-
Notifications
You must be signed in to change notification settings - Fork 0
/
results.php
executable file
·61 lines (53 loc) · 1.59 KB
/
results.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<!DOCTYPE html>
<html>
<head>
<title>Book-O-Rama Search Results</title>
</head>
<body>
<h1>Book-O-Rama Search Results</h1>
<?php
// create short variable names
$searchtype=$_POST['searchtype'];
$searchterm=trim("{$_POST['searchterm']}");
// if (!$searchtype || !$searchterm) {
if (!$searchtype || $searchterm === '') {
echo '<p>You have not entered search details.<br/>
Please go back and try again.</p>';
exit;
}
// whitelist the searchtype
switch ($searchtype) {
case 'Title':
case 'Author':
case 'ISBN':
break;
default:
echo '<p>That is not a valid search type. <br/>
Please go back and try again.</p>';
exit;
}
$db = new mysqli('localhost', 'bookorama', 'bookorama123', 'books');
if (mysqli_connect_errno()) {
echo '<p>Error: Could not connect to database.<br/>
Please try again later.</p>';
exit;
}
$query = "SELECT ISBN, Author, Title, Price FROM Books WHERE $searchtype = ?";
$stmt = $db->prepare($query);
$stmt->bind_param('s', $searchterm);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($isbn, $author, $title, $price);
echo "<p>Number of books found: ".$stmt->num_rows."</p>";
echo "Query: $query w/ searchterm: '$searchterm'";
while($stmt->fetch()) {
echo "<p><strong>Title: ".$title."</strong>";
echo "<br />Author: ".$author;
echo "<br />ISBN: ".$isbn;
echo "<br />Price: \$".number_format($price,2)."</p>";
}
$stmt->free_result();
$db->close();
?>
</body>
</html>