PDO/OOP Search Engine php

Question

I can't seem to place what is wrong in the code :

This is where the function takes place and execute. this is from a different file

public function search($title, $table)
    {

        $q = "SELECT * FROM $table WHERE (':title' LIKE '%".$title."%')";
        $stmt = $this->con->prepare($q);
        $stmt->execute(array(':title' => $title));
        $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
        return $result;
    }

This part should check and results. different file again

 if(isset($_POST['submit'])){
     $search = $_POST['search'];   
     $min_length = 2;

    if(strlen($search) >= $min_length){

        $search = htmlspecialchars($search); 
        $results = $code->search($title, "book_info"); //the error is here*

        if(mysql_num_rows($results) > 0){ // the error is here too**

            while($results != $code->fetchAll()){
            echo "<table id=\"tablecolor\" class=\"echoname\" >";
            echo "<th><b>ID</b></th>";
            echo "<th><b>Title</b></th>";
            echo "<th><b>Author</b></th>";
            echo "<th><b>ISBN</b></th>";
            echo "<th><b>Publisher</b></th>";
            echo "<th><b>Language</b></th>";
            echo "<th><b>Genre</b></th>";
            echo "<th><b>Quantity</b></th>";
            echo "<pre>";  
                    echo "<tr>";
                    echo "<td>".$id."</td>";
                    echo "<td>".$title."</td>";
                    echo "<td>".$author."</td>";
                    echo "<td>".$isbn."</td>";
                    echo "<td>".$publisher."</td>";
                    echo "<td>".$language."</td>";
                    echo "<td>".$genre."</td>";
                    echo "<td><center>".$quantity."</center></td>";
                    echo "</tr>";    
            echo "</pre>";
            echo "</table>";

            }

        }
        else{ 
            echo "No results";
        }

    }
    else{ 
        echo "Minimum length is ".$min_length;
    }
}

This is the error when executed

*Notice: Undefined variable: title in C:\wamp\www\unitato\web\user\user-search1.php on line 16
**Warning: mysql_num_rows() expects parameter 1 to be resource, array given in C:\wamp\www\unitato\web\user\user-search1.php on line 18

I want to know how to fix this error.

Where do you think `$title` is coming from? It does not exist, as the error message is saying. Why are you using mysql_ functions on a PDO result? — deceze, Mar 19 '14 at 10:42
ohh yeah sorry i didnt realize that. and what is wrong with using msql_ functions on a PDO result? — user3406220, Mar 19 '14 at 10:44
mysql_ functions only work on values/variables produced by mysql_ functions. PDO is a completely different API. — deceze, Mar 19 '14 at 10:45
okay... Ill study on those stuffs. I still don't know what their relationship is. Thank You for telling me sir — user3406220, Mar 19 '14 at 10:47
ohh that is soo cool .. thank you for this sir. you have given me ideas. :) — user3406220, Mar 19 '14 at 10:52

samayo · Accepted Answer · 2014-03-19T10:50:32.683

You are doing two things wrong:

First: You are trying to use mysql_fetch_rows() when you are using PDO. One is for mysql other is for PDO. So, They are two completely different constructs, so don't mix them up.
Second: You are assuming all SELECT statement is going to return some value, by simply doing fetchAll afterwards.

*What if the query was not successful ? How can fetchAll() get you anything?

If you want to check your SELECT statement is returning any value you can do this from the function using rowCount() method.

public function search($title, $table)
{
        try{
        $q = "SELECT * FROM $table WHERE title LIKE ?";
        $stmt = $this->con->prepare($q);
        $stmt->execute(array("%$title%");
        }catch(PDOException $e){
         throw new Exception("ERROR:". $e->getMessage()); 
        }
        if(!$stmt->rowCount()){
          return false; #this will return false if data isn't found. 
        }
        $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
        return $result;
}

Or instead of mysql_fetch_rows outside you function you can check do:

$results = $code->search($title, "book_info");
if($result){
 //query is ok
}

Thank You sir. It works but it wont display results.. I guess the problem is on my database. I can handle it from here.. Thank You very much. :D (y) — user3406220, Mar 19 '14 at 10:50
I have edited the answer. Check the script again. It is likely that you are asking mysql to give you a data that does not exist. — samayo, Mar 19 '14 at 10:52
Yeah.. it is fine now.. my database is empty.. i didnt realize. Thank you again sir. :) — user3406220, Mar 19 '14 at 10:58

score 0 · Answer 2 · answered Mar 19 '14 at 10:52

0

a proper version

public function search($title)
{
    $q = "SELECT * FROM table WHERE title LIKE ?";
    $stmt = $this->con->prepare($q);
    $stmt->execute(array("%$title%"));
    return $stmt->fetchAll(PDO::FETCH_ASSOC);
}

Note that table and field name are hardcoded in the query as they should be.

answered Mar 19 '14 at 10:52

Your Common Sense

156,878
40
214
345

Btw: I think you are wrong in assuming that table/field names should be hard coded. Where did you ever read that from ? – samayo Mar 19 '14 at 11:00

score -1 · Answer 3 · answered Mar 19 '14 at 10:50

try this code

public function search($title, $table)
{

    $q = "SELECT * FROM $table WHERE title LIKE '%:title%'";
    $stmt = $this->con->prepare($q);
    $stmt->execute(array(':title' => $title));
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    return $result;
}

PDO/OOP Search Engine php

3 Answers3