0

I have to create a offline movie website with localhost in PHP. Somehow I can't get the search right and would be nice if anyone could explain to me why. The search is supposed to search by a word in the title, year, genre of director. Don't mind the CSS just want it to work for now :)

Here's what I got so far and the error it gives.

<form action="../PHP/moviedirectory.php" method="post">
    <input type="text" name="search" placeholder="zoeken.."/>
</form>

<?php
$link = mysqli_connect("localhost", "*User*", "*Password*", "WEBSITE");
$searchq = null;
if (isset($_POST['search'])) {
    global $searchq;
    $searchq = $_POST['search'];
}

$query = mysqli_query($link, "SELECT * FROM WEBSITE.dbo.movie WHERE title 
LIKE '%$searchq%' ORDER BY publication_year AND title DESC") or die("could 
not search!");
$query = mysqli_query($link, "SELECT * FROM WEBSITE.dbo.movie WHERE 
publication_year LIKE '%$searchq%' ORDER BY publication_year AND title 
DESC") or die("could not search!");
$query = mysqli_query($link, "SELECT * FROM WEBSITE.dbo.movie WHERE genre 
LIKE '%$searchq%' ORDER BY publication_year AND title DESC") or die("could 
not search!");
$query = mysqli_query($link, "SELECT * FROM WEBSITE.dbo.movie WHERE director 
LIKE '%$searchq%' ORDER BY publication_year AND title DESC") or die("could 
not search!");
$count = mysqli_num_rows($query);
$bla = mysqli_fetch_array($query);
$result = mysqli_fetch_all($query);
$title = $bla['title'];
$director = $bla['director'];
$description = $bla['description'];
$cast = $bla['bla'];
$duration = $bla['duration'];
$year = $bla['year'];
$img = $bla['img'];
$url = $bla['url'];
$genre = $bla['genre'];

Error:

Warning: mysqli_connect(): (HY000/2002): Can not connect because the target computer has actively declined the connection. in C:\xampp\htdocs\php\test\zoeken.php on line 6

Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given in C:\xampp\htdocs\php\test\zoeken.php on line 13 could not search!

Eray Balkanli
  • 7,752
  • 11
  • 48
  • 82
Floris
  • 5
  • 4
  • 2
    You won't be able to search because it looks like you aren't even establishing a successful connection to the database... – Stephen King Feb 14 '18 at 15:27
  • 3
    YOu've tagged SQL Server here, and state "sqlserver" in your title, however, unless my rudimentary knowledge of PHP is wrong here, things such as `mysqli_query` are for MySQL, which is a completely different RDBMS. Which are you actually using? If you're trying to connect and use SQL Server using MySQL functions in PHP, I imagine this is going to be an issue unto itself. – Thom A Feb 14 '18 at 15:30
  • @Larnu is right, look into PDO or the sqlsrv driver in order to connect with SQL server – Niels Feb 14 '18 at 15:32
  • And before you write another query you need to read about, understand and start using parameterized queries before bobby tables comes to visit. http://bobby-tables.com/ The code you posted is wide open to sql injection. – Sean Lange Feb 14 '18 at 15:35
  • I tried both and neither was working. But yes I am using sqlsrv, but if I replace everything I get: Fatal error: Uncaught Error: Call to undefined function sqlsrv_connect() in C:\xampp\htdocs\php\test\zoeken.php:8 Stack trace: #0 {main} thrown in C:\xampp\htdocs\php\test\zoeken.php on line 8. Which leads me to https://stackoverflow.com/questions/14849010/fatal-error-call-to-undefined-function-pg-connect?rq=1 but I can't figure that one out anywhere on google since I am using XAMPP. Edit: typo – Floris Feb 14 '18 at 16:03
  • Do yourself a favor and don't ignore my comments about sql injection. It is a serious concern from your code. And parameterizing your queries is so simple once you do it. – Sean Lange Feb 14 '18 at 16:04
  • 1
    a lot of good info here, this is a connection issue atm, I agree with Sean Lange, toss your tsql queries into user stored procedures and then call the usp_. This decouples your database code and will help prevent little bobby from showing up. It will also help you if you have an issue with searching – Random_User Feb 14 '18 at 16:15

0 Answers0