PHP and Mysql creating a simple search bar

Question

I'm trying to make a simple search bar for my website using the following code, however whenever I run the program it keeps saying there are no results buy if i query it in Navicat it shows results.

<?php
include("config");
$query="select * from Books where Title like '%". $_POST['searchbar']."%' or Author like '%".$_POST['searchbar']."%'"; // create query using the $_GET 'id' sent
$result=mysql_query($query); //results from executing the mysql query
echo $query;
    if(!$result) // if not results
    {
    echo "No search results "; // print error
    }
    while($row=mysql_fetch_array($result)) // while there are results
    {
    echo 
    "<br>----------------------------------------------------------------------
    <br>Title:  ".$row['Title'].
    "<br>Author: ".$row['Author']. //print row price, name, author
    "<br>ISBN: ".$row['ISBN'].
    "<br>Condition: ".$row['BookCondition'].
    "<br>Price: ".$row['Price'].
    "<br>Sellers Username: ".$row['Uname'];
    echo"<br>";
    echo"----------------------------------------------------------------------";
    }
?>

If you can see any issues with my code help would be appreciated.

<?php
$host = '?'; //IP Address on domain name of the host for the database
$user ='?'; //the name of the user
$pass="?";//Our Password

//make the connection to the database
$con=mysql_connect($host,$user,$pass) or
die("Error connecting to Database");

$dbname = "?"; //we had a database name ?
mysql_select_db($dbname);
?>

[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Feb 18 '16 at 17:25
Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Feb 18 '16 at 17:26
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Feb 18 '16 at 17:26
Can you post the code of the form that you're using to submit the data? My guess is that `$_POST['searchbar']` might not be what you think it is. — Jay Blanchard, Feb 18 '16 at 17:27
Your comment (in code) sounds like your form is processing with `GET` not `POST`.. What does `$query` output as? — chris85, Feb 18 '16 at 17:28
That narrows down one possible issue. What does the query output as? Is `include("config");` correct, no extension? — chris85, Feb 18 '16 at 17:32
It looks like `include("config");` needs to be `include("config.php");`. Note the file extension. — Jay Blanchard, Feb 18 '16 at 17:37
so, how do we know this is failing or not `$_POST['searchbar']`. You've been asked to include your HTML form, but have not. Take it up with the answer given below then if you don't want to cooperate as per what was asked. People won't stay on this page forever or till you get back from "God knows where". Edit: *Isn't that right Sam?* @JayBlanchard — Funk Forty Niner, Feb 18 '16 at 18:43
*I, along with the OP, was gone a long time ago Ralph!* @Fred-ii- ¯\\_(ツ)_/¯ — Jay Blanchard, Feb 18 '16 at 18:45
*Yeah, I was here for a good time and not a long time, Sam* @JayBlanchard ;-) *au revoir!* — Funk Forty Niner, Feb 18 '16 at 18:46

PHP and Mysql creating a simple search bar

0 Answers0