2

I am brand new to PHP, or database programming in general. For a project I have to query a bookstore database for book info (a very small database) and display it on the following page. Below is the code for my bookstore search page:

<?php
 $con = mysqli_connect("localhost", "root", "root") or die("Error connecting to database: ".mysqli_error());
 mysqli_select_db($con, "bookstore") or die(mysqli_error()); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Book Store</title>
</head>
<body>
<td><h1>Book Search</h1> </td>
<table width="100%" border="0">
  <tr>
    <form method="post" action="search.php?go" id="searchform">
      <input type="text" name="name">
      <input type="submit" name="submit" value="Search By Title">
    </form>
    <form method="post" action="search.php?go" id="searchform">
      <input type="text" name="category">
      <input type="submit" name="submit" value="Search By Category">
    </form>
  </tr>
</table>
</body>
</html>

And the following is a simple search.php code that query's my database and returns results. However I am unable to see any results. The only thing that shows up is "Book Title Search Results" with nothing below. Which obviously means my problem is in my while loop.

<?php
 $con = mysqli_connect("localhost", "root", "root") or die("Error connecting to database: ".mysqli_error());
 mysqli_select_db($con, "bookstore") or die(mysqli_error()); 
?>

<!DOCTYPE html>
<html>
<head>
<title>Search Results</title>
<meta http-equic="Content-Type" content="text/html; charset=utf-8" />

</head>
<body>
<?php 
  if (isset($_POST['name'])){
    $query = $_POST['name'];
    $sql = mysqli_query($con, "SELECT * FROM books
    WHERE (`title` LIKE '%".$query."%')") or die(mysqli_error($con));

    if (mysqli_num_rows($sql) > 0) {
        echo "</br> Book Title Search Results </br>";
            while ($row = mysqli_fetch_array($sql, MYSQL_ASSOC)) {
                echo "</br>Title: " .$row['title']. ", Author: " .$row['author'].", Year: " .$row['year'] . ", Price: $" .$row['price'] ."</br>";
                echo '<img src="data:image/jpeg;base64,'.base64_encode( $row['cover'] ).'"/>';
            }
    }else{ // if there is no matching rows do following
        echo "No results";
    } 
 }
?>
</body>
</html>

I have 6 columns in my database: title, author, year, price, category, image (BLOB FILE), and I have checked naming in my query functions but cannot figure anything out. Can anyone push me in the right direction or show me what I'm doing wrong? I'm using MAMP web server.

Improve this question
2
  • 1
    side note: your code is vulnerable for sql-injections. use parameterized queries Commented Nov 10, 2016 at 15:40
  • Ahh I see, being brand new to sql in general I had no idea. Luckily this is all just local hosting so I'm not worried about someone injecting. Thanks for the heads up though! Commented Nov 10, 2016 at 15:45

3 Answers 3

Reset to default
3

There is a typo in your code. Use MYSQLI_ASSOC instead of MYSQL_ASSOC. The rest of the code is correct.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This was it, holy moley, 3 days of bashing my head against a wall, 15 minutes on stack overflow and you caught my mistake. Thank you kind fellow programmer!
1

try

$con = mysqli_connect("localhost", "root", "root", "bookstore") or die("Error connecting to database: ".mysqli_error());
Improve this answer

Comments

0

In your query, remove the braces after the where:

$sql = mysqli_query($con, "SELECT * FROM books WHERE title LIKE '%$query%'") or die(mysqli_error($con));

Then fetch the results with:

while ($row = mysqli_fetch_assoc($sql)) {
//code
}
Improve this answer

1 Comment

The query is correct even with braces. It is allowed to group WHERE conditions with braces in MySQL

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.