My PHP search displays ALL entries on database even if only one is correct

Question

Im a PHP newbie. I am creating a jobs website and my search function tells me when there is no result but if there is, it displays ALL the jobs I have entered on the database. Please assist, I have tried everything.

here is my code:

 <?php


    if(isset($_POST['submit']))
   {

      $search = $_POST['keyword'];

      $query = "SELECT * FROM jobs WHERE job_tags LIKE '%$search%'";
      $search_query = mysqli_query($connection, $query);

      if(!$search_query) {
        die ("query failed" . mysqli_error($connection));
      }

      $count = mysqli_num_rows($search_query);
    if($count == 0){
        echo "<h3> NO RESULT</h3>";
    }else{

    $query = "SELECT * FROM jobs"; 
    $job_display = mysqli_query($connection, $query);

    while($row = mysqli_fetch_assoc($job_display)){
        $job_title = $row['job_title'];
        $employer = $row['employer'];
        $job_date = $row['job_date'];
        $job_logo = $row['job_logo'];
        $job_desc = $row['job_desc'];

?>
<div class="row">
    <div>



                <div class="media img-responsive">
                    <div class="media-left media-middle">

                        <a href="#">
                        <img class="media-object" src="images/<?php echo $job_logo; ?>" class="img-responsive" alt="Absa Insurance Logo">
                        </a>
                     </div>
                        <div class="media-body">
                        <h4 class="media-heading"><span class="job-tittle"><?php echo "{$job_title}";?> </span>(<i class="glyphicon glyphicon-map-marker"> </i>Gauteng, <span class="type blue"> Short-Term Insurance</span>)</h4>
                        <P>
                        <?php echo $job_desc;?>  
                        ...<a href="details.html"> <i class="glyphicon glyphicon-plus"> </i> Read More</a></P>

                    </div>

                        <div class=" media-right media-middle job-location">

                       <p> <?php echo $job_date;?> </p>

                        </div>
                </div>
    </div>
</div>

                        <?php } 

                                    }
                            }

?>

here is the Form

 <form class=" form-inline" action="search.php" method="post">
                            <div class="form-group">
                                <input type="text" name="keyword" class="form-control" placeholder="Job Key Word">
                            </div>
                            </form>

Please let me know if you need more information.

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Sep 27 '16 at 18:37
"if a filtered result is found, search again for EVERYTHING" - that's basically what you're doing. — Marc B, Sep 27 '16 at 18:40

score 0 · Answer 1 · answered Sep 27 '16 at 18:33

0

you need to remove this line or just filter here

$query = "SELECT * FROM jobs";

answered Sep 27 '16 at 18:33

Revo Burisan

15
10

score 0 · Answer 2 · answered Sep 27 '16 at 18:36

In first query You are looking for only selected records

$query = "SELECT * FROM jobs WHERE job_tags LIKE '%$search%'";
                            $search_query = mysqli_query($connection, $query);

If it find something You search one more time with

$query = "SELECT * FROM jobs";

You don't put WHERE in this query.

My PHP search displays ALL entries on database even if only one is correct

2 Answers2