I have a search box that displays the search results in a table. The search box uses a simple search query to get the data from a database.
below is the code for the search box
<form id="search-form" mmethod="post" action="search.php">
<input name="searcher" id="search-bar" type="search" placeholder="Type to Search">
<input id="search-button" type="submit" value="Find">
</form
The PHP:
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="datacentre"; // Database name
$tbl_name="data_centre_users"; // Table name
$server_name="localhost";
if(isset($_POST['submit'])) {
$searchword = $_POST['seacher'];
// Create connection
$con = new mysqli($server_name, $username, $password, $db_name , 3306);
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
// Retrieve data from database
$sql="SELECT * FROM $tbl_name WHERE first_name='$searchword' OR last_name='$searchword' ";
$result = $con->query($sql);
$rows = $result->fetch_assoc();
?>
<section id="sidebar">
</section>
<section id="content">
<div id="scroll-table">
<table >
<caption>
Search Results
</caption>
<tr>
<th class="center"><strong>ID</strong></th>
<th class="center"><strong>FirstName</strong></th>
<th class="center"><strong>Lastname</strong></th>
<th class="center"><strong>Request</strong></th>
<th class="center"><strong>Purpose</strong></th>
<th class="center"><strong>Description</strong></th>
<th class="center"><strong>Booking Time</strong></th>
<th class="center"><strong>Access Time</strong></th>
<th class="center"><strong>Exit Time</strong></th>
<th class="center"><strong>Approved</strong></th>
<th class="center"><strong>Approved By</strong></th>
<th class="center"><strong>Update</strong></th>
</tr>
<?php
if($result->num_rows > 0){
// output data of each row
while($rows = $result->fetch_assoc()){ ?>
<tr>
<td class="center"><?php echo $rows['id']; ?></td>
<td class="center"><?php echo $rows['fisrt_name']; ?></td>
<td class="center"><?php echo $rows['last_name']; ?></td>
<td class="center"><?php echo $rows['request']; ?></td>
<td class="center"><?php echo $rows['purpose']; ?></td>
<td class="center"><?php echo $rows['description']; ?></td>
<td class="center"><?php echo $rows['booking_time']; ?></td>
<td class="center"><?php echo $rows['access_time']; ?></td>
<td class="center"><?php echo $rows['exit_time']; ?></td>
<td class="center"><?php echo $rows['approved']; ?></td>
<td class="center"><?php echo $rows['approved_by']; ?></td>
<td class="center" ><a href="update.php?id=<?php echo $rows['id']; ?>">update</a></td>
</tr>
<?php
}
}
?>
</table>
</div>
</section>
<
<aside></aside>
<?php
$con->close();
}
include('footer.php');
?>
When I run the code the page displayed is empty.
Check out the following:
<form id="search-form" mmethod="post" action="search.php">
Should be:
<form id="search-form" method="post" action="search.php">
You need to escape it. The way it is now you are wide open to SQL-injection
$searchword = $_POST['seacher'];
So something like below. Also note the error : seacher / searcher in the $_POST
$searchword = $con->real_escape_string( $_POST['searcher'] );
Put (``) backticks around table and column names to prevent "mysql reserved word error"
// Retrieve data from database
$sql="SELECT * FROM `$tbl_name` WHERE `first_name` = '$searchword' OR `last_name` = '$searchword' ";
Remove the first fetch because it will interfere with the other
$rows = $result->fetch_assoc();
Just keep the one just before your table
while($rows = $result->fetch_assoc()){
Note the error in your table
<td class="center"><?php echo $rows['first_name']; ?></td> <!-- ['fisrt_name'] -->
For your
if($result->num_rows > 0){
You could add the following:
} else {
echo 'Nothing found';
}
In you HTML, Input must has a name that you are trying to post.
<form id="search-form" method="post" action="search.php"> //spelling correction as you have type mistake mmethod
<input name="searcher" id="search-bar" type="text" placeholder="Type to Search">
<input id="search-button" type="submit" name="submit" value="Find">
</form>
and in your PHP make sure you are posting;
if(isset($_POST['submit']) && $_POST['submit']=="Find"){
AND try like this;
$sql="SELECT * FROM '$tbl_name' WHERE first_name='$searchword' OR last_name='$searchword' ";
OR
$sql="SELECT * FROM $tbl_name WHERE first_name='$searchword' OR last_name='$searchword' ";
AND
// Retrieve data from database
$sql="SELECT * FROM $tbl_name WHERE first_name='$searchword' OR last_name='$searchword' ";
$result = $con->query($sql);
$rows = $result->fetch_assoc(); //Remove this you don't need it
?>
Because later you are running a loop here
<?php
if($result->num_rows > 0){
// output data of each row
while($rows = $result->fetch_assoc()){ ?>
sorry dude, but there are a couple of issues here
firstly fix your form: method="post" - not mmethod; type="text" - not type="search"; </form> - not </form
<form id="search-form" method="post" action="search.php">
<input name="searcher" id="search-bar" type="text" placeholder="Type to Search">
<input id="search-button" type="submit" value="Find">
</form>
secondly change:
if (isset($_POST['searcher'])) { // changed from submit
thirdly handle any errors in your query:
if (($result = $con->query($sql)) === false) {
die("error: ".$con->error); // todo: improve error handling
}
fourthly remove this line:
$rows = $result->fetch_assoc();
finally, for my sanity only, please remove this line (you really don't need it):
if($result->num_rows > 0){
and it's matching:
}
and don't even get me started on escaping user input in case of SQL injection!
good luck, I hope you get this running
您在代码中两次使用$result->fetch_assoc()
这行,因此您的查询只有1个结果,然后第一个陈述出现1个结果,然后当您尝试第二次在表的html之前使用时,您什么也没得到。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.