I am having a problem getting my query to fetch all the results needed from my DB. I have a search on my home page, which directs the user to the page i am discussing. The user uses their postal code to search for restaurants in their area.
My query checks the db for results that match what has been inputted into the search bar, my problem is it only shows 1 result even if their are more than one. It always shows the last restaurant inputted into the DB.
I cannot seem to see what the problem is, any help or suggesting would be much appreciated.
$output='';
if(isset($_POST['search'])){
$searchq= $_POST['search'];
$sql=mysqli_query($dbc,"SELECT *
FROM Rest_Details
WHERE Delivery_Pcode.Pcode LIKE '%".$searchq."'") or die ("could not search!");
echo var_dump($sql);
$count = mysqli_num_rows($sql);
if($count ===0){
$output ='<b>Oh no! We do not currently deliver to '.$searchq.'</b></br>
Please leave your email address & we will notify you as soon as we do! </br>
<form action="Area_Rest_page.php">
<input type="text" name="FirstName" value="">
<input type="submit" value="Submit">
</form>';
}else{
$i=1;
}while($row_prods= mysqli_fetch_array($sql)){
$EXAMPLE = $row_prods['EXAMPLE'];
$output ='<h3 id="rest_name">'.$rest_name .'</h3>'.
;
$i++;
Then the following is placed further down the page.
print("$output");
The DB and successfully connected,session has been started, i also have error handlers (no errors)
mysqliyou should be using parameterized queries andbind_paramto add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put$_POSTor$_GETdata directly into a query, it can be very harmful if someone seeks to exploit your mistake.