PHP&MySQL search does not work?

Question

Possible Duplicate:
PHP, MySQL validation malfunction and search doesn't work?

I have created a form, every thing is working fine, except the search. For example whenever a user input any value in the search box, it will display the result from the database, example name of the employee and etc... Please see my coding below...

<html>
<head>
<?php
//require_once('student_form.php');
if(isset($_POST['search'])){ 
$id=$_REQUEST['id']; 
$fname=$_POST['fname'];
    //connect  to the database 
include('connection.php');
//-query  the database table 
$sql=mysql_query("SELECT  * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
    //-run  the query against the mysql query function 
    $result=mysql_query($sql); 

    if($row=mysql_fetch_array($result)){ 
                $fname=$row['FirstName']; 
                $lname=$row['LastName']; 
                /*$email=$row['Email'];
                $age =$row['Age'];
                $gender=$row['Gender'];
                $course = $row['Course'];*/
    }
    //-display  the result of the array 
    else
    {
    <?php echo $rows['FirstName']; ?>
    <?php echo $rows['LastName']; ?>
    } 
} 
?>
</head>
<body>
<form action="search.php" method="post">
<table>
    <tr>
    <td><strong>search box</strong></td>
    <td><strong>:</strong></td>
    <td><input type="text" name="search" value=""size="30"/><input type="submit" name="s1" value="Search"/></td>

</table>
</form>
</body>
</html>

I recommend not to use `LIKE` statement in searching. Here's why ; http://stackoverflow.com/questions/478472/sql-full-text-search-vs-like — aacanakin, Jul 02 '12 at 13:38
_*cringe*_ Watch out for SQL injection. At very least, use [`mysql_real_escape_string()`](http://php.net/mysql_real_escape_string) around `$fname` and `$lname`. But better yet, use a prepared statement with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) instead of using the old mysql extension. — Wiseguy, Jul 02 '12 at 13:38
A dup of [your question an hour ago](http://stackoverflow.com/questions/11293712/php-mysql-validation-malfunction-and-search-doesnt-work) which in turn is very similar to [your question before that, on 27 June](http://stackoverflow.com/questions/11227038/search-function-not-working-in-php)? — halfer, Jul 02 '12 at 13:43
because I m stuck in search function, and I think it this is a helping site @halfer. — bleach64, Jul 02 '12 at 13:49
Indeed to both, but you need to be aware of widely-understood _netiquette_, which frowns upon the repeated asking of the same question. It's somewhat related to _cross-posting_; either way, you are asking several people to make the same duplicate effort for you. — halfer, Jul 02 '12 at 13:59
And to add to the comments made by @halfer - most your your issues can easily be resolved with just a little reading / research - the PHP docs are very extensive ... — Manse, Jul 02 '12 at 14:02

score 2 · Accepted Answer · edited May 23 '17 at 11:47

Please note that using the old mysql_ extensions are being deprecated ... see the notice at the top of the mysql_query doc

Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_query()

PDO::query()

But for you to see what the problem is, replace this line :

$sql=mysql_query("SELECT  * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
//-run  the query against the mysql query function 
$result=mysql_query($sql);

with this :

$result=mysql_query("SELECT  * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
if (!$result) {
    die('Could not query:' . mysql_error());
}

You only need to execute mysql_query once and this will now output the error with your query ... as mysql_query returns a boolean false if the query fails ... see the docs here

And please, please take some time to read about SQL Injection

Note this answer will fix your problem - but just fixing it wont help you in the future ....

score 1 · Answer 2 · answered Jul 02 '12 at 13:52

You have to completely rewrite your code.

Firstly, remove the bracket before FirstName from your query:

"SELECT  * FROM members WHERE FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'"

Now, pay attention to this: If $sql is the function mysql_query, then $result is running a query of query (mysql_query(mysql_query("..."))).

Instead, use $result = mysql_query("...") and delete the variable $sql.

The third problem here is that you have a <?php tag inside your PHP code. Remove the <?php and ?> tags inside else{ }.

I don't understand what is $rows, there is now declaration for this.

Thanks I was also thinking that – bleach64 Jul 02 '12 at 14:03 — bleach64, Jul 02 '12 at 14:03

score 0 · Answer 3 · answered Jul 02 '12 at 13:37

0

You have to remove the bracket near FirstName of this,

$sql=mysql_query("SELECT  * FROM members WHERE FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");

answered Jul 02 '12 at 13:37

itsme

575
1
6
15

PHP&MySQL search does not work?

3 Answers3