Search code examples
phpmysqlsearchdropdownbox

PHP search with multiple drop down boxes

I am making a search box with multiple drop down boxes. Here is the main page:

<div id="wrapper">
    <form action="search2.php" method="post">
        <select name="user">
            <option value="" selected="selected">All Users</option>
            <option value="tom">tom</option>
            <option value="bob">bob</option>
        </select>
        <select name="city">
            <option value="" selected="selected">All cities</option>
            <option value="NY">NY</option>
            <option value="NA">LA</option>
        </select>
    <input type="submit" value="search" />
    </form>
</div>

And here is the search2.php

<?php
include('includes/db_AF.php'); //includes the db credentials
$connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);


$whereClauses = array(); 
if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($_POST['user'])."'"; 
if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($_POST['city'])."'"; 
$where = ''; 
if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); }

$sql = mysqli_query("SELECT * FROM profile " .$where." ORDER BY user "); 

$result=mysqli_query($sql);
or die("Error: ".mysql_error()."<br />Query: ".$sql);

while ($row = mysqli_fetch_assoc($result)) {
echo $row['user'];
echo $row['city'];
} 
?>

I get error messages saying:

  • mysqli_real_escape_string() expects exactly 2 parameters, 1 given

  • mysqli_query() expects at least 2 parameters, 1 given

What am I doing wrong?

Solution

  • Please try this code, mysqli_query($sql) changed to mysqli_query($connection,$sql) and $connection added to some section. also removed some unwanted code. please compare it.

      include('includes/db_AF.php'); //includes the db credentials
  $connection = @new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);

  if (mysqli_connect_errno()) {
      printf("Connect failed: %s\n", mysqli_connect_error());
      exit();
  }

  $whereClauses = array(); 
  if (! empty($_POST['user'])) $whereClauses[] ="user='".mysqli_real_escape_string($connection,$_POST['user'])."'"; 
  if (! empty($_POST['city'])) $whereClauses[] ="city='".mysqli_real_escape_string($connection,$_POST['city'])."'"; 
  $where = ''; 
  if (count($whereClauses) > 0) { $where = ' WHERE '.implode(' AND ',$whereClauses); }


  $sql = "SELECT * FROM profile " .$where." ORDER BY user "; 

  $result=mysqli_query($connection,$sql) or die("Error: ".mysqli_error()."<br />Query: ".$sql);

  while ($row = mysqli_fetch_assoc($result)) {
      echo $row['user'];
      echo $row['city'];
  }

    NB: Please Refer Object oriented style and Procedural style.

    Object oriented style

    $result = $connection->query($sql);

    Procedural style

    mysqli_query($connection,$sql);

    http://www.php.net/manual/en/mysqli.query.php ,

    follow any one.