CODEWITHSUNDEEP
phpmysql
user2979323
user2979323

Reputation: 9

Search Function using PHP/MYSQL

I'm trying to create a search function. I've been researching and editing after getting a few errors and now I get no errors but nothing is echoed. I'm completely stumped I was wondering if anyone knew what was wrong with it. Thanks ahead of time! :D 

<html>
<head>
<title>Search Query</title>
</head>

<body>
<?php
$con = mysql_connect ("localhost", "root", "");
mysql_select_db ("music", $con);

if (!$con)
{ 
die ("Could not connect: " . mysql_error());
} 
$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%term%'") or die (mysql_error());

while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)){
echo 'Title: ' .$row['Title'];
echo '<br /> Artist: ' .$row['Artist'];
echo '<br /> Album: '.$row['Album'];
echo '<br /> Location: '.$row['Location'];
echo '<br /> Media: '.$row['Media']; 
}

mysql_close($con);
?>
</body>
</html>

This is the form i use:

<form action="search.php" method="post">
Search: <input type="text" name="term" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

Upvotes: 0

Views: 563

Answers (4)

pratim_b
pratim_b

Reputation: 1190

$term = mysql_real_escape_string($_POST['term']);

if ($stmt = $mysqli->prepare("select *
                               . "  from entries"
                               . " where Title like ?")) 
    {
       $stmt->bind_param("i", "%$term%");
       $stmt->execute();
       //then fetch value
    } else {
      /* handle SQL error */
    }

Upvotes: 0

Sunil Kumar
Sunil Kumar

Reputation: 1381

index.php

<!DOCTYPE html>
<head>
<title>Untitled Document</title>
</head>
<body>
<form action="search.php" method="post">
Search: <input type="text" name="term" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

search.php

<html>
<head>
<title>Search Query</title>
</head>

<body>
<?php

if($_POST['term']){

    $term = mysql_real_escape_string($_POST['term']);

$con = mysql_connect ("localhost", "root", "");
mysql_select_db ("music", $con);

if (!$con)
{ 
die ("Could not connect: " . mysql_error());
} 
$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%" . $term . "%'") or die (mysql_error());

while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)){
echo 'Title: ' .$row['Title'];
echo '<br /> Artist: ' .$row['Artist'];
echo '<br /> Album: '.$row['Album'];
echo '<br /> Location: '.$row['Location'];
echo '<br /> Media: '.$row['Media']; 
}

mysql_close($con);
}else{
    echo 'No search term found';
}
?>
</body>
</html>

Place both pages in same folder.

Upvotes: 0

Noam Rathaus
Noam Rathaus

Reputation: 5598

Your PHP code is incorrect, you are using 'term' as a string, rather than as a PHP value, you need to make it into $_GET["name"] so it looks like this

$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%". $_GET["term"] ."%'") or die (mysql_error());

!!!HOWEVER!!! this is very insecure, as it would allow someone to SQL inject your application. So don't use it like this. Filter the provided value of 'term' and leave only A-Za-z0-9 (or similar) behind, remove the rest using a regex.

Upvotes: 0

Albert Kozłowski
Albert Kozłowski

Reputation: 476

You have to pass variable to this query:

$term = mysql_real_escape_string($_GET['term']);
mysql_query("SELECT * FROM entries WHERE Title LIKE '%" . $term . "%'");

Upvotes: 2

Related Questions