0

I am trying to set an 'No Results Found' message when no search results are found after executing a MySQL 'LIKE' Query

I have the following code below:
I have an if statement just to test to see if an error message will work but I seem to get the output of the else statement 'found' 

    <table class="center">          <!-- Creating a table with the class of 'center' -->
<!-- SEARCH FORM -->    
<?php 

    $KEYWORD = $_POST['keyword'];
    $stmt = $conn->prepare("SELECT DISTINCT dog_park_name FROM dog_park.items WHERE dog_park_name LIKE '%{$KEYWORD}%'");
    $stmt->execute();
    for($i=0; $row = $stmt->fetch(); ){ 
        $_SESSION["KEYWORD".$i] = $row[0];  


if(empty($stmt))
{
    echo 'Nothing found';
}
else
{
echo 'found';
}



?>
<!-- DISPLAY RESULTS -->
    <tr>            <!-- Adding the first table row -->
        <th>Dog Park</th>   <!-- Adding the second table header -->
    </tr>
    <tr>            <!-- Adding the second table row -->
        <td><a href="individual_item_page.php?keyword='<?php echo $row[$i] ?>' " ><?php echo $row[$i] ?></a></td>        <!-- Add the second cell on the second row -->
    </tr>
        <?php } ?>

</table>

Example:
If a user searches a keyword, and no results are found from that keyword, I am trying to get a message saying 'No Results found'

Improve this question
3
  • $stmt->rowcount() is your friend. php.net/manual/en/pdostatement.rowcount.php Commented May 18, 2016 at 14:49
  • 2
    You really need to look at how prepared statements are suppose to be used. php.net/manual/en/pdo.prepared-statements.php Commented May 18, 2016 at 14:52
  • 2
    If you are going through the effort of using prepared statements, you should not be concatenating input variables into the query string, ESPECIALLY user-provided variables like from $_POST. Commented May 18, 2016 at 14:54

3 Answers 3

Reset to default
1

To make a Mike Brant's answer a proper one:

$stmt = $conn->prepare("SELECT DISTINCT dog_park_name FROM items WHERE dog_park_name LIKE ?");
$stmt->execute(array("%".$_POST['keyword']."%"));
$_SESSION['KEYWORD'] = $stmt->fetchAll(PDO::FETCH_COLUMN);

if($_SESSION['KEYWORD']) {
?>
<table>
  <tr><th>Dog Park</th></tr>
 <?php foreach($_SESSION['KEYWORD'] as $word):?>
    <tr><td><?php echo $word?></td></tr>
 <?php endforeach?>
</table><?php
} else {
    echo 'Nothing found';
}

So in other words, you always have the query results to tell whether you have any results.

Improve this answer
Sign up to request clarification or add additional context in comments.

16 Comments

it will be bit better if you replace % in $_POST['keyword'] by [%]
I don't really get it. You want to escape %?
Sure, if user send 50% width to your script it match 50 shades of width text too ;)
Got follwoing error message PHP Parse error: syntax error, unexpected '[', expecting ')' in D:\users\n9692703\KEYWORD_SEARCH_RESULTS.php at code $stmt->execute(["%".$_POST['keyword']."%"]);
Oh, no) just str_replace('%', '[%]', $_POST['keyword'])
|
1

Your if structure should show 'found' because your query executed successfully, in this cases you can count rows for decide about this issue:

if($stmt->rowCount() == 0)
{
     echo 'Nothing found';
}
else
{
     echo 'found';
}
Improve this answer

Comments

0

I am not going to get into the SQL injection problem you have with your current code. You need to fix it, likely using parameters with your prepared statement, but that is another topic.

I would also say your KEYWORD.$i approach is an antipattern. Why not just have numerically-indexed array under $_SESSION['KEYWORD']?

$_SESSION['KEYWORD'] = array();
$stmt = $conn->prepare("SELECT DISTINCT dog_park_name FROM dog_park.items WHERE dog_park_name LIKE '%{$KEYWORD}%'");
if($stmt) {
    $result = $stmt->execute();
    if($result) {
        while($row= $stmy->fetch() {
            $_SESSION['KEYWORD'][] = $row[0];
        }
    }
}  
if(count($_SESSION['KEYWORD']) === 0) {
    echo 'Nothing found';
} else {
    echo 'found';
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.