[rjtubera]

<?php
  $search = "%" . $_POST["search"] . "%";
 
  mysql_connect ("localhost", "root", "root");
  mysql_select_db ("enrollment");
 
  $query = "SELECT * FROM student WHERE student_id LIKE '$search'";
  $result = mysql_query ($query);
 
 if ($row = mysql_fetch_array ($result)) {
    do {
	echo "<form><blockquote><fieldset width=\"1px\"><legend><h1
	class = \"p3\">STUDENT INFORMATION</h1></legend>";
	echo "<h4> ID Number:" . $row['student_id'];
	
	echo "<br/>";

	echo "<h4> Name: ".
		 $row['LastName'] . " ".
		 $row['FirstName']. " ".
		$row['MiddleName']. "<br/>";
	echo "<h4>Gender: ".
		$row['Gender'] ."<br/>";
	echo "<h4>Birthdate: ".
		$row['Birthdate'] ."<br/>";
	echo "<h4>Religion: ".
		$row['Religion'] ."<br/>";
	echo "<h4>Address: ".
		$row['Address'] ."<br/>";
	echo "<h4>Age: ".
		$row['Age'] ."<br/>";
	echo
		"</fieldset></blockquote></form>";
    }while($row = mysql_fetch_array ($result));
	} else {echo "<font size=18> SORRY, NO RECORDS WERE FOUND! </font>";} 
   
?>
<form action="FrontPage.html"><input type="submit" value="Back"/> </form>
<form action="Editing.html"><input type="submit" value="Edit Student Information"/> </form>

Hello.. Umm.. I'm stuck with this $search = "%" . $_POST["search"] . "%"; I want to transfer its value to another php script file. Because I will use that value in my update condition in my next php file. So search variable basically holds the id number the user inputs in my UI. What I want is, when the user enters a correct id number that is existing in my database he/she has an option to edit its information. but im stuck ryt now. i dont know how to get the id number the user has inputted. hre's my update statement i wonder if its correct.

<?php
$search = $_POST["search"];
$religion = $_POST["religion"];
   $address = $_POST["address"];
   $Courses = $_POST["Courses"];
   $Sections = $_POST["Sections"];
   
$con = mysql_connect("localhost","root","root");
mysql_select_db("enrollment");

if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

$query ="UPDATE student SET religion = '$religion', address = '$address', courseID = '$Courses', sectionID = '$Sections'
WHERE student_id = '$search'";
$result = mysql_query($query);
?>

[japanir]

Create a form method='POST', and have a text field to input id.
pass the vlaue on submit to other script and access it with the $_POST array.
As for the text, you can pass it as an input type='hidden' in the form.

I am not sure if I understand the question. If so, could you please provide more info?

[CTphpnwb]

You either need to use a session variable (to keep track of whether or not they're logged in) or simply use the variable in the next included file:

<?php
$x = "some value";
include("somefile.php");
?>

somefile.php:

<?php
echo $x;
?>

Your current code is redundant ($x = $_POST['x'] is a waste of processor cycles) and begging to get your site hacked. Look up SQL injection attacks.

[rjtubera]

@CTphpnwb: Is my Update statement correct?

[CTphpnwb]

No. It uses unfiltered data supplied by the user. That is WRONG and will cause big problems.

This post has been edited by CTphpnwb: 18 May 2011 - 09:15 AM

[codeprada]

Your UPDATE statement appears to be correct but out of curiosity is student_id wrapped in %?

Another thing don't enter information into your database before sanitizing it. Always use mysql_real_escape_string or mysqli_real_escape_string. An even better way of sanitizing is using Prepared Statements which will do the sanitizing for you.