make search with PHP and mysql

Question

I 'm going to make a simple search box, but my code is not running correctly, code here:

<?php
$db_host = 'localhost';
$db_name= 'site';
$db_table= 'tablesite';
$db_user = 'root';
$db_pass = '';


$con = mysql_connect($db_host,$db_user,$db_pass) or die("خطا در اتصال به پايگاه داده");
$selected=mysql_select_db($db_name, $con) or die("خطا در انتخاب پايگاه داده");
mysql_query("SET CHARACTER SET  utf8");
$dbresult=mysql_query("SELECT * FROM $db_table WHERE name LIKE '%".$_POST['search']."%' OR family LIKE '%".$_POST['search']."%'",$con);

?>



<form name="form1"  dir="rtl" method="post" action="">
<label for="search"> search </label>
<input name="search" type="text" size="40" maxlength="50">
<input type="submit" name="submit" value="search"/>

also my table is like this:

      CREATE TABLE tablesite (
            id_user INT NOT NULL AUTO_INCREMENT ,
            name VARCHAR( 128 ) NOT NULL ,
            family VARCHAR( 128 ) NOT NULL ,
            email VARCHAR( 64 ) NOT NULL ,
            phone_number VARCHAR( 16 ) NOT NULL ,
            job VARCHAR( 255 ) NOT NULL ,
            username VARCHAR( 16 ) NOT NULL ,
            password VARCHAR( 32 ) NOT NULL ,
            confirmcode VARCHAR(32) ,
            PRIMARY KEY ( id_user )
            )

the error is in this line:

 $dbresult=mysql_query("SELECT * FROM $db_table WHERE name LIKE '%".$_POST['search']."%' OR family LIKE '%".$_POST['search']."%'",$con);

the form fetch database and then looks for match cases if there is a same record. what I want is, it should search correctly and also show the message if there is not match cases, thanks...

note: خطا در اتصال به پایگاه داده means cant connect to db...

i have connected to db just the problem is fetching the data — sammy, Oct 18 '15 at 18:09
Take out all of the `
` at the top of the script, those aren't required. Then do `var_dump($dbresult)` after the query — Paul Stanley, Oct 18 '15 at 18:09
Please [don't use `mysql_*`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1); the `mysql_*` functions are outdated, [deprecated](http://us3.php.net/manual/en/intro.mysql.php), and insecure. Use [`MySQLi`](http://us3.php.net/manual/en/book.mysqli.php) or [`PDO`](http://us3.php.net/manual/en/intro.pdo.php) instead. Also, you are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). — elixenide, Oct 18 '15 at 18:16
@octopi what is var_dump, i used it, the result is: resource(4, mysql result) — sammy, Oct 18 '15 at 18:34

score 2 · Accepted Answer · answered Oct 18 '15 at 18:39

2

To get your code working, you need to fetch from your database. I got you to do the var_dump() check to make sure it was working up to the point.

I have added a while loop to your code to go over the results you have if the query worked.

<?php
$db_host = 'localhost';
$db_name= 'site';
$db_table= 'tablesite';
$db_user = 'root';
$db_pass = '';


$con = mysql_connect($db_host,$db_user,$db_pass) or die("خطا در اتصال به پايگاه داده");
$selected=mysql_select_db($db_name, $con) or die("خطا در انتخاب پايگاه داده");
mysql_query("SET CHARACTER SET  utf8");
$dbresult=mysql_query("SELECT * FROM $db_table WHERE name LIKE '%".$_POST['search']."%' OR family LIKE '%".$_POST['search']."%'",$con);

while ($row = mysql_fetch_array($dbresult, MYSQL_ASSOC)) {
    printf("Name: %s  Family: %s<br>", $row["name"], $row["family"]);
}

?>



<form name="form1"  dir="rtl" method="post" action="">
<label for="search"> search </label>
<input name="search" type="text" size="40" maxlength="50">
<input type="submit" name="submit" value="search"/>

You should use either php extension mysqli or PDO in future as mysql has been deprecated. It doesn't use prepared statements for example.

answered Oct 18 '15 at 18:39

Paul Stanley

4,018
6
35
56

well it working, but two problems. 1: all records are showing up when i open my page.php but no problem when i search, 2: there is a notice: Notice: Undefined index: search in C:\wamp\www\khebre\search.php on line 22 – sammy Oct 18 '15 at 18:58
this is line 22: $dbresult=mysql_query("SELECT * FROM $db_table WHERE name LIKE '%".$_POST['search']."%' OR family LIKE '%".$_POST['search']."%'",$con); – sammy Oct 18 '15 at 19:00
ok i solved this problem, i moved the db to another page, thank u bro, u made my day :) – sammy Oct 18 '15 at 19:04
Sorry, I missed all of that. Glad I can help, now you're familiar with fetching, check out mysqli and PDO. – Paul Stanley Oct 18 '15 at 19:06
ok bro, do you know how i can fill the the box with a sentence, like "you can search" and when i click on the text box, the text clear. like stack over flow search box – sammy Oct 18 '15 at 19:13
So in your textbox: `` – Paul Stanley Oct 18 '15 at 19:24

make search with PHP and mysql

1 Answers1