ansaurus

Question

Answer 1

+2 A:

You will find the value in the $_POST[] array.

$result = mysql_query("SELECT * FROM students WHERE ADDRESS = '{$_POST["grup"]}'");

This approach can be dangerous though - you'll want to also sanitize your $_POST[] data against SQL injection attacks - of which there are plenty of tutorials available.

Nat Ryall 2010-01-18 13:38:25

thanks man! super thanks,

2010-01-18 13:41:43

AlexV's example protects against the SQL injection I mentioned - I'd use his approach :)

Nat Ryall 2010-01-18 13:43:36

Nat, it's funny how 2 person can post the almost the same answer at the same time and with the same refs links! :)

AlexV 2010-01-18 13:47:09

Yeah I thought that too :)

Nat Ryall 2010-01-18 15:11:23

Answer 2

+1 A:

$_POST['grup'] will contain the value in the field when posted.

Then do something like:

$result = mysql_query(sprintf("SELECT * FROM students WHERE ADDRESS='%s'", mysql_real_escape_string($_POST['grup'], $con)));

If you dont escape the POST value with sprintf and mysql_real_escape_string you can be targeted by SQL injection attacks.

http://en.wikipedia.org/wiki/SQL_injection

AlexV 2010-01-18 13:40:34

You can also use WHERE ADDRESS LIKE '%%%s%%' to search the substring (POST value) anywhere in the string (field ADDRESS)

AlexV 2010-01-18 13:44:51

ansaurus

tags:

views:

answers:

List records in mysql using php

related questions