MySQLi Query Builder returning all and/or random records regardless of search criteria.
Here's our search form:
<form class="navbar-form navbar-right" action="admin.php" method="post" name="pocsearchFORM" id="pocsearchFORM">
<div class="form-group">
<input type="text" name="adminsearch" id="adminsearch" placeholder="Search headstones..." class="form-control">
</div>
<button type="submit" class="btn btn-info" name="pocsearchBTN" id="pocsearchBTN">Search <span class="glyphicon glyphicon-search"></span></button>
</form>
Here's what MySQLi Query Builder generated:
<?php
$rsSEARCH = new WA_MySQLi_RS("rsSEARCH",$csdbmysqli,0);
$rsSEARCH->setQuery("SELECT POCheadstones.HeadstoneID, POCheadstones.MapRefID, POCheadstones.DGFHSID, POCheadstones.Inscription, POCheadstones.StoneDescription FROM POCheadstones WHERE POCheadstones.MapRefID = ? OR POCheadstones.Inscription LIKE ? OR POCheadstones.DGFHSID = ? OR POCheadstones.StoneDescription LIKE ? ORDER BY POCheadstones.MapRefID ASC");
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"") ."", "-1"); //WAQB_Param1
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"") ."", "-1"); //WAQB_Param2
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"") ."", "-1"); //WAQB_Param3
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"") ."", "-1"); //WAQB_Param4
$rsSEARCH->execute();
?>
If I type in a single keyword, for example "1865", it returns all manner of records - some contain "1865", some do not. Also, before we've even searched it returns records!
Page attached and, once I've posted this, I'll add a link and admin details for where you can test this online. Thank you.