0

I am trying to make a search bar for my application.

I am using the following Mini Framework: https://github.com/panique/mini

What I want to do is have an input field where you type an username, and then a table is displayed underneath with all the information from the Database.

Environment:

  • PHP 7.4
  • Apache
  • CentOS 8
  • SQL Server 2019

My problem is, I don't know how to pass the input value to the controller and then to the model.

Let me show you what I have tried:

Account Model:

public function getUser($name)
{
    
    $sql = "SELECT * FROM dbo.user_table WHERE Name = :name ORDER BY UserID DESC";
    $query = $this->db->prepare($sql);
    $query->execute(array(':name' => $name));

    return $query->fetchAll();
}

Account Controller:

/**
 * ACTION: getUser
 */
public function getUser()
{       
    if(isset($_POST['search_user'])) {
        $checkUser = $this->model->getUser($_POST['username']);
    }
}

My View:

<form action="<?php echo URL; ?>account/getUser" method="POST" class="mb20">
        <div class="row">                  
            <div class="input-wrap col-sm-12">
                <input type="text" placeholder="Type username" name="username" autocomplete="off" />
            </div>                                      
        </div></br> 
        <input type="submit" value="Search" name="search_user" />
    </form>

I am not sure how to echo the result in the view. Maybe someone here could guide me in the correct direction.

Thanks!

Alessandro
  • 164
  • 1
  • 2
  • 11

1 Answers1

1

Account Controller:

/**
 * ACTION: getUser
 */
public function search()
{       
    if(isset($_POST['search_user'])) {
        $checkUser = $this->model->getUser($_POST['username']);
    }
    require APP . 'view/search/index.php'; // your search view path

}

Search View:

<form action="<?php echo URL; ?>search" method="POST" class="mb20">
  <div class="row">                  
      <div class="input-wrap col-sm-12">
          <input type="text" placeholder="Type username" name="username" autocomplete="off" />
      </div>                                      
  </div></br> 
  <input type="submit" value="Search" name="search_user" />
</form> 

<?php

if (isset($checkUser)) {
  echo '<ul>';
  foreach ($checkUser as $key => $value) {
    echo '<li>';
    echo $value->name;
    echo '</li>';
  }
  echo '</ul>';
}

In this way, if there's the $_POST['search_user'], the function search will perform the search and put the result on the $checkUser variable. The variable will be still present on the View because you're requiring it after the $checkUser declaration. Then, the View checks if the variable is present and displays the results.

IMPORTANT

The line echo $value->name; is a dangerous behavior, because it can allow XSS, so, before rendering anything from the database, remember to escape it properly. Some ways to do it:

How to prevent XSS with HTML/PHP?

https://www.php.net/manual/pt_BR/function.strip-tags.php

Lucius
  • 1,246
  • 1
  • 8
  • 21