CODEWITHSUNDEEP
phphtmlsql
NotAFriendlyTurtle
NotAFriendlyTurtle

Reputation: 17

Showing only the search results without displaying the whole table

I want the webpage to show the results once the search button is clicked. Currently, the whole table is displayed while the page is loading. If I change the value of the variable $sql from “Select * FROM users” then the search query doesn’t work anymore

I’m using XAMPP with webpage being a php file and the database is Mariadb

users table

+--------+-------------+---------------+--------------------------+--------+
|    ID  |  firstname  |  lastname     |    address               |  count |
|        |             |               |                          |        |
+--------------------------------------------------------------------------+
|     1  |    john     |    doe        |james street, idaho, usa  |  2     |                    
|        |             |               |                          |        |
+--------------------------------------------------------------------------+
|     2  |    cindy    |   smith       |rollingwood av,lyn, canada| 1      |
|        |             |               |                          |        |
+--------------------------------------------------------------------------+
|     3  |    rita     |   chatsworth  |arajo ct, alameda, cali   | 0      |
|        |             |               |                          |        |
+--------------------------------------------------------------------------+
|     4  |    randy    |   plies       |smith spring, lima, (peru)| 1      |                       
|        |             |               |                          |        |
+--------------------------------------------------------------------------+
|     5  |    Matt     |   gwalio      |park lane, (atlanta), usa | 2      |
|        |             |               |                          |        |
+--------------------------------------------------------------------------+

The webpage with search bar.

<?php
ini_set('memory_limit', '1042M');
$localhost = "localhost";
$username = "root";
$password = "";
$dbname = "samueldb";
$con = new mysqli($localhost, $username, $password, $dbname);
if( $con->connect_error){
  die('Error: ' . $con->connect_error);
}

$sql = "SELECT * FROM users";

if( isset($_GET['btn']) ){
  $name = mysqli_real_escape_string($con, htmlspecialchars($_GET['search']));
   $sql =  "SELECT * FROM 'users' WHERE 'firstname' ='$name'";
}
$result = $con->query($sql);

?>
<!DOCTYPE html>
<html>
<head>
     <title>Find my search results</title>
<link href="css/templatemo-style.css" rel="stylesheet" />
 <link href="css/font-awesome.min.css" rel="stylesheet" />
<link href="css/font-awesome.css" rel="stylesheet" />
<link href="css/bootstrap.css" rel="stylesheet" />
 <link href="css/search-style.css" rel="stylesheet" />

</head>

<body>

  <h2>List of students</h2>

     <div class="search">

    <input type="text" class="searchTerm" placeholder="What are you looking for?">
    <button type="search" class="searchButton">
      <i class="fa fa-search"></i>
   </button>
 </div>
</div>
           <table class="table table-striped table-dark">
           <tr>
           <th>ID</th>
           <th>First_Name</th>
           <th>Address</th>
           <th>Count</th>
           </tr>

           <?php

            while($row = $result->fetch_assoc()){

               ?>
               <tr>
               <td><?php echo $row['ID']; ?></td>
               <td><?php echo $row['firstname']; ?></td>
               <td><?php echo $row['address']; ?></td>
               <td><?php echo $row['count']; ?></td>
               </tr>

               <?php
              }
               ?>
           </table>
           </div>


</body>
</html>

Upvotes: 0

Views: 176

Answers (1)

bertdida
bertdida

Reputation: 5288

There are some issues going on to your code.

  1. Your form. You forgot to wrap your inputs inside a form tag. You should also add a name="search" on your input, and type="search" on button doesn't make sense. Change your form to
<form>
    <input type="search" name="search" class="searchTerm" placeholder="What are you looking for?">
    <button type="submit" name="btn" class="searchButton">
        <i class="fa fa-search"></i>
    </button>
</form>

name attributes should match on your $_GET[name].

  1. Your search query. You should put single quotes on the value only, not on columns. Change your query to
$sql = "SELECT * FROM users WHERE firstname = '$name'";
  1. And most importantly, you are not using prepared statements and parameterized queries.What your are doing is vulnerable from SQL injection attack. Read more here ASAP.

Upvotes: 1

Related Questions