Location: PHPKode > projects > Gsys > php/do_pledge_search.php
<?PHP
//Filename : do_pledge_search.php
//Description : Search dbase for pledges
//Author :  darc
//Last modified :  2006.12.20
    include '../includes/auth.php';
    include '../includes/db.php';
	include '../includes/vars.php';

//Function to strip potentially harmful input
    function sql_quote( $value )
    {
        if( get_magic_quotes_gpc() )
            {$value = stripslashes( $value );}
        if( function_exists( "mysql_real_escape_string" ) )
            {$value = mysql_real_escape_string( $value );}
        else
            {$value = addslashes( $value ); }
        return $value;
    }

    $l_name = $_POST[l_name];
    $l_name = sql_quote($l_name);

    if($_POST[show_all] == true)
	{
    	$sql ="SELECT *  FROM $table_name WHERE status=\"pledge\" ORDER BY l_name;";
    	$result = mysql_query($sql,$connection) or die(mysql_error());
	}
    else if($_POST[show_all] == false)
	{
    	$sql ="SELECT pin_num, username, l_name, f_name FROM $table_name WHERE status=\"pledge\" && l_name='$_POST[l_name]' ORDER BY f_name;";
    	$result = mysql_query($sql,$connection) or die(mysql_error());
	}

?>

<html>

<head>
<title><?php echo "".$chapter. " :: Search Results for: ".$_POST[l_name]." :: " .$school.""; ?> </title>
<link href="../includes/index.css" rel="stylesheet" type="text/css">
</head>

<body class="body">
<br />
<table width="810" height="626" border="0" align="center" cellpadding="15">
  <tr> 
    <td height="128" colspan="3"><img src="../images/eg_banner.gif" width="810" height="172"></td>
  </tr>
  <tr> 
    <td width="27%" height="488" valign="top">
<?php include '../includes/nav.inc'; ?></td>
    <td width="53%"><h2>Search results for "<i><?php echo $_POST[l_name]; ?></i>"<br>
        <!-- setup table to display results -->
      </h2>
      <table border="1" width=100% cellpadding="0" cellspacing="0">
        <tr> 
          <td><center>
              <strong>ID#</strong></center></td>
          <td><center>
              <strong>Last Name</strong></center></td>
          <td><center>
              <strong>First Name</strong></center></td>
          <td><center>
              <strong>More Info?</strong></center></td>
        </tr>
        <?php
//Loop to display results
    while ($row =mysql_fetch_array($result))
    {
		$id = $row['pin_num'];
		$f_name = $row['f_name'];
		$l_name = $row['l_name'];
        $username = $row['username'];
?>
        <tr> 
          <td><?php echo($id);?></td>
          <td><?php echo($l_name);?></td>
          <td><?php echo($f_name);?></td>
          <td> <form method="POST" action="/php/directory_full_info.php">
              <input type="hidden" name="more_info" value="<?php echo $username; ?>">
              <center>
                <input type="submit" name="submit" value="More Info">
              </center>
            </form></td>
          <?php
//display functional buttons depending on who's viewing the page
    session_start();
    if($username == $_SESSION[current_user] && ($_SESSION[auth] != "ADMIN" || $_SESSION[auth] != "EC"))
        echo "<td><form method=\"POST\" action=\"/php/pledge_edit_info.php\"><input type=\"hidden\" name=\"username\" value=\"$username\"><center><input type=\"submit\" name=\"edit\" value=\"Edit\"></form></center></td>";

    else if($_SESSION[auth] == "ADMIN" || $_SESSION[auth] == "EC")
                    echo "<td><form method=\"POST\" action=\"/php/admin/pledge_edit_info.php\"><input type=\"hidden\" name=\"username\" value=\"$username\"><center><input type=\"submit\" name=\"edit\" value=\"Edit\"></form></center></td>";
?>
        </tr>
        <?php
    }  //close loop
?>
      </table></td>
  </tr>
</table>
</body>
</html>
Return current item: Gsys