// Search results page - formatting html has been omited.
<?php include 'db.inc.php'; // The basic SELECT statement $select = 'SELECT id, title, forename, surname, userlevel'; $from = ' FROM users'; $where = " WHERE userlevel='2'"; $forename = $_POST['forename']; if ($forename !='') { //Forename was specified $where .= " AND forename LIKE '%$forename%'"; $surname = $_POST['surname']; if ($surname !='') { //Surnamename was specified $where .= " AND surname LIKE '%$surname%'"; } ?> <?php $users = @mysql_query($select . $from . $where); if (!$users) { exit ('<p>Unable to abtain user list from the database'); } ?> <table> <tr><th>Username</th><th>Title</th><th>Forename</th><th>Surname</th><th>Options</th></tr> <?php while ($user = mysql_fetch_array($users)) { echo "<tr vlaign='top'>\n"; $id = $user['id']; $username = htmlspecialchars($user['username']); $title = htmlspecialchars($user['title']); $forename = htmlspecialchars($user['forename']); $surname = htmlspecialchars($user['surname']); echo "<td>$username</td><td>$title</td><td>$forename</td><td>$surname</td>\n"; echo "<td><a href='edituser.php?id=$id'>Edit</a> | <a href='deleteuser.php?id=$id' onClick=\"return confirm('WARNING: Deleted users cannot be retrieved. All files associated with that user will be deleted. Continue?');\">Delete</a></td>\n"; echo "</tr>\n"; } ?> </table>
