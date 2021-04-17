You need to validate all inputs before using them. This portion of the code requires a non-empty $_GET[‘genere’] value for it to work (we’ll worry about what type of value it is later.) You should trim, then test if the value is not empty. If the input is not valid, it’s a user error and you should set up and display a message telling the user what they did wrong and how to correct it, e.g. ‘Please select a Genre’. Also, as has already been stated, all the relevant code to query for and retrieve the data should be inside the validation ‘success’ logic so that you are not producing php errors and wasting resources when a required input is not present.

Using a SET data type creates a maintenance problem. To add, remove, or edit a choice, you must ALTER the table definition, and unless you are querying to get the table definition and parsing the column definition to get the list of choices for the User Interface part of this application, you must maintain a duplicate data definition in the php code. The suggestion that @droopsnoot has mentioned, stores the genre definitions in one place, a database table, where you can just insert, delete, or update a row of data, you would query this table to produce the choices for the user, and you can then also have things like a ‘description’ column to enhance the User Interface and User eXperience on your site.

While I don’t think you are getting database errors from what you are currently doing, do you have any error handling for all the database statements that can fail - connection, query, prepare, and execute? The easiest way of adding error handling for these statements is to use exceptions for errors and in most cases let php catch and handle the exception where php will use its error related settings (see my previous reply in this thread) to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) To use exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

exit('No rows')

Don’t use exit/die for this condition. If the query doesn’t match any data, you should set up and display a message for the user, and you should display a whole web page with the genre choices, so that they can pick something else to search for.