CODEWITHSUNDEEP
phpmysql
Andreas Kruger
Andreas Kruger

Reputation: 21

My Website Search does not echo any results

I have made a Website Search and it does not echo any results but it shows how many results there are

This is the code:

<?php
$db = new mysqli('localhost','root','root','search');
if (isset($_GET['input'])) {
    $keywords = $db->escape_string($_GET['input']);

    $query = $db->query("
       SELECT Name, ProjectNumber, Hazard, Datedone
       FROM hira
       WHERE Name LIKE '%{$keywords}%'
       OR ProjectNumber LIKE '%{$keywords}%'
    ");
    ?>
    <div class="result-count">
        Found <?php echo $query->num_rows; ?> results
    </div>
    <?php
    if ($query->num_rows) {
        while ($r = $query->fetch_object()) {

        } 
        ?>
        <div class="results">
            <h3><?php echo $r->Hazard; ?></h3>
        </div>
    <?php
    }
}
?>
<div class="results">
    <h3><?php echo $r->Hazard; ?></h3>
</div>

When I search for "Andreas" I get as a result "Found 2 results" But the actual results do not show up

What have I done wrong Thanks in advance

Upvotes: 0

Views: 53

Answers (1)

Philipp
Philipp

Reputation: 2796

I am not exactly sure if this is how you result should look like, because there are some mistakes in your code. But this would give you the entries from your table.

Your mistake was to directly close the while-loop, so you are freeing the result on $r before actually using it.

$db = new mysqli('localhost', 'root', 'root', 'search');

if (isset($_GET['input'])) {
    $keywords = $db->escape_string($_GET['input']);
    $query = $db->query("
                SELECT Name, ProjectNumber, Hazard, Datedone
                FROM hira
                WHERE Name LIKE '%{$keywords}%'
                OR ProjectNumber LIKE '%{$keywords}%'");
    ?>
    <div class="result-count">
        Found <?php echo $query->num_rows; ?> results
    </div>
    <?php
    if ($query->num_rows) {
        while ($r = $query->fetch_object()) {
    ?>
            <div class="results">
                <h3><?php echo $r->Hazard; ?></h3>
            </div>
    <?php
        }
    }
}

A little better would be this solution. In your code you are already escaping the input, using prepared statementes is still more secure:

$db = new mysqli('localhost', 'root', 'root', 'search');

if (isset($_GET['input'])) {
    $keywords = "%" . $_GET['input'] . "%";
    $query = $db->prepare("
                SELECT Name, ProjectNumber, Hazard, Datedone
                FROM hira
                WHERE Name LIKE ?
                OR ProjectNumber LIKE ?");
    $query->bind_param("ss", $keywords, $keywords);
    $query->execute();
    $query->store_result();
?>
    <div class="result-count">
        Found <?php echo $query->num_rows; ?> results
    </div>
<?php    
    $query->bind_result($name, $projectNumber, $hazard, $dateDone);
    while ($query->fetch()) {
    ?>
        <div class="results">
            <h3><?php echo $hazard; ?></h3>
        </div>
    <?php
    }
}

Upvotes: 1

Related Questions