Matt Murphy Matt Murphy - 4 years ago 70
SQL Question

Searching through a database via search form in PHP

I've developed a page that a user can use to search a variety of data in my database, however nothing gets displayed.

No errors or messages are displays it simply just refreshes the page.

bind_param is new to me so I have a feeling it may be an error in the line -

$stmt->bind_param('s', $name);


I have compared to the database and all the table names and variable names are correct.

search.php

<html>
<?php
include 'searchform.php';
include 'header.php';
if(isset($_POST['searchsubmit']))
{
$name=$_POST['name'];

if ($stmt = $connection->prepare ("SELECT * FROM users WHERE Username = '$name'"))
{
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->bind_result($personresult);
$stmt->fetch();
print_r($personresult);
}
else
{
echo "<p>Please enter a search query</p>";
}
}
else
{
echo "NOT SET!";
}

?>
</html>


Errors Displayed

Warning: session_start(): Cannot send session cookie - headers already sent

searchform.php:2 which is displayed underneath:

<br><br><br><br>
<?php
error_reporting(E_ALL);
ini_set('display_errors', -1);
include 'header.php';
include 'connection.php';
?>
<br /><br />
<html>
<header>
<link rel="stylesheet" type="text/css" href="web.css" />

<link rel="stylesheet" type="text/css" href="/web.css" />
</header>
<body>
<center>
<h2>Search for people</h2>
<br />
Please enter the name you wish to search for<br /><br />
<form method="post" action="search.php" id="searchform">
<input type="text" name="name">
<input type="submit" name="searchsubmit" value="Submit">
</form><br /><br/>
Or search people by category

Answer Source

I think it should be like this:

    if ($stmt = $connection->prepare ("SELECT * FROM users WHERE Username = ?")) 

With a ? as placeholder.

Got it from the examples here: http://php.net/manual/en/mysqli-stmt.bind-param.php

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download