte = "";
if (isset($_POST['date'])) {
    $dte = $_POST['date'];
    if($queryString==""){
$queryString = "where dte='$dte'";
}else{
$queryString .= "and dte='$dte'";
}



mysql_connect("localhost", "root", "") or die("couldnt attack ");
mysql_select_db("site")or die('i surrender');
$query = ("SELECT * FROM site2 $queryString") or die("couldnt select");
Charanjeet Singh
  • 145
  • 5