1

I had set a search button in my website. It works fine if there's a result but if there's none, it doesn't show the "no results.....".

What's wrong with my code?

<html !DOCTYPE HTML>
    <body>
<?php
    $title = "DenTEETH";
    include('header.html');
    //connect to database
    $db = mysqli_connect("127.0.0.1", "root", "", "authentication");


    if(isset($_GET['q']) && $_GET['q'] !== '')
    {
        $searchq = $_GET['q'];
        $sql = "SELECT * FROM search WHERE keyword LIKE '%$searchq%' OR title LIKE '%$searchq%'";
        $output='';
        $results = mysqli_query($db, $sql);

        if (count($results) == 0){
            $output .= 'No search results for <b>"' . $searchq . '"</b>';
        }
        else{
            while ($row = mysqli_fetch_array($results)){
                $id = $row['search_id'];
                $title = $row['title'];
                $desc = $row['description'];
                $link = $row['link'];
                $img = '<img src="images/thumbnail/'.$row['search_id'].'.jpg" class="thumbnail">';

                $output .= '<div class="search_thumb">
                            <p class="search_cap"><a href="' . $link . '">' . $img . '<h3>' . $title . '</h3></a>' . $desc .
                            '<div class="clear"></div></p></div>';
            }
        }
    }
    else{
        header("location: ./");
    }
    print($output);
?>

<div class="row">

   </div>
<?php
        include('footer.html');

    ?>

</body>
</html>
halfer
  • 19,824
  • 17
  • 99
  • 186
xhei
  • 27
  • 1
  • 7
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Jun 05 '17 at 02:43
  • You can't use count() here. You have to use mysqli_num_rows() – John Conde Jun 05 '17 at 02:44

1 Answers1

-1

Use mysqli_num_rows() try this

<html !DOCTYPE HTML>
    <body>
<?php
    $title = "DenTEETH";
    include('header.html');
    //connect to database
    $db = mysqli_connect("127.0.0.1", "root", "", "authentication");


    if(isset($_GET['q']) && $_GET['q'] !== '')
    {
        $searchq = $_GET['q'];
        $sql = "SELECT * FROM search WHERE keyword LIKE '%$searchq%' OR title LIKE '%$searchq%'";
        $output='';
        $results = mysqli_query($db, $sql);

        if (mysqli_num_rows($results ) == 0){
            $output .= 'No search results for <b>"' . $searchq . '"</b>';
        }
        else{
            while ($row = mysqli_fetch_array($results)){
                $id = $row['search_id'];
                $title = $row['title'];
                $desc = $row['description'];
                $link = $row['link'];
                $img = '<img src="images/thumbnail/'.$row['search_id'].'.jpg" class="thumbnail">';

                $output .= '<div class="search_thumb">
                            <p class="search_cap"><a href="' . $link . '">' . $img . '<h3>' . $title . '</h3></a>' . $desc .
                            '<div class="clear"></div></p></div>';
            }
        }
    }
    else{
        header("location: ./");
    }
    print($output);
?>

<div class="row">

   </div>
<?php
        include('footer.html');

    ?>

</body>
</html>
Khetesh kumawat
  • 681
  • 7
  • 15