0

Here is the php (database is set up correctly):

include_once 'dbh.inc.php';

$data = "";

if(isset($_GET['q'])){
    $data = $_GET['q'];
}

$sqlSearch = "SELECT * FROM `brsinks` WHERE `name` LIKE '%$data%'";
$resultSearch = mysqli_query($conn, $sqlSearch);

if($resultSearch){
    if(empty($resultSearch)){
        echo "empty results";
    }
    else{
        foreach($resultSearch as $result){
            echo <<<HTML
                <div class="productContainer">
                    <img src="none" alt="productIMG" class="prodIMG">
                    <a class="prodNAME" href="none">$result['name']</a>
                    <div class="prodPRICEsku">
                        <p class="prodPRICE">
                            result
                        </p>
                        <p class="prodSKU">
                            result
                        </p>
                    </div>
                    <button class="prodADD" id="prodADD">+</button>
                </div> 
            HTML;
        }
    }
}
else {
    echo "error";
}

here is my javascript(for XML req and res):

function updateResults(x){
const resultsNumDisplay = document.getElementById('searchResultsDisplay');
const resultsDisplay = document.getElementById('productsActualScreenDisplay')


if(x == ''){
    resultsDisplay.innerText = 'empty...'
} else {
    var XML = new XMLHttpRequest();
    XML.onreadystatechange = function(){
        if(XML.readyState == 4 && XML.status == 200){
            resultsDisplay.innerHTML = XML.responseText;
            console.log(XML.responseText);
        }
    };

    XML.open('GET', 'includes/searchFunctions.inc.php?q=' + x, true);
    XML.send();
    XML.DONE;
}
}

the parameter on updateResponse(x <-) is passed inline from html onkeyup="updateResponse(this.value)".

My issue is that when I try to get the value of $result['name'] the XML response code is 500 (internal server error). But when i just put dummy values like result it returns the correct amount of items as I type (example I type 'blue' -> 5 divs appear) but I just cant seem to get the individual name value in the for each loop which I usually can In normal php/html code.

What Im looking to know:

is there an alternative to getting the value of a returned row within a foreach loop?

StarScream
  • 49
  • 7
  • What version of PHP? Before 7.3, the `HTML` token has to be at the beginning of the line, not indented. – Barmar Jul 06 '22 at 22:06
  • When you get a 500 error, check your server error log for the reason. – Barmar Jul 06 '22 at 22:09
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jul 06 '22 at 22:53
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Jul 06 '22 at 22:53

0 Answers0