-4

I'm trying to create a search button but when I click on it,doesn't work.

Should I implement an Onclick Function? How?

( sorry for the italian )

This one is the index.php page where i create the button

`
`<html>

<!-- this is the part where the User insert the Medicinal name that i want search-->

<form action="Ricerca.php" class="form-subscribe" id="contactForm" data-sb-form-api-       token="API_TOKEN" method="$_POST">
                       
   <div class="row">
    <div class="col">
      <input class="form-control form-control-lg" id="Search" type="text" placeholder="Medicine Search"/>

</div> 

        <!-- this is the button-->

     <div class="col-auto"><button type="button" class="btn btn-primary" id="cerca">Search</button></div>
</div>
                                
</form>   

</html>`

This page called "Ricerca.php" is the page where I create the query to execute once pressed the button

<?php 

require_once("Connessione.php");
$result=''; //qui inserisco il risultato della connessione nel caso andasse a buon fine 

$cerca=$_POST["cerca"]; //passata da html

$sql = "SELECT * FROM farmaco WHERE Nome_Farmaco like '%".$cerca."%'";// like serve per dire esattamente 

$result = $conn->query($sql);

if($result->num_rows > 0 )
    {

        //Visualizza riga

        //Controllo se è necessario il riordino, quindi se la quantita è < 1, la variabile $ris(sarebbe risposta),è una sorta di variabile d'appoggio
        // 
            $ris="";
            if ($Quantita < "1") {
              $ris="si, necessario riordino";
        
            
            }
        
            else {
        
                $ris = "no, non necessario riordino";
            }
            
//visualizzo i risultati della query
        echo "<h2>Farmaci trovati con questo nome</h2>";
        while($row = $result-> fetch_assoc())  { //-> Serve per stampare i risultati della query, sarebbe da inserirli in un Graphic Table,
                                                 //-> Per visualizzarli al meglio
            $ID=$row["ID"];  
            $Nome_Farmaco=$row["Nome_Farmaco"];
            $Produttore=$row["Produttore"];
            $Fornitore=$row["Fornitore"];
            $Scadenza=$row["Scadenza"];
            $Descrizione=$row["Descrizione"];
            $Riordino=$row["$ris"];
            $Quantita=$row["Quantita"];
            


                //funzione per capire se è necessario il riordino o no
         


            echo "<h2>Codice: "."$ID"."<h2>";
            
            echo "<h2>Nome_Farmaco: "."$Nome_Farmaco"."<h2>";

            
            echo "<h2>Produttore: "."$Produttore"."<h2>";

            
            echo "<h2>Fornitore: "."$Fornitore"."<h2>";

            
            echo "<h2>Scadenza: "."$Scadenza"."<h2>";

            
            echo "<h2>Descrizione: "."$Descrizione"."<h2>";

            
            echo "<h2>Riordino: "."$ris"."<h2>";

            
            echo "<h2>Quantita: "."$Quantita"."<h2>";
        
        
        }

        //condizioni quantita e riordino
    }

If I haven’t been precise enough I’m sorry, tell me what’s not clear

The problem is: the button does not work, i've tryed in several ways, but everytime i try nothing happen

Programmer967
  • 51
  • 6
  • 5
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Oct 26 '22 at 23:29

1 Answers1

1

Change

type="button"

to

type="submit"

Haven't looked over the whole code, but that error is doing what you described.

TTorai
  • 84
  • 6