The result of my search isn't appearing using php code

Question

<html>
<body>

<form action="checkorderstatus.php" method="post">
<input id="search" type="text" placeholder="Type here">
<input id="submit" type="submit" value="Search">
</form>
</body>
</html>

<?php

require_once 'loginorder.php';

$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) {
    die($conn->connect_error);
}

if (isset($_POST['submit']));

$query = "SELECT statusdescription FROM deliverystatus WHERE deliverystatus.statusid LIKE '%$search%'";
$result = $conn->query($query); //run the query and get the result
if (!$result) {
    die($conn->error);
}

$rows = $result->num_rows;

$query = "SELECT statusdescription FROM deliverystatus WHERE deliverystatus.statusid LIKE '%$search%'";
 
 $result = mysqli_query($conn, $query);

($row = mysqli_fetch_row($result)); {
    
    echo $row['1'];

print_r($row);
}

?>

I'm trying to display the status description when the statusid is entered into the search but it's not displaying anything other than Array ( [0] => product is in transit )

and I'm getting 3 errors

Notice: Undefined variable: search in C:\wamp64\www\groupproject\checkorderstatus.php on line 20 Notice: Undefined variable: search in C:\wamp64\www\groupproject\checkorderstatus.php on line 28 Notice: Undefined offset: 1 in C:\wamp64\www\groupproject\checkorderstatus.php on line 36

Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) — Dharman, Nov 28 '20 at 19:40
None of your input elements has a `name` attribute. Might want to read [PHP : Dealing with Forms - Manual](https://www.php.net/manual/en/tutorial.forms.php) — brombeer, Nov 28 '20 at 19:54

score 2 · Answer 1 · answered Nov 28 '20 at 20:07

Problems

There are a host of problems with your code as it stands...

Forms posted to PHP use the name attribute in the $_POST superglobal
- Therefore you are effectively not submitting anything when you submit your form
- Add the name="..." attribute to each of your form elements to fix this
Your if statements are by and large redundant
- Not least because you don't post anything as per point 1
You should be using prepared statements for user generated input to protect your database from attack and or corruption
Your code is generally confusing and not laid out very well
- I'm not sure what half of your brackets, ifs and function calls are supposed to be doing
The notice you're getting is because you never set $search in your PHP

Solution

N.B

This assumes that all of the code is in the one file [`checkorderstatus.php] and that it submits to itself.

Additional note:

I'm not sure that LIKE '%...% is the best solution here. It appears you're looking for id which, presumably (?) is a number? In which case I would simply user:

WHERE deliverystatus.statusid = SEARCH_ID

The below code follows that premise. If however you are indeed in need of LIKE then you should update the query like:

WHERE  deliverystatus.statusid LIKE ?

and update the search term in the code:

$search = "%".$_POST["search"]."%";

Updated `HTML` form

<form action="checkorderstatus.php" method="post">
    <input id="search" name="search" type="text" placeholder="Type here">
    <input id="submit" name="submit" type="submit" value="Search">
</form>

Using `mysqli`

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); 
$mysqli = new mysqli ($hn, $un, $pw, $db);

if(isset($_POST["submit"])){
    $search = $_POST["search"];               // Prepare the search term

    $sql   = "SELECT statusdescription FROM deliverystatus WHERE deliverystatus.statusid = ?";
    $query = $mysqli->prepare($sql);          // Prepare the statement
    $query->bind_param("i", $search);         // Bind search valus as an integer (use "s" if it's a string)
    $query->execute();                        // Execute the query
    $query->store_result();                   // Store the result
    $query->bind_result($status_description); // Bind "statusdescription" to a varaible

    while($query->fetch()){                   // Loop through result set
        echo $status_description}."<br>";     // Echo each match to a newline
    }
}

Using `PDO`

$pdo = new pdo(
    "mysql:host={$hn};dbname={$db}", $un, $pw,
    [
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_EMULATE_PREPARES => FALSE
    ]
);

if(isset($_POST["submit"])){
    $search = $_POST["search"];                   // Prepare the search term

    $sql   = "SELECT statusdescription FROM deliverystatus WHERE deliverystatus.statusid = ?";
    $query = $pdo->prepare($sql);                 // Prepare the statement
    $query->execute([$search]);                   // Execute the query binding search as the parameter

    while($result = $query->fetchObject()){       // Loop through result set
        echo $result->statusddescription."<br>";  // Echo each match to a newline
    }
}

The result of my search isn't appearing using php code

1 Answers1

Problems

Solution

Updated HTML form

Using mysqli

Using PDO

Updated `HTML` form

Using `mysqli`

Using `PDO`