Home/ Questions/Q 7539247
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T07:19:55+00:00

Please can anyone help me with this? I have 2 tables, location and tickets

  • 0

Please can anyone help me with this?

I have 2 tables, location and tickets and what I have built so far is a form in a div that users enter the name of the city or town where they would like to see a live music performance. This form is submitted and an SQL statement is passed querying the location table. In another div, the users search query appears in a box on the screen. What I would like to do next is to write an SQL statement that will lookup the user’s query and dynamically display the relevant ticket information from the ticket table based on the location ID.

For example, the user types in ‘Newcastle’ as their search query, the location table finds the city of Newcastle and displays the user’s result in a div called ‘tickets’..I would like to display all the fields that correspond with ‘Newcastle’ from the ticket table.

The locationID is the primary key in the location table and has 3 other column, city, town and postcode.
The ticket table consists of ticketID being the primary key, the locationID being the foreign Key and the other fields i.e venue, tPrice, date and time. I think the problem im having is im not passing through the variable from the users query so that the ticket table can look it up and display the relevant information.

Here is the code for the form:

<div id="search">

    <form name="searchForm" id="searchForm" class="searchForm"  method="post">

   <input type="text" name="citySearch" id="citySearch" class="citySearch"   placeholder="Enter name city/town..." autofocus="autofocus" />

        <input type="submit" name="ticketSearch" id="ticketSearch" class="ticketSearch" value="Search" />


    </form>

</div>

Here is the code to display the user’s query:

  <div id="locationResult">

<?php

  include( 'classes/database_connection.php' );

      $cSearch = $_POST['citySearch'];

              $sql = "SELECT DISTINCT city FROM location WHERE city = '$cSearch'";

              mysql_query($sql) or die (mysql_error());
          $queryresult = mysql_query($sql) or die(mysql_error());

         while ($row = mysql_fetch_assoc($queryresult)) {
         $city = $row['city'];

         echo $row["city"];

        }
                                       mysql_free_result($queryresult);
        mysql_free_result($qResult);

        mysql_close($conn);
    ?>

    </div>
 </div>

This is where I want to display the ticket results from the ticket table:

    <div id="ticketsResults">

    <table class="ticketResult" border="0" cellspacing="5">
    <tr>
       <td><b>Venue</b></td>
               <td><b>Price</b></td>
               <td><b>Date</b></td>
               <td><b>Time</b></td>
               <td><b>Street View</b></td>
    </tr>

        <?php
            include( 'classes/database_connection.php' );

        $locID = $_POST['locationID'];
        $citySearch = $_POST['citySearch'];

                    $sQL = "SELECT locationID FROM location";

                  //Here is where I want it to display dynamic information rather than manually type the location
        $ticketSQL = "SELECT * FROM ticket NATURAL JOIN location WHERE city = 'Newcastle' ";

        mysql_query($sQL) or die (mysql_error());
            $qResult = mysql_query($sQL) or die(mysql_error());

        mysql_query($ticketSQL) or die (mysql_error());
            $result = mysql_query($ticketSQL) or die(mysql_error());


        while ($row = mysql_fetch_assoc($result)) {

    //  $ticketID = $row['ticketID'];

        $venue = $row['venue'];
        $ticketPrice = $row['tPrice'];
        $date = $row['date'];
        $time= $row['time'];

        echo "<tr>\n";
        echo "<td>$venue</td>\n";
        echo "<td>&pound$ticketPrice</td>\n";
        echo "<td>$date</td>\n";
        echo "<td>$time</td>\n";
            echo "<td>Click to see</td>\n";
        echo "</tr>\n";

        }

           mysql_free_result($qResult);
           mysql_free_result($result);
           mysql_close($conn);


    ?>
       </table>
    </div>

So basically, I’m wanting an SQL statement that dynamically displays the tickets according to the user’s query. Sorry about the copious amount of code! Any help given is greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Before you do anything else I think you should work on your coding style, specifically your indentation. A quick google search should do the trick. Next look into mysql prepared statements because currently your code is unsafe. Like jordanm said, it is subject to SQL injection.

    For example, if someone entered blah’ OR ‘x’=’x as a city name. Your query would become

    SELECT DISTINCT city FROM location WHERE city = 'blah' OR 'x'='x';

    Basically it allows the user to do naughty things with your query, and you don’t want that.

    Below is a sample of how you can avoid this using mysql prepared statements:

    // basic quick raw example
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
$stmt = $mysqli->prepare('SELECT DISTINCT city FROM location WHERE city = ?');
$stmt->bind_param('s',$city_name);
$stmt->execute();
$stmt->bind_result($city);
while ($stmt->fetch())
{
    echo $city;
}

    That’s all I’m going to leave you with because I feel like to answer the actual question (?) I will need to write the code for you. Goodluck

    • 0