searching data from DB php

Question

I have search box in home.php

<form action ="search.php" method = "post">

<input name="search" type="text" size="30" placeholder="...."/>

<input type="submit" value="Search"/>

<?php print ("$output");?>

And serach.php file

<?php
require_once("class.user.php");
require_once("class.db.php");
$output = '';

if(isset($_POST['search'])) {
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search);

$connection = new DB_con();

$query = $mysqli->query("SELECT * FROM users WHERE username LIKE '%".$search."%' AND email LIKE '%".$search."%'") or die ("Could not search");
$result =$mysqli->query($connection, $query);
$count = $result->num_rows;

if($count == 0){
  $output = "There was no search results!";

}else{

  while ($row = $result->fetch_array($query)) {

    $username = $row ['username'];
    $email = $row ['email'];


    $output .=$username.''.$email;

  }

}
}
?>

I have several errors. Notice: Undefined variable: mysqli in search.php on line 12

Fatal error: Uncaught Error: Call to a member function query() on null in \search.php:12 Stack trace: #0 {main} thrown in search.php on line 12

Answer 1

$mysqli is undefined hence you getting the error, and also you are doing query twice.

<?php
require_once("class.user.php");
require_once("class.db.php");
$output = '';

if (isset($_POST['search'])) {
    $search = $_POST['search'];
    $search = preg_replace("#[^0-9a-z]i#", "", $search);

    $connection = new DB_con();

    $query = "SELECT * FROM users WHERE username LIKE '%" . $search . "%' AND email LIKE '%" . $search . "%'";
    if ($result = $connection->query($query)) {
        if ($result->num_rows > 0) {
            while ($row = $result->fetch_assoc($query)) {

                $username = $row['username'];
                $email    = $row['email'];


                $output .= $username . '' . $email;

            }
        } else {

            $output = "There was no search results!";
        }


    } else {

        printf("Errormessage: %s\n", $connection->error);
    }

}
?>

• NB : Also learn about prepared statements How can I prevent SQL injection in PHP?