0) { $ph_firstname = $_POST['ph_firstname']; } else { die ('Invalid first name'); } if (preg_match('/^[\w\d\s\-\._+]+$/', $_POST['ph_surname']) > 0) { $ph_surname = $_POST['ph_surname']; } else { die ('Invalid surname'); } if (preg_match('/^[\d\s\-+]+$/', $_POST['ph_number']) > 0) { $ph_number = $_POST['ph_number']; } else { die ('Invalid number'); } $cmd = 'INSERT INTO phone(id, surname, firstname, number) VALUES (\'null\', \''.$ph_surname.'\', \''.$ph_firstname.'\', \''.$ph_number.'\')'; if ($db->query($cmd) === true) { echo 'New record created successfully'; } else { die('Error: '.$db->error); } } //------------------------------------------------------------------- function draw_search() { echo '
'.PHP_EOL; echo '
Search:
'.PHP_EOL; echo '
'.PHP_EOL; } //------------------------------------------------------------------- function search_record($search) { global $db; //' OR '1=1'; INSERT INTO phone(id,surname,firstname,number) VALUES('null','konsole','test','222')' $query = "SELECT * FROM phone WHERE surname = '$search'"; echo $query.'
'; if(!$result = $db->query($query)){ die('There was an error running the query'.$db->error); } print_r($result); if ($result->num_rows == 0) { echo 'Nothing found'; } else { while($row = $result->fetch_assoc()) { echo '
'.PHP_EOL; echo 'Surname:'.$row['surname'].'
'.PHP_EOL; echo 'Firstname:'.$row['firstname'].'
'.PHP_EOL; echo 'Number:'.$row['number'].'
'.PHP_EOL; echo '
'.PHP_EOL; } } $result->free(); } //------------------------------------------------------------------- function show_form() { echo '
'.PHP_EOL; echo '
'.PHP_EOL; echo 'Surname:
'.PHP_EOL; echo 'Firstname:
'.PHP_EOL; echo 'Number:
'.PHP_EOL; echo ''.PHP_EOL; echo '
'.PHP_EOL; echo '
'.PHP_EOL; } //------------------------------------------------------------------- function show_all() { global $db; $query = 'SELECT * FROM `phone` ORDER BY `surname` DESC'; if(!$result = $db->query($query)){ die('There was an error running the query'.$db->error); } if ($result->num_rows == 0) { echo 'Nothing found'; } else { while($row = $result->fetch_assoc()) { echo '
'.PHP_EOL; echo 'Surname:'.$row['surname'].'
'.PHP_EOL; echo 'Firstname:'.$row['firstname'].'
'.PHP_EOL; echo 'Number:'.$row['number'].'
'.PHP_EOL; echo '
'.PHP_EOL; } } $result->free(); } //------------------------------------------------------------------- $db = new mysqli(SERVERNAME, USERNAME, PASSWORD, DBNAME); draw_search(); if ((isset($_POST['ph_surname'])) && (isset($_POST['ph_firstname'])) && (isset($_POST['ph_number']))) { add_record(); } elseif (isset($_POST['ph_search'])) { $search = preg_replace('/[^\w\d\s\.\-_+]/', '', $_POST['ph_search']); search_record($search); } else { show_form(); show_all(); } $db->close(); ?>