Navomi Shetty Navomi Shetty - 4 months ago 9
HTML Question

I'm trying to create a search option in my website but nothing displayed . I'm a beginner

This is the html code in my header for the search option

<div class="nav search-row" id="top_menu">
<!-- search form start -->
<ul class="nav top-menu">
<li>
<form class="navbar-form">
<a href="search.php">
<input class="form-control" placeholder="Search" type="text">
</a>
</form>
</li>
</ul>
<!-- search form end -->
</div>


And this is my search.php page . Where the function/code is . I'm not sure where I am going wrong or this is how search code works. I'm retrieving data from the database as per what has been entered in the search input

<?php
include("head.php");
global $conn;
$search = $_POST['search'];
if ($stmt = $conn->prepare("SELECT gig_id, user_id, category_id, description, price, img, deliverytime, created_at, updated_at, language from advertisement WHERE description = 'search' "))
{
$result = $stmt->execute();
$stmt->bind_result($gig_id, $user_id, $category_id, $description, $price, $img, $deliverytime, $created_at, $updated_at, $language);
while ($stmt->fetch())
{
$rows[] = array('gig_id' => $gig_id, 'user_id' => $user_id, 'category_id' => $category_id, 'description' => $description, 'price' => $price, 'img' => $img, 'deliverytime' => $deliverytime, 'created_at' => $created_at, 'updated_at' => $updated_at, 'language' => $language);
}
$stmt->close();
}
else
echo "error";
?>


here I'm fetching what I've entered and displaying the information in a container

<?php
if(isset($_POST['search']))
{
$search = $_POST['search'];
<?php foreach ($rows as $row): ?>
<div class="col-sm-4 col-md-4 col-lg-4 col-xs-6">
<div class="thumbnail"> <img src="<?php echo 'GigUploads/'.$row['img']; ?>" alt="<?php echo $row['description']; ?>" height="200" width="400">
<div class="caption">
<h3><?php echo $row['description']; ?></h3>
<!-- Passing the gig_id through the URL. Get the gig_id from the URL in the detail page using $_GET['gig_id'] -->
<p><a href="detail.php?gig_id=<?php echo $row['gig_id']; ?>" class="btn btn-primary" role="button"><span class="glyphicon glyphicon-shopping-cart" aria-hidden="true"></span> Request</a></p>
</div>
</div>
</div>
?>
<?php endforeach; ?>
}

Answer

Give this a try, you previously were looking for an exact match and weren't sending the value the user entered. If you were to have include the users search you would have been open to SQL injections. You need to separate out user input from the SQL that's the point of prepared queries. The ? in your query here is a placeholder. The PDO driver adds that value in later so the input can't manipulate the query.

<?php
include("head.php");
global $conn;
$search = $_POST['search'];
if ($stmt = $conn->prepare("SELECT gig_id, user_id, category_id, description, price, img, deliverytime, created_at, updated_at, language from advertisement WHERE description like ? "))  {
    $result = $stmt->execute(array('%' . $search . '%'));
    $stmt->bind_result($gig_id, $user_id, $category_id, $description, $price, $img, $deliverytime, $created_at, $updated_at, $language);
    while ($stmt->fetch()) {
        $rows[] = array('gig_id' => $gig_id, 'user_id' => $user_id, 'category_id' => $category_id, 'description' => $description, 'price' => $price, 'img' => $img, 'deliverytime' => $deliverytime, 'created_at' => $created_at, 'updated_at' => $updated_at, 'language' => $language);
}
$stmt->close();
} else {
    echo "error";
}

If you want an exact take off the %s and change the like to =.

Update

You also need to submit the form. PHP is only on the server, once the page has loaded it is not available. The action of this form should be where the above PHP is located.

<form action="search.php" method="post" class="navbar-form">
      <input class="form-control" placeholder="Search" type="text" />
      <input type="submit" value="Search" />
</form>