0

I followed a tutorial on how to make a search bar functional and I am not seeing what I'm doing wrong. I am trying to give users the option to search for products. The end result is everything is being out-putted as 'Array'. The correct amount of search results show up.

My search bar is on my index page.

<form class="searchbar" action="/searchresults" method="POST">
                            <input class="inputsearchbar" type="text" 

    name="search" size="50">
                                <input class="searchButton" type="submit" value="Search" name="submit">
                            </label>    
                        </form>

I then have a page called searchresults.php where my results are outputted to. I'm pulling from my products table in my database.

I have this at the top of the file..

    if(!isset($_POST['search'])) {
    header("Location:index.php");
    die($e->getMessage());
}


$con = mysqli_connect("localhost", "root", "", "bfb"); 
$search_sql = "SELECT * FROM products WHERE name LIKE '%" . $_POST['search'] . "%' OR description LIKE '%" . $_POST['search'] . "%'";
$search_query=mysqli_query($con, $search_sql);

    if (mysqli_num_rows($search_query)!=0) {
    $search_rs=mysqli_fetch_assoc($search_query);
    }
?>

Followed by this in the body to output the results...

<h1>Search Results</h1>
<?php

    if(mysqli_num_rows($search_query)!=0) {
        do { ?>
        <p><?php echo $search_rs=['name']; ?></p>
        <p><?php echo $search_rs=['description']; ?></p>

    <?php       } while ($search_rs=mysqli_fetch_assoc($search_query));
        } else {
            echo"Sorry, no results were found. Please try again.";
        }
    ?>
   </div>

Why are all of my results displaying as 'Array' and how can I correct this?

user1516873
  • 5,060
  • 2
  • 37
  • 56
Paul
  • 3,348
  • 5
  • 32
  • 76
  • 1
    What's with the `=` in `$search_rs=['name']`? Also, you're code doesn't take into account being able to have multiple results? – Jonnix May 07 '15 at 15:46
  • 1
    [Your script is at risk for SQL Injection.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard May 07 '15 at 15:49
  • 2
    First time I've seen an inadvertent array assignment from PHP5.5 shorthand : `$search_rs=['name']` is literally `$search_rs = array('name')` ... hence you're getting *Array* as your output. – CD001 May 07 '15 at 15:50
  • @JonStirling how could I make this a procedural statement to prevent it from being at risk of an SQL injection? – Paul May 07 '15 at 15:55
  • @JayBlanchard I think that one is for you ^ – Jonnix May 07 '15 at 15:57
  • 1
    Read the link to the post I placed above and then learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) and consider using PDO, [it's not as hard as you think](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 07 '15 at 16:00
  • @JayBlanchard Thanks Jay. I'll check them out and also look over your article. – Paul May 07 '15 at 16:05
  • [Now this, is an explanation...](http://stackoverflow.com/questions/30105876/search-functionality-outputting-as-array/30105945#comment48323147_30105876) *isn't it Sam?* - @JayBlanchard as opposed to boohoo boy. – Funk Forty Niner May 07 '15 at 16:09
  • *It sure is Ralph*. Too bad that *some* just don't get it @Fred-ii- – Jay Blanchard May 07 '15 at 16:10

2 Answers2

4

take out the extraneous equal sign (=)

<?php echo $search_rs['name']; ?>
fbas
  • 1,676
  • 3
  • 16
  • 26
2

You have to use $_search_rs['name'] . Remove the extra '=' symbols.

Edit your PHP code as follows. 

<h1>Search Results</h1>
<?php

if(mysqli_num_rows($search_query)!=0) {
    do { ?>
   <p><?php echo $search_rs['name']; ?></p>
    <p><?php echo $search_rs['description']; ?></p>

<?php       } while ($search_rs=mysqli_fetch_assoc($search_query));
    } else {
        echo"Sorry, no results were found. Please try again.";
    }
?>

Sak90
  • 600
  • 6
  • 19