Why isn't the MySQLi search engine working?

Question

I'm having trouble taking off the section option i don't want the 10, 20, 50 option to be there, so i took out the following codes:

 <select name="results"> 
    <option>10</option> <option>20</option> <option>50</option> </select>

and

mysqli_real_escape_string($db,$_GET['results'])

but once i did the search engine stopped working anyone know why?

here is the original code:

<form action="/search.php" method="GET"> 


<input type="text" name="term" size="50"> 
<select name="results"> 
<option>10</option> <option>20</option> <option>50</option> </select>
<input type="submit" value="Search">

</form>




<?php
    $db = mysqli_connect('localhost','root', '', 'searchengine');

    if(!$db) {
        die('sorry we are having some problbems');
    }

    $sql = mysqli_query(
        $db,
        sprintf(
            "SELECT * FROM searchengine WHERE pagecontent LIKE '%s' LIMIT 0,%d",
            '%'. mysqli_real_escape_string($db,$_GET['term']) .'%',
            mysqli_real_escape_string($db,$_GET['results'])
        )
    );

    while($ser = mysqli_fetch_array($sql)) {
        echo "<h2><a href='$ser[pageurl]'>$ser[pageurl]</a></h2>";
    }

    mysqli_close($db);

?>

Answer 1

If you removed exactly what you said you removed and only that, your removal of the mysqli_real_escape_string($db,$_GET['results']) declaration will make your query invalid.

To get it working again, you need to touch up your query:

$sql = mysqli_query(
        $db,
        sprintf(
            "SELECT * FROM searchengine WHERE pagecontent LIKE '%s' LIMIT 0,20",
            '%'. mysqli_real_escape_string($db,$_GET['term']) .'%'
        )
    );

Make sure your LIMIT is set to your liking, as you won't have the option to change it at runtime now that you've removed that option selection from your code.