CODEWITHSUNDEEP
phpmysqlmysqli
Michael Desmadril
Michael Desmadril

Reputation: 55

No results during a search through Mysqli

I'm having the problem to pull out data from my database through a search field. I'm trying to protect my searchfield against Sql injection at the same time. Adding data to my database is working fine, and I think i did fine safetywise. Yet, pulling the data out seems to be harder.

All i'm trying to achieve is getting all the data from the person. I'm looking for "Bart" in my search field, so show me all the data from all the Barts in my database.

This is my HTML 

    <!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>title</title>
    <link rel="stylesheet" href="style.css">
    <link href='http://fonts.googleapis.com/css?family=Raleway:200' rel='stylesheet' type='text/css'>
    <script src="script.js"></script>
  </head>
  <body>
      <table class="table_form">
        <form method="POST" action="test.php">
          <tr>
            <td>Voornaam: </td><td><input type="text" name="Voornaam"></td>
          </tr>
          <tr>
            <td>Achternaam: </td><td><input type="text" name="Achternaam"></td>
          </tr>
          <tr>
            <td>Adres: </td><td><input type="text" name="Adres"></td>
          </tr>
          <tr>
            <td>Discipline: </td><td><input type="text" name="Discipline"></td>
          </tr>
          <tr>
            <td>Graad: </td><td><input type="text" name="Graad"></td>
          </tr>
          <tr>
            <td>Voeg toe aan databank: </td><td><input type="submit" name="Adddb" value="Bevestigen"></td>
          </tr>
         </form>

      </table>


      <table class="table_form">
            <form method="POST" action="test.php">
                <tr>
                    <td>Zoeken</td><td><input type="text" name="Voornaam" /></td>
                </tr>
                <tr>
                    <td>Bevestigen</td><td><input type="submit" name="zoeken" /></td>
                </tr>

            </form>
      </table>

<div class="field">
<?php
  require_once 'isset.php';
?>
</div>
 </body>
</html>

This is the PHP

<?php
    require_once 'login.php';
    $db_con= new mysqli($db_host, $db_username, $db_password, $db_database);
    $db_con->set_charset("utf8");
    if($db_con->connect_error) die ("(" . $db_con->connect_error . " Error during connection");


    if(isset($_POST['Adddb'])){
        $stmt = $db_con->prepare("INSERT INTO customers (Voornaam, Achternaam, Adres, Actief, Discipline, graad) VALUES(?,?,?,NOW(),?,?)");


        $stmt->bind_param("sssii",$voornaam, $achternaam, $adres, $discipline,$graad);

        $voornaam = $_POST['Voornaam'];
        $achternaam = $_POST['Achternaam'];
        $adres = $_POST['Adres'];
        $discipline = $_POST['Discipline'];
        $graad = $_POST['Graad'];
        $stmt->execute();

        echo "New records created successfully";

        $stmt->close();
        $db_con->close();

    }


    if(isset($_POST['zoeken'])){

        $stmte = $db_con->prepare="SELECT * FROM customers WHERE Voornaam = (?)";
        $stmte->bind_param("s", $zoeknaam);

        $zoeknaam = $_POST['Voornaam'];
        $stmte->execute();

        echo $zoeknaam;



    }







?>

Am i wrong to think that i'm not fetching something? And that is the reason i'm not getting anything?

EDIT ------>

Edited version as suggested below: Errors are gone but no results show up:

<?php

    require_once 'login.php';
    $db_con= new mysqli($db_host, $db_username, $db_password, $db_database);
    $db_con->set_charset("utf8");
    if($db_con->connect_error) die ("(" . $db_con->connect_error . " Error during connection");

if(isset($_POST['zoeken'])){

    $zoeknaam = $_POST['Zoek']; // declare the input here
    $stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
    $stmte->bind_param("s", $zoeknaam); // then use inside here
    $stmte->execute();


    $rows = $stmte->num_rows;


    for($i=0; $i < $rows; $i++){
        $row=mysqli_fetch_array($stmte, MYSQLI_ASSOC);
        echo $row['Voornaam'] . '<br/>';
    }







    /*if($stmte->num_rows > 0) {
    $results = $stmte->get_result();
    while($row = $results->fetch_assoc()) {

    echo $row['Achternaam'] . '<br/>';
        // and other columns
    }*/
}



?>

Upvotes: 1

Views: 77

Answers (1)

Kevin
Kevin

Reputation: 41885

You should fetch the results properly by using ->get_result(). After that, you would be able to use ->fetch_assoc(). Example:

$zoeknaam = $_POST['Voornaam']; // declare the input here
$stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
$stmte->bind_param("s", $zoeknaam); // then use inside here
$stmte->execute();

if($stmte->num_rows > 0) {
    $results = $stmte->get_result();
    while($row = $results->fetch_assoc()) {
        echo $row['Voornaam'] . '<br/>';
        echo $row['Achternaam'] . '<br/>';
        // and other columns
    }
}

If unfortunately, you do not have mysqlnd in your environment (if ->get_result() turns out the be Call to undefined method). Here's another way:

$zoeknaam = $_POST['Voornaam'];
$stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
$stmte->bind_param("s", $zoeknaam);
$stmte->execute();

// get all columns
$meta = $stmte->result_metadata(); 
while ($field = $meta->fetch_field()) { 
    $params[] = &$row[$field->name]; 
}

call_user_func_array(array($stmte, 'bind_result'), $params);
while ($stmte->fetch()) { 
    echo $row['Voornaam'] . '<br/>';
    echo $row['Achternaam'] . '<br/>';
}

Upvotes: 1

Related Questions