1

I have developed a simple search page but I can't seem to get it to work. I'm faced with 2 problems, which I think are linked. When I go on the search form page, the error:

Notice: Undefined index: userlogged in header.php on line 36 Notice: Undefined index: adminlogged in header.php on line 59`

And when using the search form using valid test data, these errors are shown:

Notice: A session had already been started - ignoring session_start() in header.php on line 3 Notice: Undefined index: userlogged in header.php on line 36 Notice: Undefined index: adminlogged in header.php on line 59 mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in search.php on line 12

I wont post the header.php as I think it's because of the bind_result, however I'm not sure how I've done this wrong.

I have tried removing the session_start() from header.php so it's not included automatically, but that just throws this error:

Notice: Undefined variable: _SESSION in header.php on line 36 Notice: Undefined variable: _SESSION in header.php on line 59

Searchform.php

<?php

    ob_start();
    error_reporting(E_ALL);

?>

<br><br><br>

<?php

    ini_set('display_errors', -1);
    include 'header.php';
    include 'connection.php';

?>

<br /><br />

<html>
    <header>
        <link rel="stylesheet" type="text/css" href="web.css" />    
        <link rel="stylesheet" type="text/css" href="/web.css" />
    </header>
    <body>
        <center>
            <h2>Search for people</h2>
            <br />

            Please enter the name you wish to search for<br /><br />

            <form method="post" action="search.php" id="searchform">
                <input  type="text" name="name"> 
                <input  type="submit" name="searchsubmit" value="Submit"> 
            </form>

            <br /><br/>

            Or search people by category

        </center>                  
    </body>
</html>

Search.php

<?php

    if(isset($_POST['searchsubmit']))
    {
        include 'searchform.php';
        include 'header.php';

        $name = $_POST['name'];

        if ($stmt = $connection->prepare ("SELECT * FROM users WHERE Username = ?")) 
        {
            $stmt->bind_param('s', $name);
            $stmt->execute();
            $stmt->bind_result($personresult);
            $stmt->fetch();
            print_r($personresult);
        } 
        else
        { 
            echo "<p>Please enter a search query</p>"; 
        } 
    }
    else 
    {
         echo "NOT SET!";
    }

?>
ElChiniNet
  • 2,778
  • 2
  • 19
  • 27
Matt Murphy
  • 265
  • 2
  • 11
  • 1
    You have to start your session on every page. – Chris G Jan 05 '16 at 17:01
  • 2
    You can't have any output before session_start, meaning the three breaks has to come _after_ the include. – JimL Jan 05 '16 at 17:07
  • 1
    @ChrisG That's a misleading comment, because for each time the client requests from the server, yes, a session needs to be started each time. Though, you don't need to start it on each included script that you are using. – Jon Jan 05 '16 at 17:09

1 Answers1

2

Without knowing what the columns are in your database, I can only give a partial response to what you are doing wrong with the bind_result.

But before that, you are going to run in to an issue with sessions and your header stuff because you are showing all notices. I would suggest starting it on the requested pages rather than your includes. So right after you start the script, make the call to session_start() and don't make it anywhere else. Note that it must go before any output.

Now, for the bind_result. What the error message is telling you is that you are selecting more from your table than just one column. ie, you might be selecting a userid, uname, realname, etc. But when you bind the result, you are only giving it room for one of those. So a basic example to show you the relationship, I'll modify your select slightly:

$stmt = $connection->prepare ("SELECT userId, userName, realName FROM users WHERE Username = ?")

Then when you bind your result, you will want to do something like:

$stmt->bind_result($userId, $userName, $realName);

For each column you select in your statement, you need a variable to represent it within your bind_result call.

Jon
  • 4,746
  • 2
  • 24
  • 37
  • Thanks, this does solve the session error, however it's still displaying Notice: Undefined index: userlogged in header.php on line 36 Notice: Undefined index: adminlogged in, however logging into user and admin accounts work, so I don't get how these are undefined index's. – Matt Murphy Jan 05 '16 at 18:40
  • I will just double check my bind_result - thanks for the quick reply – Matt Murphy Jan 05 '16 at 18:40
  • 1
    @MattMurphy They are undefined, becuase they are destroyed/removed on loggout. Just add an `isset` to go with when checking to remove the notice for when someone isn't logged in. ^^ (if i read that you no longer get it when someone is logged in... otherwise, you don't set the correct session variables when they do. ^^) – Jon Jan 05 '16 at 18:41
  • Yes sweet I have just checked it and it works when I log in! Didn't try that stupidly haha! I will do an isset now, thankyou Jon I will select your answer :) – Matt Murphy Jan 05 '16 at 18:45
  • Awesome, glad the session stuff got worked out. Did the `bind_result` "info" (since I couldn't form it to your exact question without knowing the columns) solve the other issue? ^^ – Jon Jan 05 '16 at 18:49