0

I've made a search function in PHP which pretty much gives me information from my database when I search for the same word. So if I type the word 'mouse' in my search bar it gives me all the results with the word 'mouse' from my database. The problem is... it doesn't give me all the results with the word 'mouse'. It only gives me 1 result. Here is my code:

if(isset($_POST["searchbutton"])){
$query = $_POST['search'];

mysql_connect("localhost", "root", "") or die("Error connecting to database: ".mysql_error());
mysql_select_db("reserveringssysteem") or die(mysql_error());


    $raw_results = mysql_query("SELECT * FROM users
        WHERE (`Voornaam` LIKE '%".$query."%') OR (`Achternaam` LIKE '%".$query."%') OR ('Email' LIKE '%".$query."%')") or die(mysql_error());



    if(mysql_num_rows($raw_results) > 0){

        while($results = mysql_fetch_array($raw_results)){

            $message4 = "<p><b>".$results['Voornaam']." ".$results['Achternaam']."</b><br>".$results['Email']."</p>";
        }

    }
    else{
        $message4 = "No results";
    }

}

And this is the code that's in my HTML:

<?php if($message4) { ?>
            <p><?= $message4; ?></p>
        <?php } ?>

Anyone know what I did wrong?

Max
  • 45
  • 3
  • 10
  • 1
    `$message4 = ''; while($results = mysql_fetch_array($raw_results)){ $message4 .= "

    ".$results['Voornaam']." ".$results['Achternaam']."
    ".$results['Email']."

    "; }`     – Mark Baker Jan 26 '15 at 15:52
  • See : http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php on why not to use `mysql_*` functions – CD001 Jan 26 '15 at 15:54
  • `$message4 = ` will just OVERWRITE the previously fetched message. you probably want `$message4 .=` which will concatenate the new result with the previous ones. – Marc B Jan 26 '15 at 15:55
  • 1
    You are injecting raw user input into your SQL, which forms a SQL injection vulnerability - don't put this live until you've fixed it. – halfer Jan 26 '15 at 15:57
  • 1
    _Please_, ***Stop using the deprecated `mysql` extension***, [read **the read warning box**](http://php.net/mysql_query) on top of *every `mysql_*` man page*. Learn to use (and love) `PDO` or `mysqli_*` instead (the `i` in `mysqli` stands for _improved_, that should give you a clue). `PDO` is more widespread and offers a cleaner API. `mysqli` is slightly more powerful, but its api is a right mess – Elias Van Ootegem Jan 26 '15 at 16:00

2 Answers2

1

Change this:

if(mysql_num_rows($raw_results) > 0){

    while($results = mysql_fetch_array($raw_results)){

        $message4[] = "<p><b>".$results['Voornaam']." ".$results['Achternaam']."</b><br>".$results['Email']."</p>";
    }

}

And this:

<?php foreach($message4 as $m) { ?>
    <p><?= $m; ?></p>
<?php } ?>
Alex M.
  • 635
  • 1
  • 6
  • 19
1

Use array.

$message = array();

while($results = mysql_fetch_array($raw_results)){
    $message[] = "<p><b>".$results['Voornaam']." ".$results['Achternaam']."</b><br>".$results['Email']."</p>";
}
...

foreach ($message as $m) {
    echo $m . '<br>';
}
pavel
  • 26,538
  • 10
  • 45
  • 61