Home/ Questions/Q 9196209
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T21:48:03+00:00

I am having my first attempts to a search engine: I have a database

  • 0

I am having my first attempts to a search engine:
I have a database called “global” and a table called “mpl” which contains 11 columns (Named: Customer, Part No, Descripton, Country Of Origin, and several other) with multiple rows for parts.
What i aim to do with the code below – is to get the Description and Country Of Origin displayed for the Part No the user has entered to the search field.

Form:

<form action="search.php" method="post"> 
<input type="text" name="find" /><br /> 
<input type="submit" value="Search" /> </form>

And the PHP:

$host = "localhost"; 
$dbuser = "root"; 
$dbpass = " "; 
$db = "global"; 

$con = mysql_connect($host, $dbuser, $dbpass);
    if(!$con){ die(mysql_error());
    } 
$select = mysql_select_db($db, $con);
    if(!$select){ die(mysql_error()); 
    } 
$item = $_REQUEST['find'];  
$data = mysql_query("SELECT * FROM mpl WHERE 'Part No' ='".$item."'"); 
while($row = mysql_fetch_array($data)){ 
        echo $row['Description']. "<br>";
        echo $row['Country Of Origin']. "<br><p>"; 
 } 

 ?>

Can someone tell me what am i doing wrong? Once i enter anything to my form ‘find’ – i get no results. If i run the search using LIKE instead of “=” with no value – it displays a bunch of Descriptions and Country of origin – this means i have connected to my DB correctly. This is driving me nuts..I feel i have messed up the mysql_query() part somehow – but i can’t figure out which part.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A lot of people here have already pointed out possible and actual errors in your code, but here’s the combined solution. Firstly I converted your code to mysqli which is the correct way of connecting to a mySQL database. The way you were connecting is out of date, and not recommended. Secondly I added some code to stop sql injection. Thirdly, I changed 'Part No' to `Part No“(ignore the second back tick) in your query.

    <?php

$mysqli = new mysqli('localhost', 'root', DB_PASSWORD, 'global');

/* check connection */
if ($mysqli->connect_error)
  die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);

/* escape string from sql injection */
$item = $mysqli->real_escape_string($_POST['find']);

/* query database */
$result = $mysqli->query("SELECT * FROM `mpl` WHERE `Part No` = '".$item."'");
while ($col = $result->fetch_array(MYSQLI_ASSOC))
  echo '<p>' . $col['Description'] . '<br />' . $col['Country Of Origin'] . '</p>';
$result->close();

/* don't forget to close the connection */
$mysqli->close();

?>
    • 0