pheidole Posted November 3, 2018 Share Posted November 3, 2018 Getting 0 results $server = "localhost"; $user = "root"; $pass = ""; $dbname = "st"; $link = mysqli_connect($server, $user, $pass, $dbname); if (!$link) { die();} //////////////////////////////////////////////////////////////////////////////////////// if(isset($_REQUEST["term"])){ $sql = "SELECT * FROM loc WHERE state LIKE '%$name%' "; if($stmt = mysqli_prepare($link, $sql)){ mysqli_stmt_bind_param($stmt, "s", $param_term); $param_term = $_REQUEST["term"] . '%'; if(mysqli_stmt_execute($stmt)){ $result = mysqli_stmt_get_result($stmt); if(mysqli_num_rows($result) > 0){ while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){ echo "<p>" . $row["name"] . "</p>"; } } else{ echo "<p>0</p>"; } } else{ echo "ERROR: $sql. " . mysqli_error($link); } } mysqli_stmt_close($stmt); } mysqli_close($link); Quote Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 sorry wrong db Quote Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 I suggest you re-read the manual on prepared statements - in particular the use of placeholders for the parameters Quote Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 (edited) ill try to find POP examples on prepared statements... nevermind ....... i just looked at first bit of code sorry Edited November 3, 2018 by pheidole Quote Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 there are examples on the page I linked you to Quote Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 i edited the post. I found them , thanks Quote Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 A couple of other points Do not use select *. Specify the columns you need. You are trying to echo $row['name']. The column names in the results of that query are "id" and "state" (a mistake that might have been avoided had you not used "*" in the select) Don't use $_REQUEST. Use $_POST or $_GET - whichever is applicable. Quote Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 I changed all to $_GET since its not requesting anything that needs hidden Also may i ask whats wrong with $_REQUEST bottom variable look usable ? $sql = "SELECT state FROM loc WHERE state LIKE '%$name%'"; Quote Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 You still are not using a placeholder (?) Quote Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 ha, $.get("search1.php", {term: inputVal}).done(function(data){ was $.get("search.php", {term: inputVal}).done(function(data){ so it kept going to new search bar on that page that looked the same thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.