-1

I'm trying to create a search bar in PHP where I would write name of the movie ( full name or just a few first letters of the name) and it would display information about actors in that movie such as actor's firstname, lastname and role. I'm using MySQL and there would be 3 tables name ( column names ):

actors ( a_id, firstname, lastname, role in the movie)
movies ( m_id, name )
actors_movies ( actor_id, movie_id )

i.e. I'd write Lord of the and it would display Elijah Wood, Frodo Baggins etc. I can't get this query to work at all, so any help would be greatly appreciated.

<?php
$connection = @mysql_connect('localhost', 'root', '');
$db = mysql_select_db('db-name', $connection);
$term = strip_tags(substr($_POST['searchit'], 0, 100));

//$term = mysql_escape_string($term); // Attack Prevention
if ($term == "") {
    echo "Enter Something to search";
} else {
    $query = mysql_query("SELECT a.firstname, a.lastname, a.role, m.name 
          FROM actors a 
          INNER JOIN actors_movies am ON a.a_id = am.actor_id 
          INNER JOIN movies m ON am.movie_id = m.m_id 
          ORDER BY a.firstname 
          WHERE m.name like '{$term}%'", $connection);

    $string = '';


    if (mysql_num_rows($query)) {
        while ($row = mysql_fetch_assoc($query)) {
            $string .= $row['firstname'] . "";
            $string .= $row['lastname'] . "</a> , ";
            $string .= $row['role'] . "</a>";
            $string .= "<br/>\n";
        }
    } else {
        $string = "No matches found!";
    }

    echo $string;
}
?>

Edit: So after inserting if ( $query === false ) { echo mysql_error(); exit;} and editing the myqsl_query like the first answer below, this is the message that I receive:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:/location.php on line 18
No matches found!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near actor_id INNER JOIN movies m ON am.movie_id = m.m_id WHERE LOW' at line 3

Name of my columns may include letters that aren't in the English/US vocabulary such as Š,Č etc, could they cause syntax error aswell or that is completely irrelevant?

Evolution
  • 13
  • 4
  • 3
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jun 21 '17 at 16:09
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Jun 21 '17 at 16:10
  • Do you get error messages? – RiggsFolly Jun 21 '17 at 16:14
  • In what way does the query not work? Or is it the code? – RiggsFolly Jun 21 '17 at 16:15
  • Also, your if was missing start and end braces... I have fixed that in formatting – Rushikumar Jun 21 '17 at 16:16
  • Yes, I get an error message saying this: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:/location.php on line 13. – Evolution Jun 21 '17 at 16:17
  • @Rushikumar DONT fix that sort of error, it ___could be the reason for the OP's problem___ – RiggsFolly Jun 21 '17 at 16:18
  • @Rushikumar Anyway, its not actually a syntax error! – RiggsFolly Jun 21 '17 at 16:19
  • That error message, SHOULD have been part of your question. **Not an after thought placed in a comment** – RiggsFolly Jun 21 '17 at 16:21
  • `if ( $query === false ) { echo mysql_error(); exit;}` – RiggsFolly Jun 21 '17 at 16:24
  • @ RiggsFolly My bad, I'm kinda new and I forgot about putting it there since I already wrote that the issue seems to be with my query. I'll keep it in mind for next time. – Evolution Jun 21 '17 at 16:29
  • @RiggsFolly, was not implying that as being the cause; but duly noted! – Rushikumar Jun 21 '17 at 16:43
  • So combination of the first part of the answer from Darshan Mehta and switching to `mysqli` helped solve the issue. Thanks alot guys! – Evolution Jun 21 '17 at 22:29

1 Answers1

0

You can use % on either side of the search string and use LOWER for case insensitive matching, e.g.:

SELECT a.firstname, a.lastname, a.role, m.name 
FROM actors a INNER JOIN actors_movies am ON a.a_id = am.actor_id 
INNER JOIN movies m ON am.movie_id = m.m_id 
WHERE LOWER(m.name) like '%{$term}%'
ORDER BY a.firstname;

Here's how you can do it with prepared statement:

$stmt = $conn->prepare("SELECT a.firstname, a.lastname, a.role, m.name 
    FROM actors a INNER JOIN actors_movies am ON a.a_id = am.actor_id 
    INNER JOIN movies m ON am.movie_id = m.m_id 
    WHERE LOWER(m.name) like '%:term%'
    ORDER BY a.firstname");
$stmt->bindParam(':term', $term);
$stmt->execute();
Darshan Mehta
  • 28,982
  • 9
  • 60
  • 90
  • @downvoter care to explain? – Darshan Mehta Jun 21 '17 at 16:15
  • Can you not see the syntax error? – RiggsFolly Jun 21 '17 at 16:17
  • @RiggsFolly updated the answer.. – Darshan Mehta Jun 21 '17 at 16:17
  • The answer **still has nothing to do with the question**, but at least it is syntactically correct now – RiggsFolly Jun 21 '17 at 16:20
  • 1
    Turn the tide against teaching/propagating sloppy and dangerous coding practices. If you post an answer without prepared statements [you may want to consider this before posting](http://meta.stackoverflow.com/q/344703/). Additionally [a more valuable answer comes from showing the OP the right method](https://meta.stackoverflow.com/a/290789/1011527). – Jay Blanchard Jun 21 '17 at 16:24
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 21 '17 at 16:24
  • @JayBlanchard the answer is focused on SQL only. However, I have updated it preparedstatement example – Darshan Mehta Jun 21 '17 at 16:30