Location: PHPKode > projects > Gsys > php/do_brother_search.php
<?PHP
//Filename : do_brother_search.php
//Description :  Search dbase for brothers
//Author :  darc
//Last modified :  2006.12.20

    include ('../includes/auth.php');
    include ('../includes/db.php');
	include ('../includes/vars.php');
	
//Define for page title
	$title = "Search Results for: \"$_POST[l_name]\"";

//Function to strip potentially harmful input
    function sql_quote( $value )
    {
        if( get_magic_quotes_gpc() )
            {$value = stripslashes( $value );}
        if( function_exists( "mysql_real_escape_string" ) )
            {$value = mysql_real_escape_string( $value );}
        else
            {$value = addslashes( $value ); }
        return $value;
    }

    $l_name = $_POST[l_name];
    $l_name = sql_quote($l_name);

    if($_POST[show_all] == true)
	{
    	$sql ="SELECT *  FROM $table_name WHERE status=\"active\" && l_name != \"\" ORDER BY l_name;";
    	$result = mysql_query($sql,$connection) or die(mysql_error());
	}
    else if($_POST[show_all] == false)
	{
    	$sql ="SELECT pin_num, username, l_name, f_name FROM $table_name WHERE status=\"active\" && l_name='$_POST[l_name]' ORDER BY f_name;";
    	$result = mysql_query($sql,$connection) or die(mysql_error());
	}

?>

<?php include ('../includes/header.php');?>

<h2>Search results for "<i><?php echo $_POST[l_name]; ?></i>"</h2>
<br>
<!-- setup table to display results -->
      <table border="1" width=100% cellpadding="0" cellspacing="0">
        <tr> 
          <td><center><strong>ID#</strong></center></td>
          <td><center><strong>Last Name</strong></center></td>
          <td><center><strong>First Name</strong></center></td>
          <td><center><strong>More Info?</strong></center></td>
        </tr>
<?php
//Loop to display results
    while ($row =mysql_fetch_array($result))
    {
		$id = $row['pin_num'];
		$f_name = $row['f_name'];
		$l_name = $row['l_name'];
        $username = $row['username'];
?>
        <tr> 
          <td><?php echo($id);?></td>
          <td><?php echo($l_name);?></td>
          <td><?php echo($f_name);?></td>
          <td><form method="POST" action="/php/directory_full_info.php">
              <input type="hidden" name="more_info" value="<?php echo $username; ?>">
              <center><input type="submit" name="submit" value="More Info"></center>
			  </form>
		  </td>
		  
<?php
//display functional buttons depending on who's viewing the page
    session_start();
    if($username == $_SESSION[current_user] && ($_SESSION[auth] != "ADMIN" || $_SESSION[auth] != "EC"))
        echo "<td>
				<form method=\"POST\" action=\"/php/brother_edit_info2.php\">
				<input type=\"hidden\" name=\"username\" value=\"$username\">
				<center><input type=\"submit\" name=\"edit\" value=\"Edit\"></center>
				</form>
			  </td>";

    else if($_SESSION[auth] == "ADMIN" || $_SESSION[auth] == "EC")
        echo "<td>
				<form method=\"POST\" action=\"/php/admin/brother_edit_info.php\">
				<input type=\"hidden\" name=\"username\" value=\"$username\">
				<center><input type=\"submit\" name=\"edit\" value=\"Edit\"></center>
				</form>
			  </td>";
?>
       </tr>
<?php
//close loop
    } 
?>
	  </table>
	  
<?php include ('../includes/footer.php');?>
Return current item: Gsys