PHP Search is not working

Question

I don't understand what's the problem with the code. It is supposed to work. There is data in table but the search is still not producing any results. The Search bar remaining still and no changes before or, after entering any data in the search bar.

Here is the code :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Search Example</title>
</head>

<body>
<form action="index.php" method="post">
<input type="text"  name="search" placeholder="Search" />
<input type="submit" value="submit" /> 
</form>

<?php
  $con = mysqli_connect("localhost","root","") or die("Could not connect");
  mysqli_select_db($con ,"project") or die(mysqli_error());

if(isset($_POST['search']))
{
  $search =$_POST['search']; // searchq contains characters which is typed 
  in the search
  $search = preg_replace("#[^0-9a-z]#i","",$search); //filtering the 
  conditions */
  $query = mysqli_query($con, "SELECT * FROM admin WHERE name LIKE 
 '%$search%'");

  //most important condition line for the search
  $count = mysqli_num_rows($query); // To count the selected Rows 
  if($count==0)
  {
        echo"<h2>"."No Data Found"."</h2>";
    }
 else
 {
   while($row = mysqli_fetch_array($query))
 {

 echo "<tr>".
   "<td>".$row['username'] ."</td>".
   "<td>".$row['password'] ."</td>".
     "</tr>";
 }

 }
 }
  ?>

 </body>
 </html>

Database name is project and table name is admin with Id, username and password as columns.

You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare) and [`mysqli_stmt::bind_param()`](http://php.net/mysqli-stmt.bind-param). — Qirel, Sep 17 '17 at 11:39
Are you actually storing plain-text passwords? *And displaying them?* — David, Sep 17 '17 at 11:42
As for the problem itself... Where specifically does it fail? Add some debugging output to your code and see what's happening. Is the POST value received at all? Is the SQL query what you expect it to be? Are there any errors from MySQL? — David, Sep 17 '17 at 11:43
Try moving your php code to the top of your page, i.e; before opening Doc tag. — Ayan, Sep 17 '17 at 11:46
Project database was actually created for another project. But i used the same database in this demo search project in order to save my database creating time. admin table holds the data of the main login page of my previous project and password was stored as plain text. I am not so good with debugging I would appreciate if you would help me with that. @David — Lekhraj Prince, Sep 17 '17 at 11:54
@Qirtel Dude, You talk like pro. I barely understood what you said. — Lekhraj Prince, Sep 17 '17 at 11:56
@LekhrajPrince: In this case debugging could be as simple as echoing useful values from the code and then seeing them in the resulting HTML. Every time the code does anything, echo some indication of success. This will tell you how far the code gets, what the runtime values are that you're echoing, etc. — David, Sep 17 '17 at 11:56
@Lekhraj Prince, check your comment after the first if loop. Your comment went into the second line and maybe that's the reason your code is not working. See the portion `in the search` — Ayan, Sep 17 '17 at 11:56
Then you have a multiline comment closing tag in the line where you have preg_replace — Ayan, Sep 17 '17 at 11:59
@David I am definitely going to try your method now. It's the best recommendation so far. — Lekhraj Prince, Sep 17 '17 at 12:07
@Ayan that's a mistake in asking this question. Comment is fine and clear in Macromedia Dreamweaver. By the way nice observation. — Lekhraj Prince, Sep 17 '17 at 12:08
oh Shit! Extremely Sorry guyz. I had opened the same file from wrong location. I had copied it to htdocs and I was modifying the file on desktop and thanks to @David debugging solution I came to know this. Thank you all brilliant coders for helping :) I am extremely happy. — Lekhraj Prince, Sep 17 '17 at 12:18

Anil Shrestha · Answer 1 · 2017-09-17T11:51:23.963

0

Use like this

$query = mysqli_query($con, "SELECT * FROM `admin` WHERE `username` LIKE 
  '%{$search}%'");

edited Sep 17 '17 at 11:51

answered Sep 17 '17 at 11:43

Anil Shrestha

1,180
11
16

You should check where username like not name like – Anil Shrestha Sep 17 '17 at 11:51
Did you try username – Anil Shrestha Sep 17 '17 at 11:53
yes, thanks. I modified it to username. But Sadly it is still not working. – Lekhraj Prince Sep 17 '17 at 11:58
What exactly is the error. Or it's not retrieving data or search result – Anil Shrestha Sep 17 '17 at 13:13
The problem has been resolved. Sorry for that. I was editing other file and opened other file. Thanks for solution. – Lekhraj Prince Sep 17 '17 at 15:27

score 0 · Answer 2 · answered Sep 17 '17 at 11:59

Do it like this:

$query = mysqli_query($con, "SELECT * FROM admin WHERE name LIKE '%{$search}%'");

By surrounding variable in {} you can specify that only $title is a variable and the double-quote string will ensure that this variable gets expanded to its value.

PHP Search is not working

2 Answers2