0

I have a search that gets info from database. If there is no results I want form to say no results. Here is my code.

<?php 
$raw_results = mysql_query("SELECT * FROM member
WHERE (`Name` LIKE '".$query."')") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0) while($results = mysql_fetch_array($raw_results)) echo $results['Name'] 

?>

How do I add the no results via this code? I have tried adding this code to the end but it gives me an error. 

    }
else{ 
    echo "No results";
}
X_JuDaH_X
  • 33
  • 1
  • 7
  • 1
    What is the error? How are we supposed to help you without seeing the error message? – Amal Murali Sep 18 '13 at 14:34
  • 2
    Did you forget the opening bracket (`{`)? – JJJ Sep 18 '13 at 14:34
  • 1
    _Sidenote_: Your query is vulnerable to SQL injection - read [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –  Sep 18 '13 at 14:37
  • Can I add this to stop SQL injection? $query = mysql_real_escape_string($query); – X_JuDaH_X Sep 18 '13 at 14:40
  • `WHERE ('Name' Like '%".$query."%')")` – Albzi Sep 18 '13 at 14:43
  • 2
    @X_JuDaH_X You *could*, but it'd be best to go ahead and switch to parametrized PDO or mysqli, since mysql_* functions are deprecated and will be removed from future versions of PHP. – aynber Sep 18 '13 at 14:50
  • @aynber I need to study up on mysqli Want to get this at least working than can tweak and change where needed. – X_JuDaH_X Sep 18 '13 at 15:04

1 Answers1

0

Let me provide you a general syntax:

$search_query = "select * from search_table where fname like '%$var%'";

if (! $con_query= mysql_query( $search_query, $con) )
                echo mysql_error(); 

$count_result = mysql_num_rows($con_query);

if( $count_result > 0 )
{       
     while ($search_data = mysql_fetch_array($con_query))   
     {
      echo $search_data['lname'];
     }
}
else
{
   echo "No record found.";
}
Hassan Sardar
  • 4,413
  • 17
  • 56
  • 92