0

The code need to search for custumers and what they bought and etc, but we are curently at a standstill in this project. Any help or freindly comment will be nice.

Here is the code:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "garp";

$conn = new mysqli ($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$query = $_GET['query']; 

$min_length = 1;

if(strlen($query) >= $min_length){ 

    $query = htmlspecialchars($query); 

    $query = mysqli_real_escape_string($conn, $query);
    $raw_results = $conn->query ("SELECT OrderHuvud.Ordernummer ,OrderHuvud.OrderserieIK ,Orderkund ,Fakturakund ,Orderdatum ,Erreferens ,Levereratvarde ,Radnummer ,Artikelnr ,Benamning ,Leveranstid ,Ursprungligtantal ,Levereratantal ,Forspris ,Bruttopris ,Varukostnad FROM garp.OrderHuvud left join garp.OrderRad on OrderHuvud.Ordernummer = OrderRad.Ordernummer where OrderHuvud.OrderserieIK = 'K' and Orderkund = 'WHERE (`title` LIKE '%$query%')'
    ");

    $row_cnt = false === $raw_results ? 0 : $raw_results->num_rows;
    echo $row_cnt;

    if($row_cnt > 0){
        echo "asdasd";
        while($raw_results = mysqli_fetch_array($raw_results)){
            echo "<p><h3>".$raw_results['title']."</h3>".$raw_results['text']."</p>";
        }
    }
    else{         
        echo "No return";
    }
}
else{
    echo "Minimum length is ".$min_length;
}
?>
dferenc
  • 7,918
  • 12
  • 41
  • 49
Denka Domkraft
  • 9
  • 6

1 Answers1

0

Your SQL around...

Orderkund = 'WHERE (`title` LIKE '%$query%')'

would search for something like the literal 'WHERE (titleLIKE '%a%')' (which has nested quotes). You should probably have something like...

Orderkund LIKE '%$query%'

You should also be looking into prepared statements as this will make your site more secure and also stop problems when users enter something with a ' or other strange characters.

You would also benefit from enabling the error handling to show any errors - How to get MySQLi error information in different environments.

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55