0
if(isset($_POST['id']))
{
     // id to search
     $id = $_POST['id'];

     // Fetch Data From DataBase
     $sql ="SELECT * , DATE_FORMAT(birthdate, '%d/%m/%Y') AS birthdate FROM `personal_info`  WHERE `personal_id_number` = $id ORDER BY birthdate DESC";

     $result = $conn -> query($sql);

     if ($result -> num_rows <> 0) {
         while ( $row = $result -> fetch_assoc() ) {
             echo "<tr><td>" . $row["person_name"]
                  . "</td><td>". $row["personal_id_number"]
                  . "</td><td>". $row["birthday"]
                  . "</td><td>" . $row["adress"]
                  . "</td><td>" . $row["phone_number"]
                  . "</td><td>" . $row["email"]
                  . "</td><td colspan='3' class='more fit'>"
                  . $row["more_info"]
                  . "</td></tr>";
          }
     }

This search field is doing his job only if search criteria is some field in database that have numbers, like "personal_id_number" and "phone_number".

Otherwise, If I put "personal_name_ as a search criteria, I would get an error "Notice: Trying to get property 'num_rows' of non-object ".

adprocas
  • 1,863
  • 1
  • 14
  • 31
Ovakos
  • 15
  • 1
  • 5
  • 4
    Because you haven't quoted `$id` -- but don't do that. Instead, use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Apr 17 '18 at 17:06
  • Yes, I will do it via prepared statements, but only for a test I put quotes on $ID but it still doesn't work, sir. – Ovakos Apr 17 '18 at 17:17
  • 1
    You need to verify that `$result` contains what you think it contains. Check the docs for the `query()` method to see what possible return values it has. – Alex Howansky Apr 17 '18 at 17:27
  • It is still requiring me to fetch a string, even if I change how to fetch. Where am I wrong? – Ovakos Apr 21 '18 at 14:59

0 Answers0