html - php pdo query dosn't work -
hi everyone, been trying implement pdo prepare(), bindparam() , execute() functions allow query constructed info entered user.
i wanted display list of books , allow user filter list , see new list , total list.
when come in criteria form search nil happens. overlooking?
here code
<?php $pagetitle = "book list"; $pageheading = "book list"; include_once ('header.php'); include_once('databaseconnection.php'); if(isset($_post['txtsearchbooktitle'])) { $db = new databaseconnection(); $db = $db->db_connection; $searchtitle = ($_post['txtsearchbooktitle']); $sql = $db->prepare("select title tblbook title ('%:searchtitle%') order title"); $sql->bindparam(':searchtitle', $searchtitle); $sql->execute(); $result = $sql->fetchall(); print_r($result); foreach ($result $row) { echo "<li>" . " " . $row["title"]. " " . "</li>"; } } ?> <form name="searchbooktitle" method="post" action="<?php echo htmlentities($_server['php_self']);?>" > <fieldset> <legend>search books</legend> <label for="txtsearchbooktitle">search book title</label> <input type="text" name="txtsearchbooktitle" id="txtsearchbooktitle"> <input type="submit" value="submit"> </fieldset> </form> <?php include_once('getbooks.php'); getbooks(); include 'footer.php'; ?>
you need prepare inputs way:
$searchtitle = $_post['txtsearchbooktitle']; $sql = $db->prepare("select title tblbook title :searchtitle order title"); $sql->execute(array(':searchtitle' => '%' . $searchtitle . '%')); or this:
$searchtitle = $_post['txtsearchbooktitle']; $sql->bindparam(':searchtitle', "%{$searchtitle}%"); php html mysql pdo
No comments:
Post a Comment