PHP Store not displaying products

Question

I'm having trouble getting my website to show products saved in a database when I upload it to my IPage account . It works fine on my local machine and it says that it's connecting to the database, but it's not displaying the products . I know the database and tables exist with relevant data in them.

Here's a link to the page :

http://wisconsindairyfarmers.com/Design1/search.php?search=sweets

The code:

$db = new mysqli('****', '****', '*****', '****');
// this is in the connect file


$search = $_GET['search'];

require 'db/connect.php';


$result = $db->query("SELECT * FROM products WHERE ProductSearch = '$search'");
if($result->num_rows){
echo '<table border="0" cellspacing="0" style="width:100%;">';
echo '<tr><td></td><td><u>Product Name</u></td><td><u>Price</u></td><td><u>Wisconsin Artisans</u></td></tr>';
while($row = $result->fetch_assoc()){
    $ProductId    = $row['ProductId'];
    $ProductImage = $row['ProductImage'];
    $ProductName  = $row['ProductName'];
    $ProductPrice = $row['ProductPrice'];
echo '<tr>';
echo '<td><a href="productpage.php?productid=' . $row['ProductId'] . '"><img height="80px" width="80px" src="' . $row['ProductImage'] . '"/></a></td>';
echo '<td><a id="productlink" href="productpage.php?productid=' . $row['ProductId'] . '">' . $row['ProductName'] . '</a></td>';
echo '<td> $' . $row['ProductPrice'] . '</td>';
echo '<td> ' . $row['ProductVendor'] . '</td>';
//echo '<td><input type=button onClick="location.href=\'cart.php?ProductId=', $ProductId, '&ProductName=', urlencode($ProductName), '&ProductPrice=', $ProductPrice, '&ProductQty=1\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
echo '<td><input type=button onClick="location.href=\'productpage.php?productid=' . $ProductId . '\'" value=\'Add to Cart\' id="addtocart"></td></tr>';

}

echo '</table>';
$result->free();

}
else{

    echo '<h3 style="color:black;">No products here just yet, but there will be soon!</h3>';
}

Answer 1

I don't know if this question is already answered / solved but your code should be like this:

$db = new mysqli('****', '****', '*****', '****');
// this is in the connect file

$search = mysqli_real_escape_string($_GET['search']);

require 'db/connect.php';

$result = $db->query("SELECT * FROM products WHERE ProductSearch = '".$search."'");
if($result->num_rows > 0){
    echo '<table border="0" cellspacing="0" style="width:100%;">';
    echo '<tr><td></td><td><u>Product Name</u></td><td><u>Price</u></td><td><u>Wisconsin Artisans</u></td></tr>';
    foreach($result->rows as $product){
        $ProductId    = $product['ProductId'];
        $ProductImage = $product['ProductImage'];
        $ProductName  = $product['ProductName'];
        $ProductPrice = $product['ProductPrice'];
        echo '<tr>';
        echo '<td><a href="productpage.php?productid=' . $product['ProductId'] . '"><img height="80px" width="80px" src="' . $product['ProductImage'] . '"/></a></td>';
        echo '<td><a id="productlink" href="productpage.php?productid=' . $product['ProductId'] . '">' . $product['ProductName'] . '</a></td>';
        echo '<td> $' . $product['ProductPrice'] . '</td>';
        echo '<td> ' . $product['ProductVendor'] . '</td>';
        //echo '<td><input type=button onClick="location.href=\'cart.php?ProductId=', $ProductId, '&ProductName=', urlencode($ProductName), '&ProductPrice=', $ProductPrice, '&ProductQty=1\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
        echo '<td><input type=button onClick="location.href=\'productpage.php?productid=' . $ProductId . '\'" value=\'Add to Cart\' id="addtocart"></td></tr>';
     }
     echo '</table>';
} else {    
    echo '<h3 style="color:black;">No products here just yet, but there will be soon!</h3>';
}

mysqli_real_escape_string($_GET['search']) is used to escape characters which can be used for sql injections.