<html>
<head>
    <title>Book-O-Rama Search Result</title>
</head>
<body>
    <h1>Book-O-Rama Search Results</h1>
</body>

<?php
    $searchtype = $_POST['searchtype'];
    $searchterm = trim($_POST['searchterm']);

    if (!$searchtype || !$searchterm) {
        echo "You have not entered search details.";
        exit;
    }

    if (!get_magic_quotes_gpc()) {
        $searchtype = addslashes($searchtype);
        $searchterm = addslashes($searchterm);
    }

    @ $db = new mysqli('localhost', 'bookorama', 'bookorama123', 'books');

    if (mysqli_connect_errno()) {
        echo 'Error: Coulo not connect to database. Please try again';
        exit;
    }

    $query = "SELECT * FROM books WHERE ".$searchtype." like '%".$searchterm."%'";
    $result = $db->query($query);

    $num_result = $result->num_rows;

    for ($i=0; $i < $num_result; $i++) { 
        $row = $result->fetch_assoc();
        echo "<p><strong>".($i+1).". Title: ";
        echo htmlspecialchars(stripslashes($row['title']));
        echo "</strong><br />Author: ";
        echo stripslashes($row['author']);
        echo "<br />ISBN: ";
        echo stripslashes($row['isbn']);
        echo "<br />Price: ";
        echo stripcslashes($row['price']);
        echo "</p>";
    }
    $result->free();
    $db->close();
?>
</body>
</html>