-1

I am trying to fetch my database results but it's not displaying any content.

Please help me to find the error:

 <?
     $pdo = new PDO("mysql:host=$host;dbname=$database_name", $user, $password, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
                                                // Search from MySQL database table
$search=$_POST['search'];
$query = $pdo->prepare("select * from usermark where sid LIKE '%$search%' LIMIT 0 , 1");
$query->bindValue(1, "%$search%", PDO::PARAM_STR);
$query->execute();
                                            if (!$query->rowCount() == 0) {

    echo "<tr><td colspan='2' bgcolor='#800000'><p align='center'><font face='Verdana' color='#FFFFFF'>RESULTS</font></td></tr>";
    echo "<tr><td width='29%'></td><td width='69%'></td></tr>";
    while ($results = $query->fetch()) {
    echo "<tr><td width='29%'>NAME</td><td width='69%'></td></tr>";
    echo "<tr><td width='29%'>ID</td><td width='69%'>";
    echo $results['sid'];
    echo "</td></tr><tr><td width='29%'>ROLL NO.</td><td width='69%'></td></tr>";
    echo "<tr><td width='29%'>OMR NO.</td><td width='69%'>";
    echo $results['somr'];
    echo "</td></tr><tr><td width="29%"></td><td width="69%"></td></tr>";
    echo "<tr><td width="29%">TOTAL MARKS</td><td width="69%">";
    echo $results['smark'];
    echo "</td></tr><tr><td width='29%'>MARKS OBTAINED</td><td width='69%'></td></tr>";
    echo "<tr><td width='29%'>PERCENTAGE</td><td width='69%'></td></tr>";


                echo "</table>";        
        } else {
            echo 'Nothing found';
        }
    }    
?>
Grant
  • 2,413
  • 2
  • 30
  • 41
Rasheeq Usmani
  • 17
  • 7
  • 1
    If you are learning then fixing small bugs like this would help to learn quickly. and i think better to change this if (!$query->rowCount() == 0) { to if ($query->rowCount() > 0) { – Mubashar Iqbal Apr 04 '18 at 08:44
  • side note: your HTML table syntax is incorrect (some attributes are deprecated) for modern HTML standards. Use CSS to style your table instead. – Raptor Apr 04 '18 at 08:49
  • Try to imagine what happens if `$results['sid']` is ``. Always use [`htmlspecialcharacters()`](http://php.net/manual/en/function.htmlspecialchars.php) with properly encode as HTML the dynamic content you use to build HTML. – axiac Apr 04 '18 at 10:23

1 Answers1

2

You're binding to a variable incorrectly, in your sql string and in bindValue().

Change:

$query = $pdo->prepare("select * from usermark where sid LIKE '%$search%' LIMIT 0 , 1");
$query->bindValue(1, "%$search%", PDO::PARAM_STR);

With:

$query = $pdo->prepare("select * from usermark where sid LIKE '%:search%' LIMIT 0 , 1");
$query->bindValue(":search", $search, PDO::PARAM_STR);

You also have a bad conditional statement.

Also Change:

if (!$query->rowCount() == 0) {

To:

if ($query->rowCount() != 0) {
Karlo Kokkak
  • 3,674
  • 4
  • 18
  • 33