| Linux premium274.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64 Path : /home/whagcoha/ledger.mwagalwaservices.com/ |
| Current File : /home/whagcoha/ledger.mwagalwaservices.com/search.php |
<?php
if ((!isset($_SESSION['gen256'])) ) {
echo "<script>
window.open('login.php','_self');
</script>";
}
?>
<?php
include 'dbconfig/db.php';
// Database connection parameters
// Get the search term from the query string
$search = isset($_GET['search']) ? $_GET['search'] : '';
// Sanitize the search term to prevent SQL injection
$search = $conn->real_escape_string($search);
// Prepare the SQL query with a LIKE clause to search for the term
$query = "SELECT
th.SerialNumber,
d.Department as Department,
th.staffId,
th.TransferDate,
pd.Department as PreviousDepartment,
th.PreviousstaffId as PreviousStaffId
FROM
transfer_history th
JOIN
department d ON th.Department = d.Depid
JOIN
department pd ON th.PreviousDepartment = pd.Depid
WHERE
th.SerialNumber LIKE '%$search%' OR
d.Department LIKE '%$search%' OR
th.staffId LIKE '%$search%' OR
th.TransferDate LIKE '%$search%' OR
pd.Department LIKE '%$search%' OR
th.PreviousstaffId LIKE '%$search%'";
// Execute the query
$result = $conn->query($query);
// Check if there are results
if ($result->num_rows > 0) {
// Output data for each row
while ($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . htmlspecialchars($row["SerialNumber"]) . "</td>";
echo "<td>" . htmlspecialchars($row["Department"]) . "</td>";
echo "<td>" . htmlspecialchars($row["staffId"]) . "</td>";
echo "<td>" . htmlspecialchars($row["TransferDate"]) . "</td>";
echo "<td>" . htmlspecialchars($row["PreviousDepartment"]) . "</td>";
echo "<td>" . htmlspecialchars($row["PreviousStaffId"]) . "</td>";
echo "</tr>";
}
} else {
echo "<tr><td colspan='6'>No transfer history found</td></tr>";
}
// Close the connection
?>