-1

I want my HTML code to include the php code being run from an external file. I keep getting error too many redirects and i do not know why. When running it without the include php code in the html file it works but i want php code to run below my html and css.

This is my HTML Code:

    <nav id="search">
         <form action="./results.php" method="get">
            <input type="text" name="q" id="search_bar" placeholder="" value="Search..." maxlength="30" autocomplete="off" onMouseDown="active();" onBlur="inactive();" />
            <input type="submit" id="search_button" value="Compare!" />
        </form>
    </nav>

    <section>

        <?php include("results.php");?>

    </section>

PHP Code for searchbar:

$conn = mysqli_connect("localhost", "root", "project", "videogames");

if(mysqli_connect_errno()){
    echo "failed to connect: " .mysqli_connect_error();
}

$output = '';

if(isset($_GET['q']) && $_GET['q'] !== ' '){
    $searchq = $_GET['q'];


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error());

    $c = mysqli_num_rows($q);
    if($c == 0){
        $output = 'No Search Results for <b>"' . $searchq . '"</b>';
    } else {
        while($row = mysqli_fetch_array($q)){
            $name = $row['name'];
            $image_path = $row['image_path'];
            $developer_name = $row['developer_name'];
            $platform = $row['platform'];
            $store = $row['store'];
            $price = $row['price'];

            $output .= '<br><table class="tg">
                        <tr>
                            <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th>
                            <th class="tg-031e" colspan="4">' . $name . '</th>
                            <th class="tg-031e" colspan="2">' . $platform . '</th>
                            </tr>
                            <tr>
                            <td class="tg-031e" colspan="4">' . $developer_name . '</td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            </tr>
                            <tr>
                            <td class="tg-031e" colspan="4">£' . $price . '</td>
                            <td class="tg-031e" colspan="2">' . $store . '</td>
                            </tr>
                             <tr>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e" colspan="2">Button</td>

                        </tr>
                        <br>
                        </table>';

        }
    }
} else {
    header("location: ./");
} 
print("$output");
mysqli_close($conn);
Mr_Ash
  • 1
  • 8
    Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 25 '17 at 14:31
  • That means you are redirecting forever, you do that at the `else{ header("Location: ./"); }`. The `if` statement gets to a state where it *always* returns false and goes to the `else`. – Nytrix Apr 25 '17 at 14:33
  • Only possible with SSI https://httpd.apache.org/docs/current/howto/ssi.html – JustOnUnderMillions Apr 25 '17 at 14:33
  • Just a note: You dont have a `html file` you have an `php file` thats only contains `html`. (if im wrong please show real filenames) So my last commtent makes no sense in relevance to the question. With SSI you can include stuff in a real html-file – JustOnUnderMillions Apr 25 '17 at 14:35
  • did you save the html with .php? – Rotimi Apr 25 '17 at 14:38

1 Answers1

0

You don't really need a header('Location: ...') in there.

Try it like this:

$conn = mysqli_connect("localhost", "root", "project", "videogames");

if(mysqli_connect_errno()){
    echo "failed to connect: " .mysqli_connect_error();
}

$output = '';

if(isset($_GET['q']) && $_GET['q'] !== ' '){
    $searchq = $_GET['q'];


    $q = mysqli_query($conn, "SELECT * FROM games WHERE name LIKE '%$searchq%'") or die(mysqli_error());

    $c = mysqli_num_rows($q);
    if($c == 0){
        $output = 'No Search Results for <b>"' . $searchq . '"</b>';
    } else {
        while($row = mysqli_fetch_array($q)){
            $name = $row['name'];
            $image_path = $row['image_path'];
            $developer_name = $row['developer_name'];
            $platform = $row['platform'];
            $store = $row['store'];
            $price = $row['price'];

            $output .= '<br><table class="tg">
                        <tr>
                            <th class="tg-031e colspan="4" rowspan="4"><img src= ' . $image_path . ' width=150 height=200/></th>
                            <th class="tg-031e" colspan="4">' . $name . '</th>
                            <th class="tg-031e" colspan="2">' . $platform . '</th>
                            </tr>
                            <tr>
                            <td class="tg-031e" colspan="4">' . $developer_name . '</td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            </tr>
                            <tr>
                            <td class="tg-031e" colspan="4">£' . $price . '</td>
                            <td class="tg-031e" colspan="2">' . $store . '</td>
                            </tr>
                             <tr>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e"></td>
                            <td class="tg-031e" colspan="2">Button</td>

                        </tr>
                        <br>
                        </table>';

        }

        echo $output;
    }

    mysqli_close($conn);
}

You're redirecting the browser when nothing has been searched yet; which means that it keeps redirecting, which results in a time-out.

Best of luck!

NOTE: Aside from that, please look at what Alex Howansky wrote in the comments. Your code isn't safe, security-wise.

Thoby
  • 316
  • 1
  • 6