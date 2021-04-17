So what URL did you put into your browser? (The code is looking for a URL parameter, ‘genere’, to stick into the query)
I have added something above (after EDIT), maybe an answer to this your question.
The php file include an inc (header) file in another folder (with generic parametres) + an inc file in the same folder (with specific parametres). And within the file I declare some php variables as well.
Right. So.
- There must exist in the database a table called
films__olon, which has (at minimum) a field named
genere, which is an integer.
- Whatever you’ve defined
$genusto be elsewhere in the code, there should be at least 1 row in the table that has that value in the
generefield.
No, it’s not. If your table includes any rows where that column matches the value you’re searching for, you should get them. I was just saying that for a proper database design, you should hold these genre names in a separate table and refer to them by their unique id.
If you do want to put them in a separate table, then all you would need is something like
table: genres
id: not null auto-increment
genre_name: varchar(whatever-length)
The
id is what you store in your other tables when you need a genre, and you’d use a JOIN to retrieve it when you need to display the name. So instead of your
films__olon table containing “fantasy” for example, it would contain “1” and your genres table would have a row with id=1 and genre_name=“fantasy”.
in the «table called
films__olon » there is «a field named
genere » (correct), however it is not «an integer», but a set (with these values: ‘biografici’,‘drammatici’,‘storici’,‘giovanile’,‘fantasy’,‘fantascienza’, ‘animazione’,‘comici’,‘grottesco’,‘western’,‘giallo’,‘intrigo’,‘avventura’,‘spionaggio’,‘religioso’,‘altro’)
I thought (sorry for my small knowledge) that the instructions:
if(isset($_GET['genere'])){
$genus =$_GET['genere'];
}
mean that $genus is the field ‘genere’ in the table films__olon: I was wrong, I suppose.
When you say a “set”, what exactly do you mean? Is it just a string, which will be one (and only one) of the values you listed?
If so, then what you are doing should retrieve all the appropriate rows, and it is strange that it does not. What you need to do next is check the value of
$genus to see that it is what you expect it to be.
Have you fixed the problem in this line that I mentioned before?
$stmt->bind_param("i", $genus);
You said that
$genus and the column you are comparing it to is not an integer, but your
bind_param suggests that it is. As I don’t use mysqli I am not sure whether this will make any difference - if it did not, I imagine the parameter would not be required.
I believe attempting to bind a non-integer parameter to an integer slot will result in a 0 being sent to the database…
Oh, well that would certainly be causing a similar problem to the one the OP is having, unless they have already changed that bit.
Excuse me, I forgot to say that I had already changed “i” with “s”, so now the code is:
<?php
if(isset($_GET['genere'])){
$genus =$_GET['genere'];
}
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere = ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
?>
$db point to an existing database, in which there is the table films__olon.
With the word “set” I mean what in mysql is a type (/kind) of column, like enum,tinitext,varchar and so on. And I have said above what values are in my “genere” set field (/column) stored.
EDIT
I tried with another, not “set”, field, but “varchar”.
But the result is the same: “no rows”.
Apologies, I hadn’t seen that data type before.
That sort-of rules out the
= being a problem. What value is in
$genus when you get to the query?
-
Like already tried: nothing changes.
-
FIND_IN_SET just tried, after you suggested, but I get this error message (and no rows):
Fatal error: Uncaught Error: Call to a member function bind_param() on bool in /mnt/dati/schede/cultura/cinema/films-prova.php:41 Stack trace: #0 {main} thrown in /mnt/dati/schede/cultura/cinema/films-prova.php on line 41
line 41 is
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere find_in_set ?");
What value is in
$genuswhen you get to the query?
Sorry, I don’t understand what you mean. $genius should recall ‘genere’ that has the values reported above (#17).
$genus is the variable that you get from
$_GET['genere'] at the start of your code. I wondered whether you had checked what is in it. Not what it should have in it, but what it actually has in it.
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere find_in_set ?");
isn’t the correct syntax, as far as I can see looking at various examples. I can’t really help with that, I didn’t know sets existed until a few minutes ago. But looking here, for example, it seems to be quite different: MySQL FIND_IN_SET Function with Practical Examples (mysqltutorial.org)
I also don’t know if there’s an issue using it in a prepared statement.
You need to validate all inputs before using them. This portion of the code requires a non-empty $_GET[‘genere’] value for it to work (we’ll worry about what type of value it is later.) You should trim, then test if the value is not empty. If the input is not valid, it’s a user error and you should set up and display a message telling the user what they did wrong and how to correct it, e.g. ‘Please select a Genre’. Also, as has already been stated, all the relevant code to query for and retrieve the data should be inside the validation ‘success’ logic so that you are not producing php errors and wasting resources when a required input is not present.
Using a SET data type creates a maintenance problem. To add, remove, or edit a choice, you must ALTER the table definition, and unless you are querying to get the table definition and parsing the column definition to get the list of choices for the User Interface part of this application, you must maintain a duplicate data definition in the php code. The suggestion that @droopsnoot has mentioned, stores the genre definitions in one place, a database table, where you can just insert, delete, or update a row of data, you would query this table to produce the choices for the user, and you can then also have things like a ‘description’ column to enhance the User Interface and User eXperience on your site.
While I don’t think you are getting database errors from what you are currently doing, do you have any error handling for all the database statements that can fail - connection, query, prepare, and execute? The easiest way of adding error handling for these statements is to use exceptions for errors and in most cases let php catch and handle the exception where php will use its error related settings (see my previous reply in this thread) to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) To use exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Don’t use exit/die for this condition. If the query doesn’t match any data, you should set up and display a message for the user, and you should display a whole web page with the genre choices, so that they can pick something else to search for.
Thank you.
I added the row you suggested, and changed the “find_in_set” with “like”, so the code is
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
mysqli_connect('localhost', 'myuser', 'mypsw', 'database-name');
if(isset($_GET['genere'])){
$genus =$_GET['genere'];
}
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
//if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
This is the error message:
Fatal error: Uncaught Error: Call to a member function prepare() on null in /mnt/dati/schede/cultura/cinema/films-prova.php:41 Stack trace: #0 {main} thrown in /mnt/dati/schede/cultura/cinema/films-prova.php on line 41
The line 41 is this:
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
I suppose that the problem is an “empty” connection with localhost: isn’t it?
If so I will try to fix it tomorrow, because today is a very busy day.
Anyway your help will be very appreciated.
Good WE to everybody.
Don’t forget to put the % at the end of your value when you query with LIKE. As already mentioned I would check for not empty and wrap that condition around the query as well as you don’t want the execute the query without a value.
if(!empty($_GET['genere'])){
$genus = $_GET['genere'].'%';
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
}
Yes, you’re right.
$db = mysqli_connect('localhost', 'myuser', 'mypsw', 'database-name');
but even so, it doesn’t work.
I tried also this:
`$genus = "fantasy,fantascienza,drammatici,comici,storici";
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
//if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
But unsuccessfully.`
Thanks. I tried it, but unsuccessfully
Well it looks like you are searching for a comma separated string so unless you are storing values in
genere as a comma separated string (not recommended) I’m not sure you will find a match. Test with one value to make sure the query works FIRST. If you are searching with a comma separated string, you might want to use FIND IN SET(field, ?) instead of LIKE.
if(!empty($_GET['genere'])){
$genus = $_GET['genere'];
$stmt = $db->prepare("SELECT * FROM films__olon WHERE find_in_set(`genere`, ?)");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
}
Thank you: I tried it, but it doesn’t work.