I'm coding a searchable item database for a game that I play. I'm using prepared statements to pull data from the database to protect from injection but I cannot get the results from the database. I'm trying to use LIKE so it returns items when when partially typed but have had issues with the wildcards and variables so I am just trying to get it to work in general first. I've used almost exact code on another part of my site which works fine so I know it has to be something simple but i've looked over it numerous times and cannot seem to figure it out. Any help is greatly appreciated.
require 'dbh.php';
//View entire database
if ($_GET['search'] == view_all) {
$sql = "SELECT * FROM itemdb";
if (!$result = mysqli_query($conn, $sql)) {
header("Location: viewresults.php?error=sqlerror1");
exit();
} else {
while ($row = mysqli_fetch_assoc($result)) {
include("item_template.php");
}
}
} else if (isset($_GET['search_button'])) {
$searchname = $_GET['search_name'];
$searchparam = $_GET['searchBy'];
$searchorder = $_GET['order'];
if ($searchname == NULL) {
echo 'You must enter something to search for!';
} else {
$sql = "SELECT * FROM itemdb WHERE name = ?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: viewresults.php?error=sqlerror2");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $searchparam);
mysqli_stmt_execute($stmt);
mysqli_store_result($stmt);
$resultcheck = mysqli_stmt_num_rows($stmt);
echo $resultcheck;
if ($resultcheck == 0) {
echo 'No results found! Try again! '.$resultcheck;
} else {
$result = mysqli_stmt_get_result($stmt);
echo "success";
while ($row = mysqli_fetch_assoc($result)) {
include("item_template.php");
echo "SUCCESS";
}
}
}
}
}
Comments
Post a Comment