Home/ Questions/Q 8109555
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T01:27:29+00:00

I am still pretty new to PHP so forgive me if I am overlooking

  • 0

I am still pretty new to PHP so forgive me if I am overlooking something easy. I am trying to build a member search form that allows people to find a member by entering one or more criteria: first name or username, city, state, country, or by email address. The form works if a single field is entered, or multiple fields ONLY when the name/username field has a value. Assuming it’s a logic issue. Thanks in advance.

if (!isset($_POST['fname']))
{
//If not isset -> set with dummy value
$_POST['fname'] = "undefine";
} 
if (!isset($_POST['city']))
{
//If not isset -> set with dummy value
$_POST['city'] = "undefine";
} 
if (!isset($_POST['state']))
{
//If not isset -> set with dummy value
$_POST['state'] = "undefine";
} 
if (!isset($_POST['country']))
{
//If not isset -> set with dummy value
$_POST['country'] = "undefine";
} 
if (!isset($_POST['email']))
{
//If not isset -> set with dummy value
$_POST['email'] = "undefine";
} 

// DEFAULT QUERY STRING
$queryString = '';

if ($_POST['fname'] != '') {
  $fname = $_POST['fname'];
  $fname = stripslashes($fname); 
  $fname = strip_tags($fname);
  $fname = preg_replace('#[^A-Za-z 0-9]#i', '', $fname);
  $fname = mysql_real_escape_string($fname);
  $queryString = "(firstname LIKE '%$fname%' OR username LIKE '%$fname%')";
} else {
  $queryString = '';
} 

if ($_POST['city'] != '') {

    if (($_POST['fname'] != '') || ($_POST['state'] != '') || ($_POST['country'] != '') || ($_POST['email'] != '')){
        $city = $_POST['city'];
        $city = stripslashes($city); 
        $city = strip_tags($city);
        $city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
        $city = mysql_real_escape_string($city);
      $queryString .= " AND city='$city'";
    }  else {
  $city = $_POST['city'];
        $city = $_POST['city'];
        $city = stripslashes($city); 
        $city = strip_tags($city);
        $city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
        $city = mysql_real_escape_string($city);
  $queryString .= "city='$city'";
  } 
  } else {
  $queryString .= '';
}   

if ($_POST['state'] != '') {

    if (($_POST['fname']) || ($_POST['city']) || ($_POST['country']) || ($_POST['email'])){
      $state = $_POST['state'];
        $state = stripslashes($state); 
        $state = strip_tags($state);
        $state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
        $state = mysql_real_escape_string($state);
      $queryString .= " AND state='$state'";
    }  else {
  $state = $_POST['state'];
        $state = stripslashes($state); 
        $state = strip_tags($state);
        $state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
        $state = mysql_real_escape_string($state);
  $queryString .= "state='$state'";
  } 
  } else {
  $queryString .= '';
}   

if ($_POST['country'] != '') {

    if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['email'])) {
  $country = $_POST['country'];
  $queryString .= " AND country='$country'";
  }
  else {
  $country = $_POST['country'];
  $queryString .= "country='$country'";
  }
} else {
  $queryString .= '';
}   

if ($_POST['email'] != '') {

    if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['country'])){
      $email = $_POST['email'];
                $email = stripslashes($email); 
        $email = strip_tags($email);
        $email = preg_replace('#[^A-Za-z 0-9,.@-]#i', '', $email);
        $email = mysql_real_escape_string($email);
      $queryString .= " AND email='$email'";
    }  else {
  $email = $_POST['email'];
  $queryString .= "email='$email'";
  } 
  } else {
  $queryString .= '';
}   

//////////////  QUERY THE MEMBER DATA USING THE $queryString variable's value
$sql = mysql_query("SELECT id, username, firstname, city, state, country FROM members WHERE $queryString AND emailactivated='1' ORDER BY id ASC");
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    // get all posted data like this 

    if(isset($_POST['fname']))
{
   $fname=$_POST['fname'];
}

    //get all field values 

    if(empty($fname))
{
}
else
{
     $where . ="fname=$fname and ";
}  
//Check and build where for each field 

//  then remove the last and 

$where  = rtrim($where, ' AND ');

if (empty($where)) {
         $where_str = NULL;
      } else {
         $where_str = "WHERE $where";
      } 

$query ="select fieldNames from tableName ";

$query . =$where_str;
    • 0