I need help, i'm either blind or stupid. PHP Search form

Question

I haven't done this type of work in a long time, i'm sort of rusty still and really tired.

So here goes nothing, I have 2 search.php one for client side and one for server side. Im also using link.php to handle the mysql request. If there could be a kind soul to look over this mess would be great.

Notice: Undefined variable: id in C:\dummy\htdocs\connection\search.php on line 5

Notice: Undefined variable: upc in C:\dummy\htdocs\connection\search.php on line 7

Notice: Undefined variable: row in C:\dummy\htdocs\connection\search.php on line 28

Mysql connection(connection/link.php)

<?php
include 'config.php';

 $link = mysqli_connect($host, $user, $password, $db);
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}
?>

client side search.php(public_Html/search.php)

<!DOCTYPE html>
<html lang="en">
<?php include 'connection/link.php'; ?>
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">

    <title>Inventory</title>
    <style>
    .redrum {
        transform: translate(-50%, -50%);top:50%;left: 61%;position: absolute;right: 0;bottom: 0;
    }
    </style>
</head>
<body>
<h1><img src="" width="80px">8Ballshop Products</h1>
<div class="container">
    <form style="height:40px" action="" method="GET">
    <input class="form-control mr-sm-2" type="text" placeholder="ID or Link" name="search">&nbsp;
    </form>
<?php include 'connection/search.php'; ?>
</div>
</body>
</html>

Server Side search.php(connection/search.php)

<?php 
$sql = "SELECT products.id, products.upc FROM inventory.products";
if( isset($_GET['search']) ){
    $name = mysqli_real_escape_string($link, htmlspecialchars($_GET['search']));
    $sql = "SELECT products.id as id, products.upc FROM inventory.products WHERE products.id = '$id';
    UNION
    SELECT products.id as id, products.upc WHERE products.upc = '$upc'";
}
if ($result = mysqli_query($link, $sql)) {
?>
    <table class="table table-striped"> 
<tr>
<th>Product ID</th>
<th>Product Link</th>
</tr>
<?php
while ($row = mysqli_fetch_assoc($result)) {
    ?>
    <tr>
    <td><?php echo $row['id']; ?></td>
    <td><?php echo $row['upc']; ?></td>
    </tr>
    <?php
    }
}
?>
</table>
<?php echo $row['products.upc']; ?>
<?php mysqli_close($link); ?>
</div>

Answer 1

Based on your errors, you haven't declared $id or $upc anywhere.

• You declare $name, but you don't use is, so maybe that was supposed to be $id?
• You use products.upc later on, so is that supposed to be $upc?

A while loop is supposed to have a comparison in the parenthesis, not an assignment. Are you wanting a foreach instead? If you do, you should assign your mysqli_fetch_assoc to an array variable first.

while ($row = mysqli_fetch_assoc($result)) {

Becomes:

$resultsArray = mysqli_fetch_assoc($result);
foreach ($resultsArray as $row) {

https://www.php.net/manual/en/control-structures.foreach.php

Also, just because admins are the only uses of these pages, it doesn't mean they won't accidentally do something stupid, or someone who shouldn't have access will. It's always a good bit of practice to do basic security, such as SQL injection prevention, at all times.