Why can't my PHP search engine find any records?

Question

I've written a piece of code but I can't seem to make it work. I do have a connection with my database. When I submit the form it goes to the else block (echo "Geen resultaat gevonden voor \"<b>$s</b>\"";)

What am I doing wrong with my code? I've also added a screenshot of my database.

<body>

        <h2> hier komt een kleine foto</h2>
        <form action='./search.php' method='get'>
            <input type='text' name='s'size='50' value='<?php echo $_GET['s']; ?>' />
            <input type='submit' value='Zoek'/>
        </form>
        <hr />
        <?php       
            $s = $_GET['s'];            
            $terms = explode (" ", $s);
            $query = "SELECT * FROM 'ID' WHERE ";

            foreach ($terms as $each){
                $i++;

                if ($i ==1)
                    $query .= "keywords LIKE '%$each%' ";
                else
                    $query .= "OR keywords LIKE '%$each%' ";
            }
            //connect to database
            mysql_connect("server", "username", "password");
            mysql_select_db("database");

            $query = mysql_query($query);
            $numrows = mysql_num_rows($query);
            if(numrows > 0){

                while($row = mysql_fetch_assoc($query)){
                    $id = $row['id'];
                    $photo = $row['photo'];
                    $title = $row['title'];
                    $description = $row['description'];
                    $price = $row['price'];
                    $Link = $row['Link'];
                    $keywords = $row['keywords'];

                    echo  "<h2><a href='$Link'>$title</a></h2>
                    $description<br  /><br  />";
                }

            }
            else
                echo "Geen resultaat gevonden voor \"<b>$s</b>\"";

            //disconect
            mysql_close();
        ?>
</body>
</html>

this is painful for my eyes to look at. you're vulnerable to [sql injection, xss,] — Ryan McCullagh, May 23 '16 at 20:19
Don't down vote him , rather give him a right suggestion , give him `reason why`, — Arsh Singh, May 23 '16 at 20:21
Wrong quotes, here -> `SELECT * FROM 'ID'`. Backticks are for tables/columns. Quotes are for strings. — chris85, May 23 '16 at 20:22
Next step, closing SQL injection and updating driver to `mysqli` or `PDO`. — chris85, May 23 '16 at 20:29
now i can look at the first comment regarding the vulnerablity — Robin Smiet, May 23 '16 at 20:29
I'm flagging this for "a simple typographical error" because it's been resolved with a missing `$`. [Displaying errors](http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) would have caught this. — HPierce, May 23 '16 at 20:31
Here is a question and answer that explains how to prevent sql injection: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php. For one thing, you shouldn't use mysql_xxxx functions anymore because they are deprecated (old and no longer maintained). — Cave Johnson, May 23 '16 at 21:07

Warren Sergent · Answer 1 · 2016-05-26T21:19:13.090

3

You have a couple of issues.

if(numrows > 0){ should be looking at $numrows
$query = "SELECT * FROM 'ID' WHERE " - You have wrapped your table name in single quotes. This will cause a syntax error - consider changing to backticks (`), or removing the quotes completely.
You shouldn't use mysql_* functions - they are deprecated for a reason. The PHP manual suggests you use mysqli_* functions or PDO instead.

The first one will fix your current problem, but the second one is far more important, and something you should look further in to.

It looks like you're fairly new to PHP and MySQL - so this is a good opportunity for you to learn it correctly.

edited May 26 '16 at 21:19

answered May 23 '16 at 20:30

Warren Sergent

2,257
3
34
38

thats great i'm going to look in to that I've got one small question i've added a bigblob to store an image is it going to be hard to display this with my current "code"?? – Robin Smiet May 23 '16 at 20:39
1

@RobinSmiet Don't do that. Databases are not very good at storing large binary objects, and having those objects there will make it vastly more difficult to maintain and/or back up your database. Store images as files, and store the path to the image in the database. – duskwuff -inactive- May 23 '16 at 20:49
@duskwuff do you know css?? – Robin Smiet May 23 '16 at 21:58
@RobinSmiet - If you feel that this answer satisfied the question, please feel free to mark it as the accepted answer (see: http://stackoverflow.com/help/someone-answers) – Warren Sergent May 24 '16 at 07:43

score 0 · Answer 2 · edited May 23 '16 at 20:28

0

Looks like you've missing $ before numrows on this line:

if(numrows > 0){

edited May 23 '16 at 20:28

chris85

23,255
7
28
45

answered May 23 '16 at 20:27

Daniel Lazdin

1

Why can't my PHP search engine find any records?

2 Answers2