0

I'm trying to create a search function. I've been researching and editing after getting a few errors and now I get no errors but nothing is echoed. I'm completely stumped I was wondering if anyone knew what was wrong with it. Thanks ahead of time! :D 

<html>
<head>
<title>Search Query</title>
</head>

<body>
<?php
$con = mysql_connect ("localhost", "root", "");
mysql_select_db ("music", $con);

if (!$con)
{ 
die ("Could not connect: " . mysql_error());
} 
$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%term%'") or die (mysql_error());

while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)){
echo 'Title: ' .$row['Title'];
echo '<br /> Artist: ' .$row['Artist'];
echo '<br /> Album: '.$row['Album'];
echo '<br /> Location: '.$row['Location'];
echo '<br /> Media: '.$row['Media']; 
}

mysql_close($con);
?>
</body>
</html>

This is the form i use:

<form action="search.php" method="post">
Search: <input type="text" name="term" /><br />
<input type="submit" name="submit" value="Submit" />
</form>
Improve this question
8
  • 3
    Do you have records in the databse with word "term" in title? Commented Nov 20, 2013 at 13:38
  • replace 'term' with the content of your search input field Commented Nov 20, 2013 at 13:38
  • "term" is the name of the input on the html form Commented Nov 20, 2013 at 13:39
  • how is the form posted. Do a $_GET['term'] or $_POST['term']. And use it in your query Commented Nov 20, 2013 at 13:40
  • and usual caveats about deprecated methods Commented Nov 20, 2013 at 13:41

4 Answers 4

Reset to default
2

You have to pass variable to this query:

$term = mysql_real_escape_string($_GET['term']);
mysql_query("SELECT * FROM entries WHERE Title LIKE '%" . $term . "%'");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

One thing I don't like with your code, is because you are doing it inline (like I did it as well below), % is treated as a search character, rather than searching for it. The best option here would be to use binded SQL
@nrathaus True, it's just simple example. Not production code.
@Albert Kozłowski It is important to tell people who tend to COPY PASTE that its simple example and a vulnerable one as well, so that they understand
0

Your PHP code is incorrect, you are using 'term' as a string, rather than as a PHP value, you need to make it into $_GET["name"] so it looks like this

$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%". $_GET["term"] ."%'") or die (mysql_error());

!!!HOWEVER!!! this is very insecure, as it would allow someone to SQL inject your application. So don't use it like this. Filter the provided value of 'term' and leave only A-Za-z0-9 (or similar) behind, remove the rest using a regex.

Improve this answer

Comments

0

index.php

<!DOCTYPE html>
<head>
<title>Untitled Document</title>
</head>
<body>
<form action="search.php" method="post">
Search: <input type="text" name="term" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

search.php

<html>
<head>
<title>Search Query</title>
</head>

<body>
<?php

if($_POST['term']){

    $term = mysql_real_escape_string($_POST['term']);

$con = mysql_connect ("localhost", "root", "");
mysql_select_db ("music", $con);

if (!$con)
{ 
die ("Could not connect: " . mysql_error());
} 
$sql = mysql_query("SELECT * FROM entries WHERE Title LIKE '%" . $term . "%'") or die (mysql_error());

while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)){
echo 'Title: ' .$row['Title'];
echo '<br /> Artist: ' .$row['Artist'];
echo '<br /> Album: '.$row['Album'];
echo '<br /> Location: '.$row['Location'];
echo '<br /> Media: '.$row['Media']; 
}

mysql_close($con);
}else{
    echo 'No search term found';
}
?>
</body>
</html>

Place both pages in same folder.

Improve this answer

Comments

0 
$term = mysql_real_escape_string($_POST['term']);

if ($stmt = $mysqli->prepare("select *
                               . "  from entries"
                               . " where Title like ?")) 
    {
       $stmt->bind_param("i", "%$term%");
       $stmt->execute();
       //then fetch value
    } else {
      /* handle SQL error */
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.