Search by Keyword with PHP MYSQL

Question

I am wanting to search by a keyword like a customer's issue. However, every time it searches it is pulling every single entry, not one that is from their issue.

I tried not using the for each and just doing a simple like, but that did not work either.

This is what is being passed.

<form id="" class="searchbar" action="searchAppt.php" method="get">
           <input type="text" name="terms" size="40" class = "sbar" required value="Search by keyword" oninput="validity.valid||(value='');"
                       onblur="if (this.value == '') {
                                    this.value = 'Enter keyword';
                                }"
                       onfocus="if (this.value == 'Enter keyword') {
             this.value = '';
         }"/>&nbsp;&nbsp;
                <button type="submit" class = "btn">Search</button>
            </form>

if (filter_has_var(INPUT_GET, "terms")) {
    $terms_str = filter_input(INPUT_GET, 'terms', FILTER_SANITIZE_NUMBER_INT);
} else {
    echo "There were no appointments found.";
    include ('includes/footer.php');
    exit;
//explode the search terms into an array
            $terms = explode(" ", $terms_str);


            $sql = "SELECT * FROM appointments WHERE 1";
            foreach ($terms as $term) {
             $sql .= " AND issue LIKE '%$term%' AND email = '". $_SESSION['email'] ."' 
                ";
            }

            $result = $conn->query($sql);

            if ($result->num_rows > 0) {
                echo "<br /><br /><center><h1>Your Ticket(s)</h1><br />
                <div class='table'>
                <div class='tr'>
                <div class='td'><b>Ticket #</b></div>
                <div class='td'><b>First Name</b></div>
                <div class='td'><b>Last Name</b></div>
                <div class='td'><b>Phone #</b></div>
                <div class='td'><b>Building</b></div>
                <div class='td'><b>Room #</b></div>
                <div class='td'><b>Issue</b></div>
                <div class='td'><b>Appt. Start Time</b></div>
                <div class='td'><b>Appt. End Time</b></div>
                <div class='td'><b>Ticket Details</b></div>
                </div>";
                // output data of each row
                while($row = $result->fetch_assoc()) {
                    echo "<div class='tr'>
                    <div class='td'>".$row["id"]."</div>
                    <div class='td'>".$row["fname"]."</div>
                    <div class='td'>".$row["lname"]."</div>
                    <div class='td'>".$row["phonenum"]."</div>
                    <div class='td'>".$row["building"]."</div>
                    <div class='td'>".$row["room"]."</div>
                    <div class='td'>".$row["issue"]."</div>
                    <div class='td'>".$row["start_time"]."</div>
                    <div class='td'>".$row["end_time"]."</div>
                    <div class='td'><form action='ticketdetails.php' method='post'>
                        <input type='hidden' name='id' value='".$row["id"]."'>
                        <input type='submit' value='Ticket Details'></form>
                    </div>
                    </div>";
                }
                echo "</div>";
            } else {
                echo "<br /> <br />Your search <i>'$terms_str'</i> did not match any appointments";

It brings up every single appointment rather than the ones that have an issue similar to the keyword search. I feel like I'm just overlooking something with the select statement. Any help would be greatly appreciated.

Answer 1

Your problem is in your call to filter_input . You are specifying a filter of FILTER_SANITIZE_NUMBER_INT , but passing a space separated list of words. As a result, the output of filter_input is an empty string (since with that flag it strips everything but +/- and digits from the input), and so no conditions get added to your query. You probably want to use FILTER_SANITIZE_STRING instead.