Script Retrieves Search Results from the MySQL Database

1.    
2.  
3.     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4.     <html xmlns="http://www.w3.org/1999/xhtml">
5.     <head>
6.     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7.     <title>Book-O-Rama Search Results</title>
8.     </head>
9.      
10.     <body>
11.     <h1>Book-O-Rama Search Results</h1>
12.     <?php
13.     // create short variable names
14.     $searchtype=$_POST['searchtype'];
15.     $searchterm=trim($_POST['searchterm']);
16.     if (!$searchtype || !$searchterm) {
17.     echo 'You have not entered search details. Please go back and try again.';
18.     exit;
19.     }
20.     if (!get_magic_quotes_gpc()){
21.     $searchtype = addslashes($searchtype);
22.     $searchterm = addslashes($searchterm);
23.     }
24.     @ $db = new mysqli('213.171.200.57', 'bookorama', 'password', 'books');
25.     if (mysqli_connect_errno()) {
26.     echo 'Error: Could not connect to database. Please try again later.';
27.     exit;
28.     }
29.     $query = "SELECT * FROM books WHERE ".$searchtype." like '%".$searchterm."%'";
30.     $result = $db->query($query);
31.     $num_results = $result->num_rows;
32.     echo "<p>Number of books found: ".$num_results."</p>";
33.     for ($i=0; $i <$num_results; $i++) {
34.     $row = $result->fetch_assoc();
35.     echo "<p><strong>".($i+1).". Title: ";
36.     echo htmlspecialchars(stripslashes($row['title']));
37.     echo "</strong><br />Author: ";
38.     echo stripslashes($row['author']);
39.     echo "<br />ISBN: ";
40.     echo stripslashes($row['isbn']);
41.     echo "<br />Price: ";
42.     echo stripslashes($row['price']);
43.     echo "</p>";
44.     }
45.     $result->free();
46.     $db->close();
47.     ?>
48.     </body>
49.     </html>