Preparing search using like % and for each in php

Question

My code is posting the entire table. Instead, it should only post the selected like term..... $param="%{$_POST['search']}%";.

Sources: I mostly used these two articles to get my code: Display a table in a foreach loop with database values & php mysqli prepared statement LIKE

<table border="2" class="table-responsive" id="employee_table">
<tr>
<th>ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Position</th>
<th>Date</th>
<th>Update</th>
</tr>

<?php 
if(isset($_POST['search'])) {
echo "Search Successful!";

 $stmt = $con->prepare("SELECT * FROM employees WHERE first_name LIKE ? OR last_name LIKE ?"); 
$param='%'.$_POST['search'].'%';
$stmt->bind_param('ss', $param, $param);
$stmt->execute();


$result = $stmt->get_result();
$i = 0;
while ($row = $result->fetch_array(MYSQLI_NUM)) {
  foreach ($row as $r) {
      $i++;
    echo '<td> '.$r.'</td>';
 if($i % 6==0){
      echo '</tr><tr>';
   }}}
}
?>
</tr>
</table>

score 0 · Accepted Answer · answered Mar 06 '18 at 12:11

0

First you have to change your query to search in first_name or last_name (your original query would return all rows where first_name evaluates to true - essentialy any non empty string). Then you have to bind the parameter twice:

$stmt = $con->prepare("SELECT * FROM employees WHERE first_name LIKE ? OR last_name LIKE ?"); 
$param='%'.$_POST['search'].'%';
$stmt->bind_param('ss', $param, $param);

answered Mar 06 '18 at 12:11

Jirka Hrazdil

3,983
1
14
17

Yeah you are right, thanks. I made the changes. But for some reason, it still posts the entire table. – user9449525 Mar 06 '18 at 12:16
It should not - unless you enter search criteria that matches all the rows in the table. – Jirka Hrazdil Mar 06 '18 at 12:24
Ok. I made one minor adjustment (on my index page) and it worked. Thanks for your help! Marked as solution. – user9449525 Mar 06 '18 at 12:35

Preparing search using like % and for each in php

1 Answers1