pheidole Posted November 3, 2018 Share Posted November 3, 2018 Getting 0 results $server = "localhost"; $user = "root"; $pass = ""; $dbname = "st"; $link = mysqli_connect($server, $user, $pass, $dbname); if (!$link) { die();} //////////////////////////////////////////////////////////////////////////////////////// if(isset($_REQUEST["term"])){ $sql = "SELECT * FROM loc WHERE state LIKE '%$name%' "; if($stmt = mysqli_prepare($link, $sql)){ mysqli_stmt_bind_param($stmt, "s", $param_term); $param_term = $_REQUEST["term"] . '%'; if(mysqli_stmt_execute($stmt)){ $result = mysqli_stmt_get_result($stmt); if(mysqli_num_rows($result) > 0){ while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){ echo "<p>" . $row["name"] . "</p>"; } } else{ echo "<p>0</p>"; } } else{ echo "ERROR: $sql. " . mysqli_error($link); } } mysqli_stmt_close($stmt); } mysqli_close($link); Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 sorry wrong db Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 I suggest you re-read the manual on prepared statements - in particular the use of placeholders for the parameters Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 ill try to find POP examples on prepared statements... nevermind ....... i just looked at first bit of code sorry Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 there are examples on the page I linked you to Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 i edited the post. I found them , thanks Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 A couple of other points Do not use select *. Specify the columns you need. You are trying to echo $row['name']. The column names in the results of that query are "id" and "state" (a mistake that might have been avoided had you not used "*" in the select) Don't use $_REQUEST. Use $_POST or $_GET - whichever is applicable. Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 I changed all to $_GET since its not requesting anything that needs hidden Also may i ask whats wrong with $_REQUEST bottom variable look usable ? $sql = "SELECT state FROM loc WHERE state LIKE '%$name%'"; Link to comment Share on other sites More sharing options...
Barand Posted November 3, 2018 Share Posted November 3, 2018 You still are not using a placeholder (?) Link to comment Share on other sites More sharing options...
pheidole Posted November 3, 2018 Author Share Posted November 3, 2018 ha, $.get("search1.php", {term: inputVal}).done(function(data){ was $.get("search.php", {term: inputVal}).done(function(data){ so it kept going to new search bar on that page that looked the same thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.