”) {
$search_string = ” AND (Name LIKE ‘%”.mysql_real_escape_string($_REQUEST[“string”]).”%’ OR Father_Name LIKE ‘%”.mysql_real_escape_string($_REQUEST[“string”]).”%’)”;
}
if ($_REQUEST[“Surname”]<>”) {
$search_Surname = ” AND Surname='”.mysql_real_escape_string($_REQUEST[“Surname”]).”‘”;
}
if ($_REQUEST[“from”]<>” and $_REQUEST[“to”]<>”) {
$sql = “SELECT * FROM “.$SETTINGS[“data_table”].” WHERE from_date >= ‘”.mysql_real_escape_string($_REQUEST[“from”]).”‘ AND to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_Surname;
} else if ($_REQUEST["from"]<>”) {
$sql = “SELECT * FROM “.$SETTINGS[“data_table”].” WHERE from_date >= ‘”.mysql_real_escape_string($_REQUEST[“from”]).”‘”.$search_string.$search_Surname;
} else if ($_REQUEST[“to”]<>”) {
$sql = “SELECT * FROM “.$SETTINGS[“data_table”].” WHERE to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_Surname;
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0″.$search_string.$search_Surname;
}
$sql_result = mysql_query ($sql, $connection ) or die (‘request “Could not execute SQL query” ‘.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
