I'm trying to make a search for my website using PHP but every time I search for something is shows me No results found!
<form action="search" method="post">
<input type="text" name="search">
<input type="submit" value="Search">
</form>
<?php
if (isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$videosHTML = "";
$searchquery = mysqli_query("SELECT id, Name, Link, Time, Type FROM Videos WHERE Name LIKE '%$searchq%'");
$count = mysqli_num_rows($searchquery);
if ($count == 0){
$videosHTML = "No results found!";
} else{
while($row = mysqli_fetch_array($searchquery)){
$id = $row['id'];
$Name = $row['Name'];
$Link = $row['Link'];
$Time = $row['Time'];
$Type = $row['Type'];
$videosHTML = '<a href="video?id='.$id.'"><div class="thumbnail" style="background-image: ' . "url('thumbnails/" . $id . ".png');" . '"><p class="title">' . $Name . '</p><p class="time">' . $Time . '</p></div></a>' . $videosHTML;
}
}
}
?>
It also shows me a parse error on the line of $searchquery and also on the next line $count.
I'm thinking that it's not finding anything in the $count and that's why it might show No results found.
As mentioned above in comments by @Fred -ii- & @RiggsFolly you need to have a valid database connection established before you can hope to query the db successfully. Assuming that there is one, and in the code here it is named $dbconn, then you also need to supply that in various mysqli commands - notably in this case the mysqli_query method.
Also, even though you are using mysqli you are still inserting, what is effectively a user supplied, variable directly into the sql so you need to take extra precautions to safeguard against sql injection - I realise you were filtering out all non-alphanumeric characters with preg_replace but those sneaky hackers ... !
Whilst not in the reserved words category name and type are keywords in mysql and should, perhaps, be treated with caution in database queries and column names - it is a personal preference I know but I always encapsulate fields within backticks when running a query against the db.
<?php
if ( isset( $_POST['search'] ) ) {
/* prepare search term, sanitize as applicable: "belt 'n' braces" */
$searchq = mysqli_real_escape_string( $dbconn, preg_replace( "#[^0-9a-z]#i", "", filter_input( INPUT_POST, 'search', FILTER_SANITIZE_STRING ) ) );
$videosHTML = 'No results found!';
/* supply db connection object in query, unless using Object Orientated approach */
$res = mysqli_query( $dbconn, "SELECT `id`, `Name`, `Link`, `Time`, `Type` FROM `Videos` WHERE `Name` LIKE '%{$searchq}%';");
if( mysqli_num_rows( $res ) > 0 ){
$videosHTML = '';
while( $row = mysqli_fetch_array( $res ) ){
$id = $row['id'];
$Name = $row['Name'];
$Link = $row['Link'];
$Time = $row['Time'];
$Type = $row['Type'];
$videosHTML .= "
<a href='video?id={$id}'>
<div class='thumbnail' style='background-image: url( thumbnails/{$id}.png );'>
<p class='title'>{$Name}</p>
<p class='time'>{$Time}</p>
</div>
</a>
";
}
}
echo $videosHTML;
}
?>