I'm trying to search in a database with multiple search parameters. However, I always get the whole table as output. The user is supposed to fill out one or more fields in an HTML form. After the form is submitted, only entries matching the user's parameters should be shown. It worked fine when I only had one parameter.
This is my code:
if (isset($_POST['submit']))
{
try
{
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM medisGO_patient
WHERE lastName LIKE '%" . $lastName . "%'
AND firstName LIKE '%" . $firstName . "%'
AND birthday LIKE '%" . $birthday . "%'
AND course LIKE '%" . $course . "%'
AND id LIKE '%" . $no . "%'";
$lastName = trim($_POST['lastName']);
$firstName = trim($_POST['firstName']);
$course = trim($_POST['course']);
$birthday = trim($_POST['birthday']);
$no = trim($_POST['no']);
$statement = $connection->prepare($sql);
$statement->bindParam(':lastName', $lastName, PDO::PARAM_STR);
$statement->bindParam(':firstName', $firstName, PDO::PARAM_STR);
$statement->bindParam(':birthday', $birthday, PDO::PARAM_STR);
$statement->bindParam(':course', $course, PDO::PARAM_STR);
$statement->bindParam(':id', $no, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
}
catch(PDOException $error)
{
echo $sql . "<br>" . $error->getMessage();
}
}