0

The user suppose to input first name or last name into a search bar in a web-page and it suppose to list attributes from the table into the web-page. No matter what I type into the search bar, nothing is outputted. I followed this video on how to search in php. I tried looking at it over an hour but I can't find anything wrong. I get no error messages in my webpage. 

<?php
$serverName = 'localhost';
$userName = 'root';
$password = '';
$databaseName = 'project3';

$connection = mysqli_connect($serverName, $userName, $password, 
$databaseName);
if (!$connection) {
  die("Connection Failed: " . mysqli_connect_error());
  }
echo "Connected Successfully!! <br>";
$output = '';
if (isset($_Post['search'])) {
  $searchq = $_Post['search'];
  $searchq = preg_replace("#[^0-9a-z]#i", "", $searchq);

  $query = mysqli_query("SELECT * from employee WHERE fname LIKE 
  '%$searchq%' OR"
        . "lname LIKE '%$searchq%") or die("failed");
$count = mysqli_num_rows($query);
if ($count == 0) {
    $output = 'No search results';
} else {
    while ($row = mysqli_fetch_array($query)) {
        $firstname = $row['fname'];
        $lastname = $row['lname'];
        $id = $row['id'];
        $output .= '<div>' . $firstname . '' . $lname . '</div>';
        echo "hi";
    }
 }
}

?>

<!DOCTYPE html>

 <html>
<head>
    <meta charset="UTF-8">
    <title>Database Webpage</title>
<font color ="white">
<h1 style="background-color:black; text-align: center">Datebase Website</h1>

 <font color ="black">
</head>
 <body>

   <form action = "index.php" method = "POST">
      <input type = "text" name ="search" placeholder="Search"/>
      <input type= "submit" value = ">>"/>


     </form>

    <?php print("$output"); ?>
 </body>
 </html>
Brody Gore
  • 77
  • 2
  • 11
  • 1
    `$_Post` should be `$_POST` –  Nov 08 '18 at 21:21
  • also dangerously unnsecure dont use in real world. 6 years old, no programming tutorial so old is worth much, languages change constantly –  Nov 08 '18 at 21:23
  • 1
    https://stackoverflow.com/questions/33273941/php-case-sensitivity – Don't Panic Nov 08 '18 at 21:32
  • Do you see either of the "Connection Failed" or "Connected Successfully?" messages? If you don't, then `$_Post` instead of `$_POST` isn't the only problem. (If you do, it still may not be the only problem, but if you don't it definitely isn't.) – Don't Panic Nov 08 '18 at 21:36
  • I get the connection successful message. Now I get an error that sqli_query needs 2 parameters but only has one. The $_POST did solve my problem of not outputtint anything – Brody Gore Nov 08 '18 at 21:42
  • 1
    the video uses mysql, you just added an **i** and hope it would work - no –  Nov 08 '18 at 21:48
  • Removed the i and still doesnt work – Brody Gore Nov 08 '18 at 22:39

1 Answers1

2

The mysqli_query does need 2 parameters, as the PHP api shows with the procedural form that you have.

So, for that part, the call should look like this:

$query = mysqli_query($connection, "SELECT * from employee WHERE fname LIKE 
           '%$searchq%' OR"
    . "lname LIKE '%$searchq%") or die("failed");

However, there will be trouble with the query. Note this portion of the query:

           '%$searchq%' OR" <--- No space after the OR
    . "lname LIKE '%$searchq%")
       ^--- No space before lname

Either one of the those 2 areas needs a space.

That last part of the query string will ultimately look like this:

'%$searchq%' ORlname LIKE '%$searchq%
                             ^--- trouble (no space)       ^---and trouble here (missing a closing single quote)

Sometimes it is useful to set the query separately, so that you can echo it out to check that it is syntactically correct as far as spacing around keywords, columns, values, comma usage (when needed), proper quoting, etc.

Consider this difference:

$query = "SELECT * from employee WHERE fname LIKE '%$searchq%' OR "
       . "lname LIKE '%$searchq%'";
// query check (delete after validation, or comment-out)
echo $query;

$result = mysqli_query($connection, $query);
// I like to use $result, as the query call will return a result set with SELECT
// or false with failure. (though it can return true for other query types, see the api link)

It can also helpful to output the error as part of the die message:

if (!$result) { // Doh! something wrong...
  die('failed: ' . mysqli_error($connection));
} else {
  $count = mysqli_num_rows($result); // check the result count
  if ($count == 0) {
    $output = 'No search results';
  } else {
    while ($row = mysqli_fetch_array($result)) { // fetch a row
        $firstname = $row['fname'];
        $lastname = $row['lname'];
        $id = $row['id'];
        $output .= '<div>' . $firstname . '' . $lname . '</div>';
        echo "hi";
    }
  }
}

HTH

Paul T.
  • 4,703
  • 11
  • 25
  • 29