I am creating a search bar on my website so users can search for other users and it works but if I enter one username , all of the usernames show up. How can I only show the user I am looking for and if the user isn't registered give an else statement ?
search.php :
<?php
include("connect.php");
GLOBAL $usernam;
$output = '';
if(isset($_POST['Search'])) {
if (empty($_POST["searchbar"])) {
echo"You didn't enter anything . ";
} else {
$searchq = $_POST['Search'];
$searchq = preg_replace("#[^0-9a-z]#i", "",$searchq);
$query = mysqli_query($conn ,"SELECT * FROM users WHERE usernam LIKE '%$searchq%'") or die("Could not search");
$count = mysqli_num_rows($query);
if($count == 0){
echo "There was no search results . ";
} else {
while($row = mysqli_fetch_array($query)) {
$usernam = $row['usernam'];
$id = $row['id'];
$output .= '<div>' .$usernam. '</div>';
}
}
}
}
?>
<html>
<head>
<title>Interpage</title>
</head>
<body>
<?php print("$output"); ?>
</body>
</html>
Your issue is that you are currently searching the value of your button, not your search bar -
$searchq = $_POST['Search'];
You want
$searchq = $_POST['searchbar'];
In regards to your question - is it secure ??. No, it is not. This is the perfect time to read up on How can I prevent SQL injection in PHP?
At the bare minimum, you could use mysqli_real_escape_string()
$searchq = mysqli_real_escape_string($conn, $_POST['searchbar']);
but I would recommend to go a step further and learn how to use prepared statements/placeholders, ie.
$stmt = $conn->prepare("SELECT * FROM users WHERE usernam LIKE ?");
$stmt->bind_param('s', "%".$_POST['searchbar']."%");
$stmt->execute();