Search bar not functioning properly

Question

My problem is when I enter a specific country name, for example: France, it'll output every data from my database instead of just France. I don't know where I've gone wrong and its probably something very simple but I don't even know how to attempt to fix it so I've come here to get some help

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $country = $_POST['country'];
    $_SESSION['country'] = $country;

    $sqlQuery = "SELECT * FROM campsites WHERE country LIKE '%$country%'";
    $result = $campDataSet->fetchAllCamps($sqlQuery);
    //var_dump($result);

    if (count($result) > 0) {
        echo'<div class="table-responsive">
                <table class="table">
                    <thead id="table1Head">
                    <tr><td>Name</td>
                        <td>Address</td>
                        <td>Postcode</td>
                        <td>Country</td>
                        <td>Latitude</td>
                        <td>Longitude</td>
                        <td>email</td>
                        <td>Phone<td>
                   </thead>
                    <tbody>

            </div>';
        foreach ($result as $row) {
            echo '<tr><td>' . $row->campsite_name . '</td> <td>' . $row->address . '</td> <td>' . $row->postcode . '</td> <td>' . $row->country. '</td> <td>' . $row->lattitude . '</td> <td>' . $row->longitude . '</td> <td>' . $row->email . '</td> <td>' . $row->phone_number . '</td></td></tr>';
        }
        echo "</tbody></table>";
    } else {
        print " 0 results";
    }
}

my Database class

class campDataSet
{
    public $dbHandle, $dbInstance;

    public function __construct()
    {
        $this->db = new campData();
        $this->conn = $this->db->getCampData();
    }

    public function fetchAllCamps()
    {
        //$sqlQuery = "SELECT campsites.id_campsite, campsites.campsite_name, campsites.address, campsites.postcode, campsites.country, campsites.lattitude, campsites.longitude, campsites.email, campsites.phone_number
        //         FROM sgb220_clientserver.campsites";

        $sqlQuery = "SELECT * FROM sgb220_clientserver.campsites";

        if ($data = $this->conn->prepare($sqlQuery)) {
            $data->execute();
            $dataSet = [];
            while ($row = $data->fetch()) {
                $dataSet[] = new DBdata($row);
            }

        } else {
            echo "<script> alert(\"Could not prepare SQL statement\") </script>";
        }


        return $dataSet;
    }

Answer 1

Your fetchAllCamps() method doesn't accept any arguments.

Instead of defining the $sqlQuery inside fetchAllCamps , use a parameter:

public function fetchAllCamps($sqlQuery) // <- This
{

    if ($data = $this->conn->prepare($sqlQuery)) {
        $data->execute();
        $dataSet = [];
...

A warning about SQL Injection

Because you are inserting $_POST data directly into your query, the user is able to manipulate the sql and thus can extract/manipulate data however he wants to. Read up in SQL Injection and how to prevent it to keep your database safe from attackers.

This might be a good starting point: https://stackoverflow.com/a/601524/2232127

Answer 2

Your issue is that you are running a query that just gets all of the camps instead of only the ones in a certain country. Your fetchAllCamps() function does not accept any parameters.

It would probably be best to move your query into the fetchAllCamps() function, or make another function entirely if you need a function to give you all the camps instead o just ones in a certain country. Instead of passing in the query, just pass the $country variable. Build your query inside the function and run it.

This way you are separating all of your SQL from where you are building your HTML. This is more in line with modern programming standards.