Im working on a PHP/SQL project where one of the html pages contains a register of customers. In order to find a specific customer i've implemented a search feature based on two input forms (first name, last name).
When the user initially loads the page every customer can be found in a table. When the user then searches for a customer only the matched customers will be displayed. When the page is refreshed or loaded again via the menu I want it to display every customer again. This is where my problem lies. I've tried to find a solution but still havn't found a any. I know I have to use unset($_SESSION['fname']) etc but I do not know where. If a search has been made and the user refreshes the page the search result is still there, how can I fix this? I've tried the unset on several places but it always ends up preventing me from doing a search and instead displays every customer.
I've posted the code below:
<?php
//Display all
if(!isset($_SESSION['fname']) && !isset($_SESSION['lname']))
{
$stmt = $dbh->prepare("SELECT * FROM customer ORDER BY lname");
$stmt->execute();
$res = $stmt->fetchAll();
}
//Perform a search
if(isset($_POST['search']))
{
if(!isset($_SESSION['fname']) && !isset($_SESSION['lname']))
{
$_SESSION['fname'] = $_POST['fname'];
$_SESSION['lname'] = $_POST['lname'];
header('location:customers.php');
}
}
//Display search result
if(isset($_SESSION['fname']) && isset($_SESSION['lname']))
{
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
//Enable binded param to be used in LIKE clause
$fnameString = '%'.$fname.'%';
$lnameString = '%'.$lname.'%';
$stmt = $dbh->prepare("SELECT * FROM customer WHERE fname LIKE :fname AND lname LIKE :lname");
$stmt->bindParam(':fname', $fnameString, PDO:: PARAM_STR);
$stmt->bindParam(':lname', $lnameString, PDO:: PARAM_STR);
$stmt->execute();
$res = $stmt->fetchAll();
}
//Print
foreach ($res as $row)
{
?>
<tr>
<td><a href="customer.php?id=<?php echo $row->id; ?>"><?php echo $row->fname." ".$row->lname; ?></a></td>
<td><p><?php echo $row->street; ?><p></td>
<td><p><?php echo $row->zip; ?></p></td>
<td><p><?php echo $row->city; ?></p></td>
<td><p><?php echo $row->email; ?></p></td>
<td><p><?php echo $row->phone; ?></p></td>
</tr>
<?php
}
?>
I see no reasons to use $_SESSION, I would just handle the search form as GET and check for params in the code.
<?php
//Display all
if(!$_GET['fname'] && !$_GET['lname'])
{
$stmt = $dbh->prepare("SELECT * FROM customer ORDER BY lname");
$stmt->execute();
$res = $stmt->fetchAll();
}else{
//Enable binded param to be used in LIKE clause
$fnameString = '%'.$_GET['fname'].'%';
$lnameString = '%'.$_GET['lname'].'%';
$stmt = $dbh->prepare("SELECT * FROM customer WHERE fname LIKE :fname AND lname LIKE :lname");
$stmt->bindParam(':fname', $fnameString, PDO:: PARAM_STR);
$stmt->bindParam(':lname', $lnameString, PDO:: PARAM_STR);
$stmt->execute();
$res = $stmt->fetchAll();
}
//Print
foreach ($res as $row)
{
?>
<tr>
<td><a href="customer.php?id=<?php echo $row->id; ?>"><?php echo $row->fname." ".$row->lname; ?></a></td>
<td><p><?php echo $row->street; ?><p></td>
<td><p><?php echo $row->zip; ?></p></td>
<td><p><?php echo $row->city; ?></p></td>
<td><p><?php echo $row->email; ?></p></td>
<td><p><?php echo $row->phone; ?></p></td>
</tr>
<?php
}
?>
if you do not wish to display the search string to the user, use POST.