How do you search for an item with HTML and PHP and output the result on the same page as the form?

Question

Hi I have a simple database called GamEco in which there is a table called Games that contains the following values:

(`Serial`,`Title`, `Price`,`Genre`,`Developer`,`Platform`,`Available`)

I inserted a game with PHP in a separate file and I tested finding it with query in searchtest.php:

<?php
require "connect_to_mysql.php";

$sql = 'SELECT * FROM `Games` WHERE `Developer`="Valve"';
$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_assoc($result);
print_r($row); 
?>

And it outputs correctly in browser with localhost/bootstrap/searchtest.php:

Array ( [Serial] => 1234 [Title] => Counter Strike: Global Offensive [Price] => 15 [Genre] => Shooter [Developer] => Valve [Platform] => PC [Available] => 5 )

Now I have a simple HTML website that asks the User for a searchtype and searchterm and PHP will process the inputs and get the row from the MySQL table. EDIT

    <!DOCTYPE html>
<html>
   <head>
      <title>GamEco</title>

   </head>
   <body>


<form class="form-horizontal" target="blank" name="search" method="post" action="search.php">
     Choose Search Type:<br>
     <select name="searchtype">
      <option value="title">Title</option>
      <option value="genre">Genre</option>
      <option value="developer">Developer</option>
     </select> <br>
     Enter Search Term: <br>
     <p> <input name="searchterm" type="text" size=40>
     <p> <input type="submit" value="Submit"> 
</form>

</body>
</html>

And this is my search.php file: EDIT3

<?php
error_reporting(E_ALL);
ini_set("display_errors",1);
//require "connect_to_mysql.php";
$servername = "localhost";
$username = "root";
$password = "";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully";

$type=$_POST['searchtype'];
$term=$_POST['searchterm'];
/*
if($type == 'title'){
    //get results that equal the term
    $sql = 'SELECT * FROM `Games` where `Title` = ' . $term;
} else if ($type == 'genre'){
    //get results that equal the term
    $sql = 'SELECT * FROM `Games` where `Genre` = ' . $term;
} else if ($type == 'developer'){
    //get results that equal the term
    $sql = 'SELECT * FROM `Games` where `Developer` = ' . $term;
} else {
    print_r("Could not find.");
}
*/
$sql = 'SELECT * FROM `Games` where `' . $type . '` = ' . $term;
$result = mysqli_query($conn,$sql);
$row = mysql_fetch_assoc($result);
print_r($row);
?>

But nothing happens. I'm sure it is something simple but I'm really new to PHP/HTML and I have to use it for my database project.

It is now leading me to another page which is progress here is the error I get:

Connected successfully
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\bootstrap\search.php on line 36

You are vulnerable to [sql injection attacks](http://bobby-tables.com). And `fetch_assoc()` returns an ARRAY. echoing out an array will just give you the literal word `Array`. — Marc B, Nov 24 '14 at 21:52
Outside of the security issues, you should sanitize all REQUEST variables before using them in *ANY* code, you also have two opening
elements and only one closing. — Brian Bolli, Nov 24 '14 at 21:54
Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Nov 24 '14 at 21:56
I fixed the if statements and the * functions, I'll put my code. — MeesterMarcus, Nov 24 '14 at 22:04
You're mixing the `mysql_` and `mysqli_` functions. That will not work. — Jay Blanchard, Nov 24 '14 at 22:14
yeah I was getting error about mysql being deprecated and changed to mysqli. I changed mysql_query to mysqli_query and am trying to figure out what else needs to be changed — MeesterMarcus, Nov 24 '14 at 22:19
Finally got it to work. Decided to go back to mysql for the time being as all my project members code is in mysql. thnx everyone. — MeesterMarcus, Nov 24 '14 at 22:46

SierraOscar · Accepted Answer · 2014-11-24T22:08:57.313

0

If you are comparing in PHP you need to use the == operator.

= is used to assign a value, == is used to test if a value is equal to.

Your If statements need to be changed to use the == comparison instead.

You might also want to look at the PHP 'switch' statement, I think this might be better suited to what you are doing.

Also, replace this:

<form class="form-horizontal">
    <form target="blank" name="search" method="post" action="search.php">

with this:

<form class="form-horizontal" target="blank" name="search" method="post" action="search.php">

Also, also, try changing:

$sql = 'SELECT * FROM `Games` where `Title` = $term';

to

$sql = 'SELECT * FROM `Games` where `Title` = ' . $term;

your current command will literally use the word "$term", instead you need to append it to the first string by using a .or place your text in double quotes " instead.

And finally, your options are in proper case (i.e. 'Developer') but your PHP is comparing against lower case, i.e. 'developer'

You could theoretically replace your if statements with one statement:

$sql = 'SELECT * FROM `Games` where `' . $type . '` = ' . $term;

edited Nov 24 '14 at 22:08

answered Nov 24 '14 at 21:54

SierraOscar

17,307
5
38
67

your statement about `===` is not correct – Nov 24 '14 at 21:57
I'll take it out, I didn't want to go into detail as it's not really relevant here and might just cause confusion... – SierraOscar Nov 24 '14 at 21:59
Thanks for your help. I fixed the == and the form and I also got rid of the * statements in replace of `Title` although I am still not getting any output. – MeesterMarcus Nov 24 '14 at 22:04
See above edit to answer. Does this help? – SierraOscar Nov 24 '14 at 22:09
Thanks I'll give it a shot – MeesterMarcus Nov 24 '14 at 22:13
Should I be using mysqli_query? – MeesterMarcus Nov 24 '14 at 22:17
I've used mysqli_query before with great success. Theres good documentation around it too e.g. (http://php.net/manual/en/function.mysqli-connect.php) – SierraOscar Nov 24 '14 at 22:25

score 0 · Answer 2 · answered Nov 24 '14 at 22:18

0

You've left off the semi-colon after $result is declared in the second code, that's why it is not expecting $row

answered Nov 24 '14 at 22:18

Billy

2,438
1
9
13

score 0 · Answer 3 · answered Nov 24 '14 at 22:22

0

On the same page - use ajax. There are good tutorials. Using php makes the page refresh. Ajax will still run your php file but only effect the part of the page you choose.

answered Nov 24 '14 at 22:22

Creaven

219
2
15

That's interesting I think that was the problem I was having the bootstrap before when I put the search in a modal it would just close after submitting so I tried basic html to test. – MeesterMarcus Nov 24 '14 at 22:22

How do you search for an item with HTML and PHP and output the result on the same page as the form?

3 Answers3