0

I'm trying to create a search box for my project. It's job is to take the input, look for the name, and if found, echo it. It doesn't work though. I've gone through tons of tutorials, and they all mostly do the same as me. I checked my error log and it seems the query is at fault.Help is appreciated. 

    <div class="subjectBox" style="margin-bottom: 5px;">Patients:</div>

  <?php

    include 'database.php';

    $search = $_POST['search'];

    if(isset($_POST['submit'])){
        if($search === ''){
          $message = "<div style='margin-bottom: 55px;' class='titleBox'>Please fill in all values.</div>";
        } elseif (!empty($search)) {
            $search = strtoupper($search);
            $search = strip_tags($search);
            $search = trim($search);

            $data = mysql_query("SELECT * FROM patient WHERE fname LIKE '%$search%'");

            while ($row = mysql_fetch_array($data)) {
                $message = "<div class='titleBox'>" . $row['fname'] . "</div>";
           }

          $matches = mysql_num_rows($data);

          if($matches === 0) {
            $message = "<div class='titleBox'>Sorry, but we can not find an entry to match your query.</div>";
          }
            $message1 = "<div class='titleBox'><b>Searched For:" . $search . "<b/></div>";
        }
      }

  ?>

 <form action="patient.php" method="post">

        <input type="text" class="subjectBox" autocomplete="off" name="search" placeholder="Enter a name to search..." style="margin: auto; display: block; margin-bottom: 5px; width: 595px;">
        <input type="submit" value="go." name="submit" class="titleBox" style="width: 595px; ">

              </form>

         <?php if(!empty($message1)): ?><p><?= $message1 ?></p><?php endif; ?>

         <?php if(!empty($message)): ?><p><?= $message ?></p><?php endif; ?>
Abdi Rahman Nur
  • 11
  • 2
  • You're overwriting `$message` every time through the `while()` loop. You probably should be concatenating instead of assigning. – Barmar May 23 '17 at 20:10
  • 1
    You should also stop using the `mysql` extension, and switch to PDO or `mysqli`, and use prepared statements to prevent SQL injection. – Barmar May 23 '17 at 20:11
  • You need to check the result of the query. `if (!$data) die(mysql_error());` to see the query error. – Barmar May 23 '17 at 20:14
  • Your PHP seems fine, and your query also looks good (albeit using `mysql_`). Perhaps this could be a typo? Are you sure you have a table called `patient` with a column called `fname`? – Obsidian Age May 23 '17 at 20:16
  • Here's the error: Fatal error: Uncaught Error: Call to undefined function mysql_query() in /Applications/MAMP/htdocs/htdocs/auth.dev/patient.php:92 Stack trace: #0 {main} thrown in /Applications/MAMP/htdocs/htdocs/auth.dev/patient.php on line 92. Line 92 is the query. – Abdi Rahman Nur May 23 '17 at 20:21
  • Are you running PHP 7? The `mysql` extension has been removed in this version, you have to convert your code to mysqli or PDO. – Barmar May 23 '17 at 20:35
  • Ohhhh. Thanks man. Yeah, that cleared up everything. – Abdi Rahman Nur May 23 '17 at 21:13

0 Answers0