Help with Php / Mysql form to delete books from db

Anyone??

Updated code The problem seems to be it isnt pulling anything from the database. Do you see any error in the php? Like nothing is being pulled at all. I'm trying title search for 'jQuery' and it isnt showing anything

p2.php

<html>

<style type="text/css">
input{font-size:1.4em;-moz-border-radius-topright: 10px; -moz-border-radius-topleft: 10px; -moz-border-radius-bottomright: 10px; -moz-border-radius-bottomleft: 10px;  -webkit-border-top-right-radius: 10px; -we开发者_运维百科bkit-border-top-left-radius: 10px; border-botton-left-radius: 10px; border-bottom-right-radius: 10px; border:1px solid #4186d3; color:#666;}
</style>

<body>

<fieldset>
<legend><h3>Delete a book</h3></legend>
<form action="p2send.php" method="post">
    <strong>Select a Search Type</strong> 
    <select name="searchtype">
        <option value="Author">Author</option>
        <option value="ISBN">ISBN</option>
        <option value="Title">Title</option>
    </select>
    <br>
    <input type="text" name="searchBox" />
    <br>
    <input type="submit" name="send" />
</form>
</fieldset>
</body>

</html>

p2send.php:

<?php
$con = mysql_connect("localhost","root","Jacked.1988");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("bookorama", $con);

// declare variables for select types
$titlevar = mysql_real_escape_string($_POST['bookTitle']);
$authorvar= mysql_real_escape_string($_POST['author']);
$isbnvar = mysql_real_escape_string($_POST['isbn']);
$pricevar = mysql_real_escape_string($_POST['price']);

// sql queries to run depending on selected
$sql="SELECT * FROM books WHERE title='$titlevar'";
$sql="SELECT * FROM books WHERE author='$authorvar'";
$sql="SELECT * FROM books WHERE isbn='$isbnvar'";


$res = mysql_query($sql,$con);
$result1 = mysql_fetch_assoc($res);

$result1 = mysql_fetch_assoc($res);
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

echo "Books to delete that matched your query:<br><br><input type='checkbox' name='book'> <strong>Title:</strong> $titlevar  <br> <strong>Author:</strong> $authorvar <br> <strong>ISBN:</strong> $isbnvar <br> <strong>Price:</strong> $pricevar " . "<br>";


mysql_close($con)
?>

---

There's actually a few things wrong with both scripts. As kjy112 pointed out your <select> will have no value since each <option> is missing their value attribute. Also, in your associative arrays you need to put quotes around your indexes. For example $_POST[searchtype] should be $_POST['searchtype'] or $_POST["searchtype"]. Something else I'm seeing is your SELECT statement appears to have invalid syntax. It seems that you're also trying to use $_POST variables in the statement that aren't actually there.

---

A few wrong things in your code:

• SELECT books (title, author, isbn, price) VALUES ('$_POST[bookTitle]','$_POST[author]','$_POST[isbn]', '$_POST[price]') is not a valid mysql query.

This is the way to do a select : "SELECT * FROM books WHERE title='$titlevar'";

• You will need to fetch the results from the database with something like

  $res = mysql_query($sql,$con);

  $result1 = mysql_fetch_assoc($res);

• <option> probably needs a value, for example <option value="title">Title</option>

• A select will only give you ONE value for searchtype being either 'author','isbn' or 'price'

• NEVER use $_POST[bookTitle] straight away in a query. Always use at the very least mysql_real_escape_string($_POST[bookTitle]) to prevent SQL injection

There is more... but if you can already fix the points I mentioned, you'll be closer to something that works

---

Please check your sql statement. It seems what your trying to do is a select but using the insert sintax...

SELECT books (title, author, isbn, price) VALUES '$_POST[bookTitle]','$_POST[author]','$_POST[isbn]', '$_POST[price]')