PHP search engine isn't working

Question

I recently made a php function , but it isn't working like I want.
This is my code:

<div class="pageContent">
<?php

    getComments($conn);

    function getComments($conn){

        $searchFor = $_POST['keyword'];

        $sql = "SELECT adds.* FROM keywords JOIN adds on keywords.productID = adds.id and keywords.keyword LIKE '%".$searchFor."%'";
        $result = $conn->query($sql);
        while ($row = $result->fetch_assoc()) {

            echo "<div class='add'>
                <img src='uploads/".$row['imgURL']."'>
                <div>
                    <h1><a>".$row['name']."</a></h1>
                    <p>".$row['descr']."</p>
                </div>
            </div>";

        }
    }

?>
<br />

And the ($conn)

$conn = mysqli_connect("localhost", "root", "", "stp2");

if (!$conn) {

    die("Connection failed: ".mysqli_connect_error);

}

When there are normal 2 different results the function is just showing 2 times the same result.

I hope that you guys can help me.

[Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` — GrumpyCrouton, Nov 16 '17 at 14:00

score 0 · Answer 1 · answered Nov 16 '17 at 14:06

0

If you are getting duplicate results you may want to group them by the ID of the 'adds' table using GROUP BY. This would get rid of multiple copies of the same row from that table

answered Nov 16 '17 at 14:06

Iain Wood

21
1
5

PHP search engine isn't working

1 Answers1