0

I try to create a simple search engine on PHP, which connect to the database and search a string from a table attribute. And based on the keyword, the search results will display the table rows which have the same keyword string. I'm using PHP version 5.6.21

search.php

<html>
<body>
 <form action="" method="get"><center>
 Search: <input type="text" name="search" placeholder="Enter any keywords" /><br><br>
      <input type="submit" name="submit" value="Submit" />
   <center>
    </form>
    <hr>
<?php

$hostid= 'localhost';
$user='root';
$pass='';
$db= 'projectdata';
mysqli_connect($hostid, $user, $pass);
mysql_select_db($db);


 if(isset($_GET['submit'])){
  
    $search_value=$_GET['search'];
    $query="SELECT * FROM Book where title LIKE '%$search_value%'";
    
    $run=mysql_query($query);
    
    if($run===FALSE){
     die(mysql_error());
    }
    while ($row=mysql_fetch_array($run))
    {
     $book_id=$row['book_id'];
     $title=$row['title'];
     $date_purchased=$row['date_purchased'];
     $loan_status=$row['loan_status'];
     echo "<table><tr><th>Book ID</th><th>Title</th><th>Date Purchased</th><th>Loan Status</th>";
     echo "<tr><td>$book_id</td><td>$title</td><td>$date_purchased</td><td>$loan_status</td></tr>";
    }
   }
?>
</body>
</html>

How ever, it didn't return anything and there is no errors. Below is projectdata.php

<?php


   $hostid= 'localhost';          
   $user='root';
   $pass='';
   $db= 'projectdata';
   $link = mysqli_connect($hostid, $user, $pass, $db);
   if (!$link) {
   die('Connect Error (' .mysqli_connect_errno(). ') '     .mysqli_connect_error());
   }
   echo 'Success... ' .mysqli_get_host_info($link). "\n";

    $query8 = "CREATE TABLE Book(book_id int, title varchar(100), date_purchased     TIMESTAMP, loan_status varchar(10))";
   $query9 = "INSERT INTO Book VALUES(1023, 'The Prisoner of Zenda', '2008-7-04', 'Available'),
                                 (2311, 'Rupert of Hentzau','2001-7-10', 'Available'),
                                 (7854, 'Management of Information System', '2010-6-14', 'Available'),
                                 (4507, 'Introduction to C++', '2012-1-19', 'Available'),
                                 (5319, 'Computer Networking 13th Edition', '2013-5-29', 'Available'),
                                 (3076, 'Introduction to Web Programming', '2008-4-26', 'Available'),
                                 (6901, 'Foundation of Quantum Mechanics', '2008-7-04', 'Available')";


  if (mysqli_query($link,$query8) ===TRUE)
 {
   echo ("Table Book successfully created.<br>");
   }


  if (mysqli_query($link,$query9) ===TRUE)
 {
   echo ("Values have been inserted into Book.<br><br>");
   }

 mysqli_close($link);

?>
chris85
  • 23,846
  • 7
  • 34
  • 51
Helmi
  • 13
  • 3
  • 3
    Your code is wide open to [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Machavity Jun 01 '16 at 19:58
  • 1
    `mysql_select_db` doesn't work with `mysqli`. Your swapping `mysqli` and `mysql_` all over the places, and as noted are open to SQL injections. – chris85 Jun 01 '16 at 19:58
  • 1
    ^nor does `mysql_query` or `mysql_fetch_array` or `mysql_error`. OP, you gotta stay consistent. `mysql_*` or `mysqli_*` (obviously stick with `mysqli`) – mferly Jun 01 '16 at 19:59
  • There is **no more support** for `mysql_*` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and were [**removed in PHP 7**](http://php.net/manual/en/function.mysql-connect.php#warning). You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) to ensure the functionality of your project in the future. – rrauenza Jun 01 '16 at 20:03
  • okay, problem solved. I just need to change to mysqli_ , instead mysql_ . Thanks! This is my last project and next project I'm using PDO – Helmi Jun 01 '16 at 20:16
  • @Marcus: Wouldn't your statement qualify for an answer which Helmi then could flag accordingly? – EagleRainbow Jun 01 '16 at 20:56

0 Answers0